CISSP Official (ISC)2 Practice Tests
By 作者: Mike Chapple – David Seidl
ISBN-10 书号: 1119475929
ISBN-13 书号: 9781119475927
Edition 版本: 2
出版日期: 2018-06-13
pages 页数: 512
Full-length practice tests covering all CISSP domains for the ultimate exam prep
The (ISC)2 CISSP Official Practice Tests is a major resource for CISSP candidates, providing 1300 unique practice questions. The first part of the book provides 100 questions per domain. You also have access to four unique 125-question practice exams to help you master the material. As the only official practice tests endorsed by (ISC)2, this book gives you the advantage of full and complete preparation. These practice tests align with the 2018 version of the exam to ensure up-to-date preparation, and are designed to cover what you’ll see on exam day. Coverage includes: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security.
The CISSP credential signifies a body of knowledge and a set of guaranteed skills that put you in demand in the marketplace. This book is your ticket to achieving this prestigious certification, by helping you test what you know against what you need to know.
Test your knowledge of the 2018 exam domains
Identify areas in need of further study
Gauge your progress throughout your exam preparation
The CISSP exam is refreshed every few years to ensure that candidates are up-to-date on the latest security topics and trends. Currently-aligned preparation resources are critical, and periodic practice tests are one of the best ways to truly measure your level of understanding.
2019-12-21 21:49:51
12.79MB
1
之前通过CISA,再在2017年报名过广州CISSP考试,却以两三道题的距离挂了考试。3000多块买的教训,18年一直想考没时间,于是今年年初立个flag,可发现参考书版本都更新了。参考国盟信息安全论坛、csdn资料,结合刚考过的朋友的经验,整理了今年的备考资料清单名,主要书仍以ALL IN ONE为主,其他参考书主要对重点概念查漏补缺,参考书后面的章节题均需了解;参考系统自己看了all in one第七版后面的光盘题和isc2官方练习题practice tests,确实跟之前考试场景和提问方式比较接近,之前备考时间不充分,练习不足,这次希望把这两套题认认真真掌握知识点。因网络速度限制,需要索要20M以下的资料的(譬如光盘习题下载方式)可私信联系我留下邮箱地址,我给你发,CSDN上应该也都有;选择上传后资源分数无法修改,窃以为1-2分比较合适,可以给刚准备考的朋友参考
2019-12-21 21:49:47
12KB
1
基于(ISC)2 CISSP Common Body of Knowledge,可以辅助all in one加深对8个域知识点了解,最新的知识点已经在2018年4月15日CISSP考试中广泛体现。本学习指南重点突出知识点概念并伴有相应测试题,结合all in one 8后面测试题、光盘题和《CISSP Official (ISC)2 Practice Tests 2018年第二版》英文版&官方练习题及解题详解(1300题左右),备考题库已足够了解所有知识点本书含21章节,各域对应的章节如下:1-4章对应Domain 1 Security and Risk Mgmt第5章对应Domain 2 Asset security资产安全第6,7,8,9,10章对应Domain 3 安全架构与工程第11,12章,通讯与网络安全第13,14章,身份与访问管理IAM第15章对应域安全评估与测试第16,17,18,19章对应域7安全运维第20,21章软件开发安全
Development Editor: Kelly TalbotTechnical Editors: Jeff Parker, Bob Sipes, and David SeidlCopy Editor: Kim WimpsettEditorial Manager: Pete GaughanProduction Manager: Kathleen wisorExecutive editor: im minatelProofreader: Amy schneiderIndexer: Johnna Van Hoose dinseProject Coordinator, Cover: brent SavageCover Designer: wileyCover Image: @Jeremy Woodhouse/Getty Images, Inc.Copyright C 2018 by John Wiley Sons, InC, Indianapolis, IndianaPublished simultaneously in CanadaISBN:978-1-119-47593-4ISBN:978-1-119-47595-8(ebk)ISBN:978-1-119-47587-3(ebk)Manufactured in the United States of americaNo part of this publication may be reproduced, stored in a retrieval system or transmitted iany form or by any means, electronic, mechanical, photocopying, recording, scanning orotherwise, except as permitted under Sections 107 or 108 of the 1976 United States CopyrightAct, without either the prior written permission of the Publisher, or authorization throughpayment of the appropriate per-copy fee to the Copyright Clearance Center, 222 RosewoodDrive, Danvers, MA O1923,( 978)750-8400, fax(978)646-8600 Requests to the Publisherfor permission should be addressed to the permissions Department, John Wiley sons, Inc.111 River Street, Hoboken, NJ o7030, (201)748-6011, fax(201)748-6008, or online athttp://www.wiley.com/go/permissionsLimit of liability /Disclaimer of Warranty: The publisher and the author make norepresentations or warranties with respect to the accuracy or completeness of the contents ofthis work and specifically disclaim all warranties, including without limitation warranties offitness for a particular purpose. No warranty may be created or extended by sales orpromotional materials. The advice and strategies contained herein may not be suitable forevery situation. This work is sold with the understanding that the publisher is not engaged inrendering legal, accounting, or other professional services. If professional assistance isrequired the services of a competent professional person should be sought. Neither thepublisher nor the author shall be liable for damages arising herefrom. The fact that anorganization or Web site is referred to in this work as a citation and/or a potential source offurther information does not mean that the author or the publisher endorses the informationthe organization or Web site may provide or recommendations it may make Further readersshould be aware that Internet Web sites listed in this work may have changed or disappearedbetween when this work was written and when it is readFor general information on our other products and services or to obtain technical supportplease contact our Customer Care Department within the U.S. at(877)762-2974, outside theUS.at(317)5723993 or fax(317)572-4002Wiley publishes in a variety of print and electronic formats and by print-on-demand. Somematerial included with standard print versions of this book may not be included in e-books orin print-On-demand. If this book refers to media such as a CD or DVd that is not included intheversionyoupurchasedyoumaydownloadthismaterialathttp://booksupport.wilev.comFormoreinformationaboutwileyproductsvisitwww.wiley.comLibrary of Congress Control Number: 2018933561TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registeredtrademarks of John Wiley Sons, Inc and /or its affiliates, in the United States and othercountries, and may not be used without written permission. CISSP is a registered trademark of(ISC)2, Inc. All other trademarks are the property of their respective owners John WileySons, Inc is not associated with any product or vendor mentioned in this book.To Dewitt Latimer, my mentor, friend, and colleague. I miss youdearly.Mike ChappleTo Cathy, your perspective on the world and life often surprises me,challenges me, and makes me love you even moreJames michael stewartTo Nimfa, thanks for sharing your life with me for the past 26 yearsand letting me share mine with youDarril gibsonDear Future(ISC)2 MemberCongratulations on starting your journey toCISSPR certification Earning your CISSP is anexciting and rewarding milestone in yourcybersecurity career. Not only does it demonstrateyour ability to develop and manage nearly allaspects of an organizations cybersecurityoperations, but you also signal to employers yourcommitment to life-long learning and taking anactive role in fulfilling the(isc)2 vision ofinspiring a safe and secure cyber worldThe material in this study guide is based upon the (isc)2 cisspCommon Body of Knowledge. It will help you prepare for the examthat will assess your competency in the following eight domainsa Security and risk management■ Asset securitySecurity Architecture and engineeringa Communication and Network securitya Identity and Access Management (IAM)Security Assessment and Testing■ Security OperationsSoftware Development SecurityWhile this study guide will help you prepare, passing the cissp examdepends on your mastery of the domains combined with your ability toapply those concepts using your real-world experiencei wish you the best of luck as you continue on your path to become aCISSP and certified member of(Isc)2Sincerely,David shearer. CISSPCEO(ISC)2Ackn。w| edgmentsWe'd like to express our thanks to Sybex for continuing to support thisproject. Extra thanks to the eighth edition developmental editor, kellyTalbot, and technical editors, Jeff Parker, Bob Sipes, and David Seidlwho performed amazing feats in guiding us to improve this bookThanks as well to our agent, Carole Jelen, for continuing to assist innailing down these projectsMike james. and darrilSpecial thanks go to the information security team at the University ofNotre Dame, who provided hours of interesting conversation anddebate on security issues that inspired and informed much of thematerial in this bookI would like to thank the team at wiley who provided invaluableassistance throughout the book development process. i also owe a debtof gratitude to my literary agent, Carole Jelen of WatersideProductions. My coauthors, James Michael Stewart and darril Gibsonwere great collaborators. Jeff Parker, Bob Sipes, and David Seidl, ourdiligent and knowledgeable technical editors, provided valuable insight as we brought this edition to pressId also like to thank the many people who participated in theproduction of this book but whom I never had the chance to meet: thegraphics team, the production staff, and all of those involved inbringing this book to press-Mike ChappleThanks to Mike Chapple and Darril Gibson for continuing tocontribute to this project Thanks also to all my cissp course studentswho have provided their insight and input to improve my trainingcourseware and ultimately this tome. To my adoring wife, CathyBuilding a life and a family together has been more wonderful than Icould have ever imagined. To Slayde and remi: you are growing up sofast and learning at an outstanding pace, and you continue to delightand impress me daily. You are both growing into amazing individualsTo my mom, Johnnie: It is wonderful to have you close by To MarkNo matter how much time has passed or how little we see each other, Ihave been and always will be your friend. and finally, as always, toElvis: You were way ahead of the current bacon obsession with yourpeanut butter/banana/ bacon sandwich; i think that' s proof youtraveled through timeJames michael StewartThanks to Jim Minatel and Carole Jelen for helping get this update inplace before(IsC)2 released the objectives. This helped us get a headstart on this new edition, and we appreciate your efforts. It's been apleasure working with talented people like James Michael Stewart andMike Chapple Thanks to both of you for all your work andcollaborative efforts on this project. The technical editors, Jeff ParkerBob Sipes, and David Seidl, provided us with some outstandingfeedback, and this book is better because of their efforts Thanks to theteam at Sybex (including project managers, editors, and graphicsartists) for all the work you did helping us get this book to print. Last,thanks to my wife, Nimfa, for putting up with my odd hours as Iworked on this bookDarril gibsonAbout the authorsMike Chapple, CISSP, PhD, Security+, CISA, CySA+, is an associateteaching professor of IT, analytics, and operations at the University ofNotre Dame. In the past he was chief information officer of BrandInstitute and an information security researcher with the nationalSecurity agency and the u.s. air Force his primary areas of expertiseinclude network intrusion detection and access controls. mike is afrequent contributor to TechTarget's Search Security site and theauthor of more than 25 books including the companion book to thisstudy guide: CISSP Official (ISC)2 Practice Tests, the CompTIA CSA+Study Guide, and Cyberwarfare: Information Operations in aConnected World. Mike offers study groups for the CISSP, SSCP,Security+, and cSa+ certifications on his website atwww.certmike.comJames Michael Stewart, CISSP, CEH, ECSA, CHFI, Security+Network+, has been writing and training for more than 20 years, witha current focus on security. he has been teaching CiSsP trainingcourses since 2002, not to mention other courses on Internet securityand ethical hacking/penetration testing He is the author of andcontributor to more than 75 books and numerous courseware sets onsecurity certification, Microsoft topics, and network administrationincluding the Security +(SY0-501) Review guide. More informationaboutmichaelcanbefoundathiswebsiteatwww.impactonline.comDarril Gibson, CISSP, Security+, CASP, is the Ceo of YODa (shortfor You Can Do Anything), and he has authored or coauthored morethan 40 books. Darril regularly writes, consults, and teaches on a widevariety of technical and security topics and holds several certificationsHe regularly posts blog articles athttp://blogs.getcertifiedgetahead.com/aboutcertificationtopicsanduses that site to help people stay abreast of changes in certificationexams. He loves hearing from readers, especially when they pass anexam after using one of his books, and you can contact him throughthele blogging site.
Development Editor: Kelly TalbotTechnical Editors: Jeff Parker, Bob Sipes, and David SeidlCopy Editor: Kim WimpsettEditorial Manager: Pete GaughanProduction Manager: Kathleen wisorExecutive editor: im minatelProofreader: Amy schneiderIndexer: Johnna Van Hoose dinseProject Coordinator, Cover: brent SavageCover Designer: wileyCover Image: @Jeremy Woodhouse/Getty Images, Inc.Copyright C 2018 by John Wiley Sons, InC, Indianapolis, IndianaPublished simultaneously in CanadaISBN:978-1-119-47593-4ISBN:978-1-119-47595-8(ebk)ISBN:978-1-119-47587-3(ebk)Manufactured in the United States of americaNo part of this publication may be reproduced, stored in a retrieval system or transmitted iany form or by any means, electronic, mechanical, photocopying, recording, scanning orotherwise, except as permitted under Sections 107 or 108 of the 1976 United States CopyrightAct, without either the prior written permission of the Publisher, or authorization throughpayment of the appropriate per-copy fee to the Copyright Clearance Center, 222 RosewoodDrive, Danvers, MA O1923,( 978)750-8400, fax(978)646-8600 Requests to the Publisherfor permission should be addressed to the permissions Department, John Wiley sons, Inc.111 River Street, Hoboken, NJ o7030, (201)748-6011, fax(201)748-6008, or online athttp://www.wiley.com/go/permissionsLimit of liability /Disclaimer of Warranty: The publisher and the author make norepresentations or warranties with respect to the accuracy or completeness of the contents ofthis work and specifically disclaim all warranties, including without limitation warranties offitness for a particular purpose. No warranty may be created or extended by sales orpromotional materials. The advice and strategies contained herein may not be suitable forevery situation. This work is sold with the understanding that the publisher is not engaged inrendering legal, accounting, or other professional services. If professional assistance isrequired the services of a competent professional person should be sought. Neither thepublisher nor the author shall be liable for damages arising herefrom. The fact that anorganization or Web site is referred to in this work as a citation and/or a potential source offurther information does not mean that the author or the publisher endorses the informationthe organization or Web site may provide or recommendations it may make Further readersshould be aware that Internet Web sites listed in this work may have changed or disappearedbetween when this work was written and when it is readFor general information on our other products and services or to obtain technical supportplease contact our Customer Care Department within the U.S. at(877)762-2974, outside theUS.at(317)5723993 or fax(317)572-4002Wiley publishes in a variety of print and electronic formats and by print-on-demand. Somematerial included with standard print versions of this book may not be included in e-books orin print-On-demand. If this book refers to media such as a CD or DVd that is not included intheversionyoupurchasedyoumaydownloadthismaterialathttp://booksupport.wilev.comFormoreinformationaboutwileyproductsvisitwww.wiley.comLibrary of Congress Control Number: 2018933561TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registeredtrademarks of John Wiley Sons, Inc and /or its affiliates, in the United States and othercountries, and may not be used without written permission. CISSP is a registered trademark of(ISC)2, Inc. All other trademarks are the property of their respective owners John WileySons, Inc is not associated with any product or vendor mentioned in this book.To Dewitt Latimer, my mentor, friend, and colleague. I miss youdearly.Mike ChappleTo Cathy, your perspective on the world and life often surprises me,challenges me, and makes me love you even moreJames michael stewartTo Nimfa, thanks for sharing your life with me for the past 26 yearsand letting me share mine with youDarril gibsonDear Future(ISC)2 MemberCongratulations on starting your journey toCISSPR certification Earning your CISSP is anexciting and rewarding milestone in yourcybersecurity career. Not only does it demonstrateyour ability to develop and manage nearly allaspects of an organizations cybersecurityoperations, but you also signal to employers yourcommitment to life-long learning and taking anactive role in fulfilling the(isc)2 vision ofinspiring a safe and secure cyber worldThe material in this study guide is based upon the (isc)2 cisspCommon Body of Knowledge. It will help you prepare for the examthat will assess your competency in the following eight domainsa Security and risk management■ Asset securitySecurity Architecture and engineeringa Communication and Network securitya Identity and Access Management (IAM)Security Assessment and Testing■ Security OperationsSoftware Development SecurityWhile this study guide will help you prepare, passing the cissp examdepends on your mastery of the domains combined with your ability toapply those concepts using your real-world experiencei wish you the best of luck as you continue on your path to become aCISSP and certified member of(Isc)2Sincerely,David shearer. CISSPCEO(ISC)2Ackn。w| edgmentsWe'd like to express our thanks to Sybex for continuing to support thisproject. Extra thanks to the eighth edition developmental editor, kellyTalbot, and technical editors, Jeff Parker, Bob Sipes, and David Seidlwho performed amazing feats in guiding us to improve this bookThanks as well to our agent, Carole Jelen, for continuing to assist innailing down these projectsMike james. and darrilSpecial thanks go to the information security team at the University ofNotre Dame, who provided hours of interesting conversation anddebate on security issues that inspired and informed much of thematerial in this bookI would like to thank the team at wiley who provided invaluableassistance throughout the book development process. i also owe a debtof gratitude to my literary agent, Carole Jelen of WatersideProductions. My coauthors, James Michael Stewart and darril Gibsonwere great collaborators. Jeff Parker, Bob Sipes, and David Seidl, ourdiligent and knowledgeable technical editors, provided valuable insight as we brought this edition to pressId also like to thank the many people who participated in theproduction of this book but whom I never had the chance to meet: thegraphics team, the production staff, and all of those involved inbringing this book to press-Mike ChappleThanks to Mike Chapple and Darril Gibson for continuing tocontribute to this project Thanks also to all my cissp course studentswho have provided their insight and input to improve my trainingcourseware and ultimately this tome. To my adoring wife, CathyBuilding a life and a family together has been more wonderful than Icould have ever imagined. To Slayde and remi: you are growing up sofast and learning at an outstanding pace, and you continue to delightand impress me daily. You are both growing into amazing individualsTo my mom, Johnnie: It is wonderful to have you close by To MarkNo matter how much time has passed or how little we see each other, Ihave been and always will be your friend. and finally, as always, toElvis: You were way ahead of the current bacon obsession with yourpeanut butter/banana/ bacon sandwich; i think that' s proof youtraveled through timeJames michael StewartThanks to Jim Minatel and Carole Jelen for helping get this update inplace before(IsC)2 released the objectives. This helped us get a headstart on this new edition, and we appreciate your efforts. It's been apleasure working with talented people like James Michael Stewart andMike Chapple Thanks to both of you for all your work andcollaborative efforts on this project. The technical editors, Jeff ParkerBob Sipes, and David Seidl, provided us with some outstandingfeedback, and this book is better because of their efforts Thanks to theteam at Sybex (including project managers, editors, and graphicsartists) for all the work you did helping us get this book to print. Last,thanks to my wife, Nimfa, for putting up with my odd hours as Iworked on this bookDarril gibsonAbout the authorsMike Chapple, CISSP, PhD, Security+, CISA, CySA+, is an associateteaching professor of IT, analytics, and operations at the University ofNotre Dame. In the past he was chief information officer of BrandInstitute and an information security researcher with the nationalSecurity agency and the u.s. air Force his primary areas of expertiseinclude network intrusion detection and access controls. mike is afrequent contributor to TechTarget's Search Security site and theauthor of more than 25 books including the companion book to thisstudy guide: CISSP Official (ISC)2 Practice Tests, the CompTIA CSA+Study Guide, and Cyberwarfare: Information Operations in aConnected World. Mike offers study groups for the CISSP, SSCP,Security+, and cSa+ certifications on his website atwww.certmike.comJames Michael Stewart, CISSP, CEH, ECSA, CHFI, Security+Network+, has been writing and training for more than 20 years, witha current focus on security. he has been teaching CiSsP trainingcourses since 2002, not to mention other courses on Internet securityand ethical hacking/penetration testing He is the author of andcontributor to more than 75 books and numerous courseware sets onsecurity certification, Microsoft topics, and network administrationincluding the Security +(SY0-501) Review guide. More informationaboutmichaelcanbefoundathiswebsiteatwww.impactonline.comDarril Gibson, CISSP, Security+, CASP, is the Ceo of YODa (shortfor You Can Do Anything), and he has authored or coauthored morethan 40 books. Darril regularly writes, consults, and teaches on a widevariety of technical and security topics and holds several certificationsHe regularly posts blog articles athttp://blogs.getcertifiedgetahead.com/aboutcertificationtopicsanduses that site to help people stay abreast of changes in certificationexams. He loves hearing from readers, especially when they pass anexam after using one of his books, and you can contact him throughthele blogging site.
2019-12-21 21:49:47
17.84MB
1
cissp官方学习指南第八版(英文),改版后2018最新学习指南。不用看cbk那么费劲,就看这个版本九百多页,八个知识域全覆盖,还省事。
Development Editor: Kelly TalbotTechnical Editors: Jeff Parker, Bob Sipes, and David SeidlCopy Editor: Kim WimpsettEditorial Manager: Pete GaughanProduction Manager: Kathleen wisorExecutive editor: im minatelProofreader: Amy schneiderIndexer: Johnna Van Hoose dinseProject Coordinator, Cover: brent SavageCover Designer: wileyCover Image: @Jeremy Woodhouse/Getty Images, Inc.Copyright C 2018 by John Wiley Sons, InC, Indianapolis, IndianaPublished simultaneously in CanadaISBN:978-1-119-47593-4ISBN:978-1-119-47595-8(ebk)ISBN:978-1-119-47587-3(ebk)Manufactured in the United States of americaNo part of this publication may be reproduced, stored in a retrieval system or transmitted iany form or by any means, electronic, mechanical, photocopying, recording, scanning orotherwise, except as permitted under Sections 107 or 108 of the 1976 United States CopyrightAct, without either the prior written permission of the Publisher, or authorization throughpayment of the appropriate per-copy fee to the Copyright Clearance Center, 222 RosewoodDrive, Danvers, MA O1923,( 978)750-8400, fax(978)646-8600 Requests to the Publisherfor permission should be addressed to the permissions Department, John Wiley sons, Inc.111 River Street, Hoboken, NJ o7030, (201)748-6011, fax(201)748-6008, or online athttp://www.wiley.com/go/permissionsLimit of liability /Disclaimer of Warranty: The publisher and the author make norepresentations or warranties with respect to the accuracy or completeness of the contents ofthis work and specifically disclaim all warranties, including without limitation warranties offitness for a particular purpose. No warranty may be created or extended by sales orpromotional materials. The advice and strategies contained herein may not be suitable forevery situation. This work is sold with the understanding that the publisher is not engaged inrendering legal, accounting, or other professional services. If professional assistance isrequired the services of a competent professional person should be sought. Neither thepublisher nor the author shall be liable for damages arising herefrom. The fact that anorganization or Web site is referred to in this work as a citation and/or a potential source offurther information does not mean that the author or the publisher endorses the informationthe organization or Web site may provide or recommendations it may make Further readersshould be aware that Internet Web sites listed in this work may have changed or disappearedbetween when this work was written and when it is readFor general information on our other products and services or to obtain technical supportplease contact our Customer Care Department within the U.S. at(877)762-2974, outside theUS.at(317)5723993 or fax(317)572-4002Wiley publishes in a variety of print and electronic formats and by print-on-demand. Somematerial included with standard print versions of this book may not be included in e-books orin print-On-demand. If this book refers to media such as a CD or DVd that is not included intheversionyoupurchasedyoumaydownloadthismaterialathttp://booksupport.wilev.comFormoreinformationaboutwileyproductsvisitwww.wiley.comLibrary of Congress Control Number: 2018933561TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registeredtrademarks of John Wiley Sons, Inc and /or its affiliates, in the United States and othercountries, and may not be used without written permission. CISSP is a registered trademark of(ISC)2, Inc. All other trademarks are the property of their respective owners John WileySons, Inc is not associated with any product or vendor mentioned in this book.To Dewitt Latimer, my mentor, friend, and colleague. I miss youdearly.Mike ChappleTo Cathy, your perspective on the world and life often surprises me,challenges me, and makes me love you even moreJames michael stewartTo Nimfa, thanks for sharing your life with me for the past 26 yearsand letting me share mine with youDarril gibsonDear Future(ISC)2 MemberCongratulations on starting your journey toCISSPR certification Earning your CISSP is anexciting and rewarding milestone in yourcybersecurity career. Not only does it demonstrateyour ability to develop and manage nearly allaspects of an organizations cybersecurityoperations, but you also signal to employers yourcommitment to life-long learning and taking anactive role in fulfilling the(isc)2 vision ofinspiring a safe and secure cyber worldThe material in this study guide is based upon the (isc)2 cisspCommon Body of Knowledge. It will help you prepare for the examthat will assess your competency in the following eight domainsa Security and risk management■ Asset securitySecurity Architecture and engineeringa Communication and Network securitya Identity and Access Management (IAM)Security Assessment and Testing■ Security OperationsSoftware Development SecurityWhile this study guide will help you prepare, passing the cissp examdepends on your mastery of the domains combined with your ability toapply those concepts using your real-world experiencei wish you the best of luck as you continue on your path to become aCISSP and certified member of(Isc)2Sincerely,David shearer. CISSPCEO(ISC)2Ackn。w| edgmentsWe'd like to express our thanks to Sybex for continuing to support thisproject. Extra thanks to the eighth edition developmental editor, kellyTalbot, and technical editors, Jeff Parker, Bob Sipes, and David Seidlwho performed amazing feats in guiding us to improve this bookThanks as well to our agent, Carole Jelen, for continuing to assist innailing down these projectsMike james. and darrilSpecial thanks go to the information security team at the University ofNotre Dame, who provided hours of interesting conversation anddebate on security issues that inspired and informed much of thematerial in this bookI would like to thank the team at wiley who provided invaluableassistance throughout the book development process. i also owe a debtof gratitude to my literary agent, Carole Jelen of WatersideProductions. My coauthors, James Michael Stewart and darril Gibsonwere great collaborators. Jeff Parker, Bob Sipes, and David Seidl, ourdiligent and knowledgeable technical editors, provided valuable insight as we brought this edition to pressId also like to thank the many people who participated in theproduction of this book but whom I never had the chance to meet: thegraphics team, the production staff, and all of those involved inbringing this book to press-Mike ChappleThanks to Mike Chapple and Darril Gibson for continuing tocontribute to this project Thanks also to all my cissp course studentswho have provided their insight and input to improve my trainingcourseware and ultimately this tome. To my adoring wife, CathyBuilding a life and a family together has been more wonderful than Icould have ever imagined. To Slayde and remi: you are growing up sofast and learning at an outstanding pace, and you continue to delightand impress me daily. You are both growing into amazing individualsTo my mom, Johnnie: It is wonderful to have you close by To MarkNo matter how much time has passed or how little we see each other, Ihave been and always will be your friend. and finally, as always, toElvis: You were way ahead of the current bacon obsession with yourpeanut butter/banana/ bacon sandwich; i think that' s proof youtraveled through timeJames michael StewartThanks to Jim Minatel and Carole Jelen for helping get this update inplace before(IsC)2 released the objectives. This helped us get a headstart on this new edition, and we appreciate your efforts. It's been apleasure working with talented people like James Michael Stewart andMike Chapple Thanks to both of you for all your work andcollaborative efforts on this project. The technical editors, Jeff ParkerBob Sipes, and David Seidl, provided us with some outstandingfeedback, and this book is better because of their efforts Thanks to theteam at Sybex (including project managers, editors, and graphicsartists) for all the work you did helping us get this book to print. Last,thanks to my wife, Nimfa, for putting up with my odd hours as Iworked on this bookDarril gibsonAbout the authorsMike Chapple, CISSP, PhD, Security+, CISA, CySA+, is an associateteaching professor of IT, analytics, and operations at the University ofNotre Dame. In the past he was chief information officer of BrandInstitute and an information security researcher with the nationalSecurity agency and the u.s. air Force his primary areas of expertiseinclude network intrusion detection and access controls. mike is afrequent contributor to TechTarget's Search Security site and theauthor of more than 25 books including the companion book to thisstudy guide: CISSP Official (ISC)2 Practice Tests, the CompTIA CSA+Study Guide, and Cyberwarfare: Information Operations in aConnected World. Mike offers study groups for the CISSP, SSCP,Security+, and cSa+ certifications on his website atwww.certmike.comJames Michael Stewart, CISSP, CEH, ECSA, CHFI, Security+Network+, has been writing and training for more than 20 years, witha current focus on security. he has been teaching CiSsP trainingcourses since 2002, not to mention other courses on Internet securityand ethical hacking/penetration testing He is the author of andcontributor to more than 75 books and numerous courseware sets onsecurity certification, Microsoft topics, and network administrationincluding the Security +(SY0-501) Review guide. More informationaboutmichaelcanbefoundathiswebsiteatwww.impactonline.comDarril Gibson, CISSP, Security+, CASP, is the Ceo of YODa (shortfor You Can Do Anything), and he has authored or coauthored morethan 40 books. Darril regularly writes, consults, and teaches on a widevariety of technical and security topics and holds several certificationsHe regularly posts blog articles athttp://blogs.getcertifiedgetahead.com/aboutcertificationtopicsanduses that site to help people stay abreast of changes in certificationexams. He loves hearing from readers, especially when they pass anexam after using one of his books, and you can contact him throughthele blogging site.
Development Editor: Kelly TalbotTechnical Editors: Jeff Parker, Bob Sipes, and David SeidlCopy Editor: Kim WimpsettEditorial Manager: Pete GaughanProduction Manager: Kathleen wisorExecutive editor: im minatelProofreader: Amy schneiderIndexer: Johnna Van Hoose dinseProject Coordinator, Cover: brent SavageCover Designer: wileyCover Image: @Jeremy Woodhouse/Getty Images, Inc.Copyright C 2018 by John Wiley Sons, InC, Indianapolis, IndianaPublished simultaneously in CanadaISBN:978-1-119-47593-4ISBN:978-1-119-47595-8(ebk)ISBN:978-1-119-47587-3(ebk)Manufactured in the United States of americaNo part of this publication may be reproduced, stored in a retrieval system or transmitted iany form or by any means, electronic, mechanical, photocopying, recording, scanning orotherwise, except as permitted under Sections 107 or 108 of the 1976 United States CopyrightAct, without either the prior written permission of the Publisher, or authorization throughpayment of the appropriate per-copy fee to the Copyright Clearance Center, 222 RosewoodDrive, Danvers, MA O1923,( 978)750-8400, fax(978)646-8600 Requests to the Publisherfor permission should be addressed to the permissions Department, John Wiley sons, Inc.111 River Street, Hoboken, NJ o7030, (201)748-6011, fax(201)748-6008, or online athttp://www.wiley.com/go/permissionsLimit of liability /Disclaimer of Warranty: The publisher and the author make norepresentations or warranties with respect to the accuracy or completeness of the contents ofthis work and specifically disclaim all warranties, including without limitation warranties offitness for a particular purpose. No warranty may be created or extended by sales orpromotional materials. The advice and strategies contained herein may not be suitable forevery situation. This work is sold with the understanding that the publisher is not engaged inrendering legal, accounting, or other professional services. If professional assistance isrequired the services of a competent professional person should be sought. Neither thepublisher nor the author shall be liable for damages arising herefrom. The fact that anorganization or Web site is referred to in this work as a citation and/or a potential source offurther information does not mean that the author or the publisher endorses the informationthe organization or Web site may provide or recommendations it may make Further readersshould be aware that Internet Web sites listed in this work may have changed or disappearedbetween when this work was written and when it is readFor general information on our other products and services or to obtain technical supportplease contact our Customer Care Department within the U.S. at(877)762-2974, outside theUS.at(317)5723993 or fax(317)572-4002Wiley publishes in a variety of print and electronic formats and by print-on-demand. Somematerial included with standard print versions of this book may not be included in e-books orin print-On-demand. If this book refers to media such as a CD or DVd that is not included intheversionyoupurchasedyoumaydownloadthismaterialathttp://booksupport.wilev.comFormoreinformationaboutwileyproductsvisitwww.wiley.comLibrary of Congress Control Number: 2018933561TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registeredtrademarks of John Wiley Sons, Inc and /or its affiliates, in the United States and othercountries, and may not be used without written permission. CISSP is a registered trademark of(ISC)2, Inc. All other trademarks are the property of their respective owners John WileySons, Inc is not associated with any product or vendor mentioned in this book.To Dewitt Latimer, my mentor, friend, and colleague. I miss youdearly.Mike ChappleTo Cathy, your perspective on the world and life often surprises me,challenges me, and makes me love you even moreJames michael stewartTo Nimfa, thanks for sharing your life with me for the past 26 yearsand letting me share mine with youDarril gibsonDear Future(ISC)2 MemberCongratulations on starting your journey toCISSPR certification Earning your CISSP is anexciting and rewarding milestone in yourcybersecurity career. Not only does it demonstrateyour ability to develop and manage nearly allaspects of an organizations cybersecurityoperations, but you also signal to employers yourcommitment to life-long learning and taking anactive role in fulfilling the(isc)2 vision ofinspiring a safe and secure cyber worldThe material in this study guide is based upon the (isc)2 cisspCommon Body of Knowledge. It will help you prepare for the examthat will assess your competency in the following eight domainsa Security and risk management■ Asset securitySecurity Architecture and engineeringa Communication and Network securitya Identity and Access Management (IAM)Security Assessment and Testing■ Security OperationsSoftware Development SecurityWhile this study guide will help you prepare, passing the cissp examdepends on your mastery of the domains combined with your ability toapply those concepts using your real-world experiencei wish you the best of luck as you continue on your path to become aCISSP and certified member of(Isc)2Sincerely,David shearer. CISSPCEO(ISC)2Ackn。w| edgmentsWe'd like to express our thanks to Sybex for continuing to support thisproject. Extra thanks to the eighth edition developmental editor, kellyTalbot, and technical editors, Jeff Parker, Bob Sipes, and David Seidlwho performed amazing feats in guiding us to improve this bookThanks as well to our agent, Carole Jelen, for continuing to assist innailing down these projectsMike james. and darrilSpecial thanks go to the information security team at the University ofNotre Dame, who provided hours of interesting conversation anddebate on security issues that inspired and informed much of thematerial in this bookI would like to thank the team at wiley who provided invaluableassistance throughout the book development process. i also owe a debtof gratitude to my literary agent, Carole Jelen of WatersideProductions. My coauthors, James Michael Stewart and darril Gibsonwere great collaborators. Jeff Parker, Bob Sipes, and David Seidl, ourdiligent and knowledgeable technical editors, provided valuable insight as we brought this edition to pressId also like to thank the many people who participated in theproduction of this book but whom I never had the chance to meet: thegraphics team, the production staff, and all of those involved inbringing this book to press-Mike ChappleThanks to Mike Chapple and Darril Gibson for continuing tocontribute to this project Thanks also to all my cissp course studentswho have provided their insight and input to improve my trainingcourseware and ultimately this tome. To my adoring wife, CathyBuilding a life and a family together has been more wonderful than Icould have ever imagined. To Slayde and remi: you are growing up sofast and learning at an outstanding pace, and you continue to delightand impress me daily. You are both growing into amazing individualsTo my mom, Johnnie: It is wonderful to have you close by To MarkNo matter how much time has passed or how little we see each other, Ihave been and always will be your friend. and finally, as always, toElvis: You were way ahead of the current bacon obsession with yourpeanut butter/banana/ bacon sandwich; i think that' s proof youtraveled through timeJames michael StewartThanks to Jim Minatel and Carole Jelen for helping get this update inplace before(IsC)2 released the objectives. This helped us get a headstart on this new edition, and we appreciate your efforts. It's been apleasure working with talented people like James Michael Stewart andMike Chapple Thanks to both of you for all your work andcollaborative efforts on this project. The technical editors, Jeff ParkerBob Sipes, and David Seidl, provided us with some outstandingfeedback, and this book is better because of their efforts Thanks to theteam at Sybex (including project managers, editors, and graphicsartists) for all the work you did helping us get this book to print. Last,thanks to my wife, Nimfa, for putting up with my odd hours as Iworked on this bookDarril gibsonAbout the authorsMike Chapple, CISSP, PhD, Security+, CISA, CySA+, is an associateteaching professor of IT, analytics, and operations at the University ofNotre Dame. In the past he was chief information officer of BrandInstitute and an information security researcher with the nationalSecurity agency and the u.s. air Force his primary areas of expertiseinclude network intrusion detection and access controls. mike is afrequent contributor to TechTarget's Search Security site and theauthor of more than 25 books including the companion book to thisstudy guide: CISSP Official (ISC)2 Practice Tests, the CompTIA CSA+Study Guide, and Cyberwarfare: Information Operations in aConnected World. Mike offers study groups for the CISSP, SSCP,Security+, and cSa+ certifications on his website atwww.certmike.comJames Michael Stewart, CISSP, CEH, ECSA, CHFI, Security+Network+, has been writing and training for more than 20 years, witha current focus on security. he has been teaching CiSsP trainingcourses since 2002, not to mention other courses on Internet securityand ethical hacking/penetration testing He is the author of andcontributor to more than 75 books and numerous courseware sets onsecurity certification, Microsoft topics, and network administrationincluding the Security +(SY0-501) Review guide. More informationaboutmichaelcanbefoundathiswebsiteatwww.impactonline.comDarril Gibson, CISSP, Security+, CASP, is the Ceo of YODa (shortfor You Can Do Anything), and he has authored or coauthored morethan 40 books. Darril regularly writes, consults, and teaches on a widevariety of technical and security topics and holds several certificationsHe regularly posts blog articles athttp://blogs.getcertifiedgetahead.com/aboutcertificationtopicsanduses that site to help people stay abreast of changes in certificationexams. He loves hearing from readers, especially when they pass anexam after using one of his books, and you can contact him throughthele blogging site.
2019-12-21 20:59:20
18.38MB
1