Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide
  • Table Of Contents Toc
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide - Eighth Edition

By : Mike Chapple, James Michael Stewart, Darril Gibson
close
close
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide

By: Mike Chapple, James Michael Stewart, Darril Gibson

Overview of this book

CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 8th Edition has been completely updated for the latest 2018 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.
Table of Contents (28 chapters)
close
close
close
Lock Free Chapter
1
Introduction
Icon
Introduction
Icon
Overview of the CISSP Exam
Icon
Notes on This Book’s Organization
2
Assessment Test
Icon
Assessment Test
3
Answers to Assessment Test
Icon
Answers to Assessment Test
4
Chapter 1 Security Governance Through Principles and Policies
Icon
Chapter 1 Security Governance Through Principles and Policies
Icon
Understand and Apply Concepts of Confidentiality, Integrity, and Availability
Icon
Evaluate and Apply Security Governance Principles
Icon
Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
Icon
Understand and Apply Threat Modeling Concepts and Methodologies
Icon
Apply Risk-Based Management Concepts to the Supply Chain
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
5
Chapter 2 Personnel Security and Risk Management Concepts
Icon
Chapter 2 Personnel Security and Risk Management Concepts
Icon
Personnel Security Policies and Procedures
Icon
Security Governance
Icon
Understand and Apply Risk Management Concepts
Icon
Establish and Maintain a Security Awareness, Education, and Training Program
Icon
Manage the Security Function
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
6
Chapter 3 Business Continuity Planning
Icon
Chapter 3 Business Continuity Planning
Icon
Planning for Business Continuity
Icon
Project Scope and Planning
Icon
Business Impact Assessment
Icon
Continuity Planning
Icon
Plan Approval and Implementation
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
7
Chapter 4 Laws, Regulations, and Compliance
Icon
Chapter 4 Laws, Regulations, and Compliance
Icon
Categories of Laws
Icon
Laws
Icon
Compliance
Icon
Contracting and Procurement
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
8
Chapter 5 Protecting Security of Assets
Icon
Chapter 5 Protecting Security of Assets
Icon
Identify and Classify Assets
Icon
Determining Ownership
Icon
Using Security Baselines
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
9
Chapter 6 Cryptography and Symmetric Key Algorithms
Icon
Chapter 6 Cryptography and Symmetric Key Algorithms
Icon
Historical Milestones in Cryptography
Icon
Cryptographic Basics
Icon
Modern Cryptography
Icon
Symmetric Cryptography
Icon
Cryptographic Lifecycle
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
10
Chapter 7 PKI and Cryptographic Applications
Icon
Chapter 7 PKI and Cryptographic Applications
Icon
Asymmetric Cryptography
Icon
Hash Functions
Icon
Digital Signatures
Icon
Public Key Infrastructure
Icon
Asymmetric Key Management
Icon
Applied Cryptography
Icon
Cryptographic Attacks
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
11
Chapter 8 Principles of Security Models, Design, and Capabilities
Icon
Chapter 8 Principles of Security Models, Design, and Capabilities
Icon
Implement and Manage Engineering Processes Using Secure Design Principles
Icon
Understand the Fundamental Concepts of Security Models
Icon
Select Controls Based On Systems Security Requirements
Icon
Understand Security Capabilities of Information Systems
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
12
Chapter 9 Security Vulnerabilities, Threats, and Countermeasures
Icon
Chapter 9 Security Vulnerabilities, Threats, and Countermeasures
Icon
Assess and Mitigate Security Vulnerabilities
Icon
Client-Based Systems
Icon
Server-Based Systems
Icon
Database Systems Security
Icon
Distributed Systems and Endpoint Security
Icon
Internet of Things
Icon
Industrial Control Systems
Icon
Assess and Mitigate Vulnerabilities in Web-Based Systems
Icon
Assess and Mitigate Vulnerabilities in Mobile Systems
Icon
Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
Icon
Essential Security Protection Mechanisms
Icon
Common Architecture Flaws and Security Issues
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
13
Chapter 10 Physical Security Requirements
Icon
Chapter 10 Physical Security Requirements
Icon
Apply Security Principles to Site and Facility Design
Icon
Implement Site and Facility Security Controls
Icon
Implement and Manage Physical Security
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
14
Chapter 11 Secure Network Architecture and Securing Network Components
Icon
Chapter 11 Secure Network Architecture and Securing Network Components
Icon
OSI Model
Icon
TCP/IP Model
Icon
Converged Protocols
Icon
Wireless Networks
Icon
Secure Network Components
Icon
Cabling, Wireless, Topology, Communications, and Transmission Media Technology
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
15
Chapter 12 Secure Communications and Network Attacks
Icon
Chapter 12 Secure Communications and Network Attacks
Icon
Network and Protocol Security Mechanisms
Icon
Secure Voice Communications
Icon
Multimedia Collaboration
Icon
Manage Email Security
Icon
Remote Access Security Management
Icon
Virtual Private Network
Icon
Virtualization
Icon
Network Address Translation
Icon
Switching Technologies
Icon
WAN Technologies
Icon
Miscellaneous Security Control Characteristics
Icon
Security Boundaries
Icon
Prevent or Mitigate Network Attacks
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
16
Chapter 13 Managing Identity and Authentication
Icon
Chapter 13 Managing Identity and Authentication
Icon
Controlling Access to Assets
Icon
Comparing Identification and Authentication
Icon
Implementing Identity Management
Icon
Managing the Identity and Access Provisioning Lifecycle
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
17
Chapter 14 Controlling and Monitoring Access
Icon
Chapter 14 Controlling and Monitoring Access
Icon
Comparing Access Control Models
Icon
Understanding Access Control Attacks
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
18
Chapter 15 Security Assessment and Testing
Icon
Chapter 15 Security Assessment and Testing
Icon
Building a Security Assessment and Testing Program
Icon
Performing Vulnerability Assessments
Icon
Testing Your Software
Icon
Implementing Security Management Processes
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
19
Chapter 16 Managing Security Operations
Icon
Chapter 16 Managing Security Operations
Icon
Applying Security Operations Concepts
Icon
Securely Provisioning Resources
Icon
Managing Configuration
Icon
Managing Change
Icon
Managing Patches and Reducing Vulnerabilities
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
20
Chapter 17 Preventing and Responding to Incidents
Icon
Chapter 17 Preventing and Responding to Incidents
Icon
Managing Incident Response
Icon
Implementing Detective and Preventive Measures
Icon
Logging, Monitoring, and Auditing
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
21
Chapter 18 Disaster Recovery Planning
Icon
Chapter 18 Disaster Recovery Planning
Icon
The Nature of Disaster
Icon
Understand System Resilience and Fault Tolerance
Icon
Recovery Strategy
Icon
Recovery Plan Development
Icon
Training, Awareness, and Documentation
Icon
Testing and Maintenance
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
22
Chapter 19 Investigations and Ethics
Icon
Chapter 19 Investigations and Ethics
Icon
Investigations
Icon
Major Categories of Computer Crime
Icon
Ethics
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
23
Chapter 20 Software Development Security
Icon
Chapter 20 Software Development Security
Icon
Introducing Systems Development Controls
Icon
Establishing Databases and Data Warehousing
Icon
Storing Data and Information
Icon
Understanding Knowledge-Based Systems
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
24
Chapter 21 Malicious Code and Application Attacks
Icon
Chapter 21 Malicious Code and Application Attacks
Icon
Malicious Code
Icon
Password Attacks
Icon
Application Attacks
Icon
Web Application Security
Icon
Reconnaissance Attacks
Icon
Masquerading Attacks
Icon
Summary
Icon
Exam Essentials
Icon
Written Lab
Icon
Review Questions
25
Advert
Icon
Advert
26
EULA
Icon
EULA
1
Appendix A Answers to Review Questions
chevron up
Icon
Appendix A Answers to Review Questions
Icon
Chapter 1: Security Governance Through Principles and Policies
Icon
Chapter 2: Personnel Security and Risk Management Concepts
Icon
Chapter 3: Business Continuity Planning
Icon
Chapter 4: Laws, Regulations, and Compliance
Icon
Chapter 5: Protecting Security of Assets
Icon
Chapter 6: Cryptography and Symmetric Key Algorithms
Icon
Chapter 7: PKI and Cryptographic Applications
Icon
Chapter 8: Principles of Security Models, Design, and Capabilities
Icon
Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
Icon
Chapter 10: Physical Security Requirements
Icon
Chapter 11: Secure Network Architecture and Securing Network Components
Icon
Chapter 12: Secure Communications and Network Attacks
Icon
Chapter 13: Managing Identity and Authentication
Icon
Chapter 14: Controlling and Monitoring Access
Icon
Chapter 15: Security Assessment and Testing
Icon
Chapter 16: Managing Security Operations
Icon
Chapter 17: Preventing and Responding to Incidents
Icon
Chapter 18: Disaster Recovery Planning
Icon
Chapter 19: Investigations and Ethics
Icon
Chapter 20: Software Development Security
Icon
Chapter 21: Malicious Code and Application Attacks
2
Appendix B Answers to Written Labs
Icon
Appendix B Answers to Written Labs
Icon
Chapter 1: Security Governance Through Principles and Policies
Icon
Chapter 2: Personnel Security and Risk Management Concepts
Icon
Chapter 3: Business Continuity Planning
Icon
Chapter 4: Laws, Regulations, and Compliance
Icon
Chapter 5: Protecting Security of Assets
Icon
Chapter 6: Cryptography and Symmetric Key Algorithms
Icon
Chapter 7: PKI and Cryptographic Applications
Icon
Chapter 8: Principles of Security Models, Design, and Capabilities
Icon
Chapter 9: Security Vulnerabilities, Threats, and Countermeasures
Icon
Chapter 10: Physical Security Requirements
Icon
Chapter 11: Secure Network Architecture and Securing Network Components
Icon
Chapter 12: Secure Communications and Network Attacks
Icon
Chapter 13: Managing Identity and Authentication
Icon
Chapter 14: Controlling and Monitoring Access
Icon
Chapter 15: Security Assessment and Testing
Icon
Chapter 16: Managing Security Operations
Icon
Chapter 17: Preventing and Responding to Incidents
Icon
Chapter 18: Disaster Recovery Planning
Icon
Chapter 19: Investigations and Ethics
Icon
Chapter 20: Software Development Security
Icon
Chapter 21: Malicious Code and Application Attacks

Chapter 20: Software Development Security

  1. A. The three elements of the DevOps model are software development, quality assurance, and IT operations.
  2. B. Input validation ensures that the input provided by users matches the design parameters.
  3. C. The request control provides users with a framework to request changes and developers with the opportunity to prioritize those requests.
  4. C. In a fail-secure state, the system remains in a high level of security until an administrator intervenes.
  5. B. The waterfall model uses a seven-stage approach to software development and includes a feedback loop that allows development to return to the previous phase to correct defects discovered during the subsequent phase.
  6. A. Content-dependent access control is focused on the internal data of each field.
  7. C. Foreign keys are used to enforce referential integrity constraints between tables that participate in a relationship.
  8. D. In this case, the process the database user is taking advantage of is aggregation....
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon