CramX Logo
RegisterLog in
CISSP Official Study Guide (2021) - Document preview page 1

CISSP Official Study Guide (2021) - Page 1

Document preview content for CISSP Official Study Guide (2021)

CISSP Official Study Guide (2021)

CISSP Official Study Guide (2021) provides detailed explanations to help you understand key concepts.

4.7
143
over 1 year ago
Preview (31 of 1250 Pages)
100%
Log in to unlock
Page 1 of 31
CISSP Official Study Guide (2021) - Page 1 preview imageT=StudyX
Page 2 of 31
CISSP Official Study Guide (2021) - Page 2 preview imageDownloadedfromStudyXY.com&+StudyXYnas,as.aTBStudy[|AnythingThisContentHasbeenPostedOnStudyXY.comassupplementarylearningmaterial.StudyXYdoesnotendroseanyuniversity,collegeorpublisher.Allmaterialspostedareundertheliabilityofthecontribu:ors.wv6)www.studyxy.com
Page 3 of 31
CISSP Official Study Guide (2021) - Page 3 preview imageT=StudyX
Page 4 of 31
CISSP Official Study Guide (2021) - Page 4 preview imageCISSP®CertifiedInformationSystemsSecurityProfessionalNinthEdition
Page 5 of 31
CISSP Official Study Guide (2021) - Page 5 preview imageT=StudyX
Page 6 of 31
CISSP Official Study Guide (2021) - Page 6 preview imageCISSP®CertifiedInformationSystemsSecurityProfessionalNinthEditionMikeChappleJamesMichaelStewartDarrilGibson
Page 7 of 31
CISSP Official Study Guide (2021) - Page 7 preview imageCopyright©2021byJohnWiley&Sons,Inc.Allrightsreserved.PublishedbyJohnWiley&Sons,Inc.,Hoboken,NewJerseyPublishedsimultaneouslyinCanadaandtheUnitedKingdomISBN:978-1-119-78623-8ISBN:978-1-119-78633-7(ebk)ISBN:978-1-119-78624-5(cbk)Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanningorotherwise,exceptaspermittedunderSections107or108ofthe1976UnitedStatesCopyrightAct,withouteitherthepriorwrittenpermissionofthePublisher,orauthorizationthroughpaymentoftheappropriateper-copyfeetotheCopyrightClearanceCenter,222RosewoodDrive,Danvers,MA01923,(978)750-8400,fax(978)646-8600.RequeststothePublisherforpermissionshouldbeaddressedtothePermissionsDepartment,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)748-6011,fax(201)748-6008,oronlineathttp://www.wiley.com/go/permissions.LimitofLiability/DisclaimerofWarranty:Whilethepublisherandauthorhaveusedtheirbesteffortsinpreparingthisbook,theymakenorepresentationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthisbookandspecificallydisclaimanyimpliedwarrantiesofmerchantabilityorfitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysalesrepresentativesorwrittensalesmaterials.Theadviceandstrategiescontainedhereinmaynotbesuitableforyoursituation.Youshouldconsultwithaprofessionalwhereappropriate.Neitherthepublishernorauthorshallbeliableforanylossofprofitoranyothercommercialdamages,includingbutnotlimitedtospecial,incidental,consequential,orotherdamages.Forgeneralinformationonourotherproductsandservicesortoobtaintechnicalsupport,pleasecontactourCustomerCareDepartmentwithintheU.S.at(877)762-2974,outsidetheU.S.at(317)572-3993orfax(317)572-4002.Wileyalsopublishesitsbooksinavarietyofelectronicformats.Somecontentthatappearsinprintmaynotbeavailableinelectronicformats.FormoreinformationaboutWileyproducts,visitourwebsiteatwww.wiLey.com.LibraryofCongressControlNumber:2021935479TRADEMARKS:WILEYandtheWileylogoaretrademarksorregisteredtrademarksofJohnWiley&Sons,Inc.and/oritsaffiliates,intheUnitedStatesandothercountries,andmaynotbeusedwithoutwrittenpermission.(SC)andCISSParetrademarksorregisteredtrademarksof(ISC)?,Inc.Allothertrademarksarethepropertyoftheirrespectiveowners.JohnWiley&Sons,Inc.isnorassociatedwithanyproductorvendormentionedinthisbook.Coverimage(s):©JeremyWoodhouse/GettyImages,Inc.Coverdesign:WileyStudy
Page 8 of 31
CISSP Official Study Guide (2021) - Page 8 preview imageToDewittLatimer,mymentor,friend,andcolleague.Imissyoudearly.—MikeChappleToCathy,yourperspectiveontheworldandlifeoftensurprisesme,challengesme,andmakesmeloveyouevenmore.—JamesMichaelStewartToNimfa,thanksforsharingyourlifewithmeforthepast29yearsandlettingmeshareminewithyou.—DarrilGibsonStudy
Page 9 of 31
CISSP Official Study Guide (2021) - Page 9 preview imageT=StudyX
Page 10 of 31
CISSP Official Study Guide (2021) - Page 10 preview imageAcknowledgmentsWe'dliketoexpressourthankstoWileyforcontinuingtosupportthisproject.Extrathankstothedevelopmenteditor,KellyTalbot,andtechnicaleditors,JerryRayome,ChrisCrayton,andAaronKraus,whoperformedamazingfeatsinguidingustoimprovethisbook.Thanksaswelltoouragent,CaroleJelen,forcontinuingtoassistinnailingdowntheseprojects.Mike,James,andDarrilSpecialthanksgotomymanyfriendsandcolleaguesinthecybersecuritycommunitywhoprovidedhoursofinterestingconversationanddebateonsecurityissuesthatinspiredandinformedmuchofthematerialinthisbook.IwouldliketothanktheteamatWiley,whoprovidedinvaluableassistancethroughoutthebookdevelopmentprocess.Ialsooweadebtofgratitudetomyliteraryagent,CaroleJelenofWatersideProductions.Mycoauthors,JamesMichaelStewartandDarrilGibson,weregreatcol-laboratorsandI'dliketothankthembothfortheirthoughtfulcontributionstomychapters.I'dalsoliketothankthemanypeoplewhoparticipatedintheproductionofthisbookbutwhomIneverhadthechancetomeet:thegraphicsteam,theproductionstaff,andallofthoseinvolvedinbringingthisbooktopress.—MikeChappleThankstoMikeChappleandDarrilGibsonforcontinuingtocontributetothisproject.ThanksalsotoallmyCISSPcoursestudentswhohaveprovidedtheirinsightandinputtoimprovemytrainingcoursewareandultimatelythistome.Tomyadoringwife,Cathy:BuildingalifeandafamilytogetherhasbeenmorewonderfulthanIcouldhaveeverimagined.ToSlaydeandRemi:Youaregrowingupsofastandlearningatanoutstandingpace,andyoucontinuetodelightandimpressmedaily.Youarebothgrowingintoamazingindividuals.Tomymom,Johnnie:Itiswonderfultohaveyoucloseby.ToMark:Nomatterhowmuchtimehaspassedorhowlittleweseeeachother,Ihavebeenandalwayswillbeyourfriend.Andfinally,asalways,toElvis:Youwerewayaheadofthecurrentbaconobsessionwithyourpeanutbutter/banana/baconsandwich;Ithinkthat’sproofyoutraveledthroughtime!—JamesMichaelStewartIt’sbeenapleasureworkingwithtalentedpeoplelikeJamesMichaelStewartandMikeChapple.Thankstobothofyouforallyourworkandcollaborativeeffortsonthisproject.Thetechnicaleditors,JerryRayome,ChrisCrayton,andAaronKraus,provideduswithsomeoutstandingfeedback,andthisbookisbetterbecauseoftheirefforts.ThankstotheteamatWiley(includingprojectmanagers,editors,andgraphicartists)foralltheworkyoudidhelpingusgetthisbooktoprint.Last,thankstomywife,Nimfa,forputtingupwithmyoddhoursasIworkedonthisbook.—DarrilGibsonStudy
Page 11 of 31
CISSP Official Study Guide (2021) - Page 11 preview imageT=StudyX
Page 12 of 31
CISSP Official Study Guide (2021) - Page 12 preview imageAbouttheAuthorsMikeChapple,PhD,~CISSP,Security+,CySA+,PenTest+,CISA,CISM,CCSP,CIPP/US,isateachingprofessorofIT,analytics,andoperationsattheUniversityofNotreDame.Inthepast,hewaschiefinformationofficerofBrandInstituteandaninformationsecurityresearcherwiththeNationalSecurityAgencyandtheU.S.AirForce.Hisprimaryareasofexpertiseincludenetworkintrusiondetectionandaccesscontrols.Mikeisafrequentcon-tributortoTechTarget’sSearchSecuritysiteandtheauthorofmorethan25books,includingthecompanionbooktothisstudyguide:CISSPOfficial(ISC)?PracticeTests,CompTIACySA+StudyGuide:ExamCS0-001,CompTIASecurity+StudyGuide:ExamSY0-601,andCyberwarfare:InformationOperationsinaConnectedWorld.MikeoffersstudygroupsfortheCISSP,SSCP,Security+,andCSA+certificationsonhiswebsiteatwww.certmike.com.JamesMichaelStewart,CISSP,CEH,CHFI,ECSA,CND,ECIH,CySA+,PenTest+,CASP+,Security+,Network+,A+,CISM,andCFR,hasbeenwritingandtrainingformorethan25years,withacurrentfocusonsecurity.HehasbeenteachingCISSPtrainingcoursessince2002,nottomentionothercoursesoninternetsecurityandethicalhacking/penetrationtesting.Heistheauthorofandcontributortomorethan75booksonsecuritycertification,Microsofttopics,andnetworkadministration,includingCompTIASecurity+ReviewGuide:ExamSY0-601.MoreinformationaboutMichaelcanbefoundathiswebsiteatwww.impactonline.com.DarrilGibson,CISSP,Security+,CASP,istheCEOofYCDA(shortforYouCanDoAnything),andhehasauthoredorcoauthoredmorethan40books.Darrilregularlywrites,consults,andteachesonawidevarietyoftechnicalandsecuritytopicsandholdsseveralcer-tifications.Heregularlypostsblogarticlesatblogs.getcertifiedgetahead.comaboutcertificationtopicsandusesthatsitetohelppeoplestayabreastofchangesincertificationexams.Heloveshearingfromreaders,especiallywhentheypassanexamafterusingoneofhisbooks,andyoucancontacthimthroughthebloggingsite.
Page 13 of 31
CISSP Official Study Guide (2021) - Page 13 preview imageT=StudyX
Page 14 of 31
CISSP Official Study Guide (2021) - Page 14 preview imageAbouttheTechnicalEditorsJerryRayome,BS/MSComputerScience,CISSP,hasbeenemployedasamemberoftheCyberSecurityProgramatLawrenceLivermoreNationalLaboratoryforover20years,providingcybersecurityservicesthatincludesoftwaredevelopment,penetrativetesting,inci-dentresponse,firewallimplementation/administration,firewallauditing,honeynetdeploy-ment/monitoring,cyberforensicinvestigations,NIST800-53controlimplementation/assessment,cloudriskassessment,andcloudsecurityauditing.ChrisCraytonisatechnicalconsultant,trainer,author,andindustry-leadingtechnicaleditor.Hehasworkedasacomputertechnologyandnetworkinginstructor,informationsecuritydirector,networkadministrator,networkengineer,andPCspecialist.ChrishasauthoredseveralprintandonlinebooksonPCrepair,CompTIAA+,CompTIASecurity+,andMicrosoftWindows.Hehasalsoservedastechnicaleditorandcontentcontributoronnumeroustechnicaltitlesforseveralleadingpublishingcompanies.Heholdsnumerousindustrycertifications,includingCISSP,MCSE,CompTIAS+,N+,A+,andmanyothers.Hehasalsobeenrecognizedwithmanyprofessionalandteachingawards,andhehasservedasastate-levelSkillsUSAfinalcompetitionjudge.AaronKraus,CISSP,CCSP,isaninformationsecuritypractitioner,instructor,andauthorwhohasworkedacrossindustriesandaroundtheworld.Hehasspentmorethan15yearsasaconsultantorsecurityriskmanagerinroleswithgovernment,financialservices,andtechstartups,includingmostrecentlyincyberriskinsurance,andhasspent13yearsteaching,writing,anddevelopingsecuritycoursewareatLearningTreeInternational,whereheisalsodeanofcybersecuritycurriculum.Hiswritingandeditingexperienceincludesofficial(ISC)?referencebooks,practiceexams,andstudyguidesforbothCISSPandCCSP.
Page 15 of 31
CISSP Official Study Guide (2021) - Page 15 preview imageT=StudyX
Page 16 of 31
CISSP Official Study Guide (2021) - Page 16 preview imageContentsataGlanceIntroductionxxxviiAssessmentTestlixChapter1SecurityGovernanceThroughPrinciplesandPolicies1Chapter2PersonnelSecurityandRiskManagementConcepts43Chapter3BusinessContinuityPlanning113Chapter4Laws,Regulations,andCompliance143Chapter5ProtectingSecurityofAssets179Chapter6CryptographyandSymmetricKeyAlgorithms219Chapter7PKIandCryptographicApplications263Chapter8PrinciplesofSecurityModels,Design,andCapabilities309Chapter9SecurityVulnerabilities,Threats,andCountermeasures353Chapter10PhysicalSecurityRequirements447Chapter11SecureNetworkArchitectureandComponents495Chapter12SecureCommunicationsandNetworkAttacks581Chapter13ManagingIdentityandAuthentication637Chapter14ControllingandMonitoringAccess677Chapter15SecurityAssessmentandTesting723Chapter16ManagingSecurityOperations763Chapter17PreventingandRespondingtoIncidents801Chapter18DisasterRecoveryPlanning861Chapter19InvestigationsandEthics909Chapter20SoftwareDevelopmentSecurity941Chapter21MaliciousCodeandApplicationAttacks993AppendixAAnswerstoReviewQuestions1041AppendixBAnswerstoWrittenLabs1099Index1117
Page 17 of 31
CISSP Official Study Guide (2021) - Page 17 preview imageT=StudyX
Page 18 of 31
CISSP Official Study Guide (2021) - Page 18 preview imageContentsIntroductionxxxviiAssessmentTestlixChapter1SecurityGovernanceThroughPrinciplesandPolicies1Security1013UnderstandandApplySecurityConcepts4Confidentiality5Integrity6Availability7DAD,Overprotection,Authenticity,Non-repudiation,andAAAServices7ProtectionMechanisms11SecurityBoundaries13EvaluateandApplySecurityGovernancePrinciples14Third-PartyGovernance15DocumentationReview15ManagetheSecurityFunction16AlignmentofSecurityFunctiontoBusinessStrategy,Goals,Mission,andObjectives17OrganizationalProcesses19OrganizationalRolesandResponsibilities21SecurityControlFrameworks22DueDiligenceandDueCare23SecurityPolicy,Standards,Procedures,andGuidelines23SecurityPolicies24SecurityStandards,Baselines,andGuidelines24SecurityProcedures25ThreatModeling26IdentifyingThreats26DeterminingandDiagrammingPotentialAttacks28PerformingReductionAnalysis28PrioritizationandResponse30SupplyChainRiskManagement31Summary33ExamEssentials33WrittenLab36ReviewQuestions37
Page 19 of 31
CISSP Official Study Guide (2021) - Page 19 preview imagexviContentsChapter2PersonnelSecurityandRiskManagementConcepts43PersonnelSecurityPoliciesandProcedures45JobDescriptionsandResponsibilities45CandidateScreeningandHiring46Onboarding:EmploymentAgreementsandPolicies47EmployeeOversight48Offboarding,Transfers,andTerminationProcesses49Vendor,Consultant,andContractorAgreementsandControls52CompliancePolicyRequirements53PrivacyPolicyRequirements54UnderstandandApplyRiskManagementConcepts5sRiskTerminologyandConcepts56AssetValuation58IdentifyThreatsandVulnerabilities60RiskAssessment/Analysis60RiskResponses66Costvs.BenefitofSecurityControls69CountermeasureSelectionandImplementation72ApplicableTypesofControls74SecurityControlAssessment76MonitoringandMeasurement76RiskReportingandDocumentation77ContinuousImprovement77RiskFrameworks79SocialEngineering81SocialEngineeringPrinciples$3ElicitingInformation85Prepending85Phishing85SpearPhishing87Whaling87Smishing88Vishing88Spam89ShoulderSurfing90InvoiceScams90Hoax90ImpersonationandMasquerading91TailgatingandPiggybacking91DumpsterDiving92IdentityFraud93TypoSquatting94InfluenceCampaigns94
Page 20 of 31
CISSP Official Study Guide (2021) - Page 20 preview imageContentsxviiEstablishandMaintainaSecurityAwareness,Education,andTrainingProgram9%Awareness97Training97Education98Improvements98EffectivenessEvaluation99Summary100ExamEssentials101WrittenLab106ReviewQuestions107Chapter3BusinessContinuityPlanning113PlanningforBusinessContinuity114ProjectScopeandPlanning115OrganizationalReview116BCPTeamSelection117ResourceRequirements119LegalandRegulatoryRequirements120BusinessImpactAnalysis121IdentifyingPriorities122RiskIdentification123LikelihoodAssessment125ImpactAnalysis126ResourcePrioritization128ContinuityPlanning128StrategyDevelopment129ProvisionsandProcesses129PlanApprovalandImplementation131PlanApproval131PlanImplementation132TrainingandEducation132BCPDocumentation132Summary136ExamEssentials137WrittenLab138ReviewQuestions139Chapter4Laws,Regulations,andCompliance143CategoriesofLaws144CriminalLaw144CivilLaw146AdministrativeLaw146Laws147ComputerCrime147IntellectualProperty(IP)[+studyxy
Page 21 of 31
CISSP Official Study Guide (2021) - Page 21 preview imagexviiiContentsLicensing158Import/Export158Privacy160StatePrivacyLaws168Compliance169ContractingandProcurement171Summary171ExamEssentials172WrittenLab173ReviewQuestions174Chapter5ProtectingSecurityofAssets179IdentifyingandClassifyingInformationandAssets180DefiningSensitiveData180DefiningDataClassifications182DefiningAssetClassifications185UnderstandingDataStates185DeterminingComplianceRequirements186DeterminingDataSecurityControls186EstablishingInformationandAssetHandlingRequirements188DataMaintenance189DataLossPrevention189MarkingSensitiveDataandAssets190HandlingSensitiveInformationandAssets192DataCollectionLimitation192DataLocation193StoringSensitiveData193DataDestruction194EnsuringAppropriateDataandAssetRetention197DataProtectionMethods199DigitalRightsManagement199CloudAccessSecurityBroker200Pseudonymization200Tokenization201Anonymization202UnderstandingDataRoles204DataOwners204AssetOwners205Business/MissionOwners206DataProcessorsandDataControllers206DataCustodians207Administrators207UsersandSubjects208
Page 22 of 31
CISSP Official Study Guide (2021) - Page 22 preview imageContentsxixUsingSecurityBaselines208ComparingTailoringandScoping209StandardsSelection210Summary211ExamEssentials211WrittenLab213ReviewQuestions214Chapter6CryptographyandSymmetricKeyAlgorithms219CryptographicFoundations220GoalsofCryptography220CryptographyConcepts223CryptographicMathematics224Ciphers230ModernCryptography238CryptographicKeys238SymmetricKeyAlgorithms239AsymmetricKeyAlgorithms241HashingAlgorithms244SymmetricCryptography244CryptographicModesofOperation245DataEncryptionStandard247TripleDES247InternationalDataEncryptionAlgorithm248Blowfish249Skipjack249RivestCiphers249AdvancedEncryptionStandard250CAST250ComparisonofSymmetricEncryptionAlgorithms251SymmetricKeyManagement252CryptographicLifecycle255Summary255ExamEssentials256WrittenLab257ReviewQuestions258Chapter7PKIandCryptographicApplications263AsymmetricCryptography264PublicandPrivateKeys264RSA265ElGamal267EllipticCurve268Diffie-HellmanKeyExchange269QuantumCryptography270
Page 23 of 31
CISSP Official Study Guide (2021) - Page 23 preview imagexxContentsHashFunctions271SHA272MDS$273RIPEMD273ComparisonofHashAlgorithmValueLengths274DigitalSignatures275HMAC276DigitalSignatureStandard277PublicKeyInfrastructure277Certificates278CertificateAuthorities279CertificateLifecycle280CertificateFormats283AsymmetricKeyManagement284HybridCryptography285AppliedCryptography285PortableDevices285Email286WebApplications290SteganographyandWatermarking292Networking294EmergingApplications295CryptographicAttacks297Summary301ExamEssentials302WrittenLab303ReviewQuestions304Chapter8PrinciplesofSecurityModels,Design,andCapabilities309SecureDesignPrinciples310ObjectsandSubjects311ClosedandOpenSystems312SecureDefaults314FailSecurely314KeepItSimple316ZeroTrust317PrivacybyDesign319TrustburVerify319TechniquesforEnsuringCIA320Confinement320Bounds320Isolation321AccessControls321TrustandAssurance321
Page 24 of 31
CISSP Official Study Guide (2021) - Page 24 preview imageContentsxxiUnderstandtheFundamentalConceptsofSecurityModels322TrustedComputingBase323StateMachineModel325InformationFlowModel325NoninterferenceModel326Take-GrantModel326AccessControlMatrix327Bell-LaPadulaModel328BibaModel330Clark-WilsonModel333BrewerandNashModel334Goguen—MeseguerModel335SutherlandModel335Graham-DenningModel335Harrison-Ruzzo-UllmanModel336SelectControlsBasedonSystemsSecurityRequirements337CommonCriteria337AuthorizationtoOperate340UnderstandSecurityCapabilitiesofInformationSystems341MemoryProtection341Virtualization342TrustedPlatformModule342Interfaces343FaultTolerance343Encryption/Decryption343Summary343ExamEssentials344WrittenLab347ReviewQuestions348Chapter9SecurityVulnerabilities,Threats,andCountermeasures353SharedResponsibility354AssessandMitigatetheVulnerabilitiesofSecurityArchitectures,Designs,andSolutionElements355Hardware356Firmware370Client-BasedSystems372MobileCode372LocalCaches375Server-BasedSystems375Large-ScaleParallelDataSystems376GridComputing377PeertoPeer378
Page 25 of 31
CISSP Official Study Guide (2021) - Page 25 preview imagexxiiContentsIndustrialControlSystems378DistributedSystems380High-PerformanceComputing(HPC)Systems382InternetofThings383EdgeandFogComputing385EmbeddedDevicesandCyber-PhysicalSystems386StaticSystems387Network-EnabledDevices388Cyber-PhysicalSystems389ElementsRelatedtoEmbeddedandStaticSystems389SecurityConcernsofEmbeddedandStaticSystems390SpecializedDevices393Microservices394InfrastructureasCode395VirtualizedSystems397VirtualSoftware399VirtualizedNetworking400Software-DefinedEverything400VirtualizationSecurityManagement403Containerization405ServerlessArchitecture406MobileDevices406MobileDeviceSecurityFeatures408MobileDeviceDeploymentPolicies420EssentialSecurityProtectionMechanisms426ProcessIsolation426HardwareSegmentation427SystemSecurityPolicy427CommonSecurityArchitectureFlawsandIssues428CovertChannels428AttacksBasedonDesignorCodingFlaws430Rootkits431IncrementalAttacks431Summary432ExamEssentials433WrittenLab440ReviewQuestions441Chapter10PhysicalSecurityRequirements447ApplySecurityPrinciplestoSiteandFacilityDesign448SecureFacilityPlan448SiteSelection449FacilityDesign450
Page 26 of 31
CISSP Official Study Guide (2021) - Page 26 preview imageContentsiiImplementSiteandFacilitySecurityControls452EquipmentFailure453‘WiringClosets454ServerRooms/DataCenters455IntrusionDetectionSystems458Cameras460AccessAbuses462MediaStorageFacilities462EvidenceStorage463RestrictedandWorkAreaSecurity464UtilityConsiderations465FirePrevention,Detection,andSuppression470ImplementandManagePhysicalSecurity476PerimeterSecurityControls477InternalSecurityControls481KeyPerformanceIndicatorsofPhysicalSecurity483Summary484ExamEssentials485WrittenLab488ReviewQuestions489Chapter11SecureNetworkArchitectureandComponents495OSIModel497HistoryoftheOSIModel497OSIFunctionality498Encapsulation/Deencapsulation498OSILayers500TCP/IPModel504AnalyzingNetworkTraffic505CommonApplicationLayerProtocols506TransportLayerProtocols508DomainNameSystem509DNSPoisoning511DomainHijacking514InternetProtocol(IP)Networking5161Pv4vs.IPv6516IPClasses517ICMP519IGMP519ARPConcerns519SecureCommunicationProtocols521ImplicationsofMultilayerProtocols522ConvergedProtocols523VoiceoverInternetProtocol(VoIP)524Software-DefinedNetworking525
Page 27 of 31
CISSP Official Study Guide (2021) - Page 27 preview imagexxivContentsMicrosegmentation526WirelessNetworks527SecuringtheSSID529WirelessChannels529ConductingaSiteSurvey530WirelessSecurity531Wi-FiProtectedSetup(WPS)533WirelessMACFilter534WirelessAntennaManagement534UsingCaptivePortals535GeneralWi-FiSecurityProcedure535WirelessCommunications536WirelessAttacks539OtherCommunicationProtocols543CellularNetworks544ContentDistributionNetworks(CDNs)545SecureNetworkComponents545SecureOperationofHardware546CommonNetworkEquipment547NetworkAccessControl549Firewalls550EndpointSecurity556Cabling,Topology,andTransmissionMediaTechnology~~559TransmissionMedia559NetworkTopologies563Ethernet565Sub-Technologies566Summary569ExamEssentials570WrittenLab574ReviewQuestions575Chapter12SecureCommunicationsandNetworkAttacks581ProtocolSecurityMechanisms582AuthenticationProtocols582PortSecurity585QualityofService(QoS)585SecureVoiceCommunications586PublicSwitchedTelephoneNetwork586VoiceoverInternetProtocol(VoIP)586VishingandPhreaking588PBXFraudandAbuse589RemoteAccessSecurityManagement590RemoteAccessandTelecommutingTechniques591RemoteConnectionSecurity591PlanaRemoteAccessSecurityPolicy[+Stuy|
Page 28 of 31
CISSP Official Study Guide (2021) - Page 28 preview imageContentsovMultimediaCollaboration593RemoteMeeting593InstantMessagingandChat594LoadBalancing595VirtualIPsandLoadPersistence596Active-Activevs.Active-Passive596ManageEmailSecurity596EmailSecurityGoals597UnderstandEmailSecurityIssues599EmailSecuritySolutions599VirtualPrivateNetwork602Tunneling603HowVPNsWork604Always-On606SplitTunnelvs.FullTunnel607CommonVPNProtocols607SwitchingandVirtualLANs610NetworkAddressTranslation614PrivateIPAddresses616StatefulNAT617AutomaticPrivateIPAddressing617Third-PartyConnectivity618SwitchingTechnologies620CircuitSwitching620PacketSwitching620VirtualCircuits621WANTechnologies622Fiber-OpticLinks624SecurityControlCharacteristics624Transparency625TransmissionManagementMechanisms625PreventorMitigateNetworkAttacks625Eavesdropping626ModificationAttacks626Summary626ExamEssentials628WrittenLab630ReviewQuestions631Chapter13ManagingIdentityandAuthentication637ControllingAccesstoAssets639ControllingPhysicalandLogicalAccess640TheCIATriadandAccessControls640ManagingIdentificationandAuthentication641ComparingSubjectsandObjects642
Page 29 of 31
CISSP Official Study Guide (2021) - Page 29 preview imagexviContentsRegistration,Proofing,andEstablishmentofIdentity643AuthorizationandAccountability644AuthenticationFactorsOverview645SomethingYouKnow647SomethingYouHave650SomethingYouAre651MultifactorAuthentication(MFA)655Two-FactorAuthenticationwithAuthenticatorApps655PasswordlessAuthentication656DeviceAuthentication657ServiceAuthentication658MutualAuthentication659ImplementingIdentityManagement659SingleSign-On659SSOandFederatedIdentities660CredentialManagementSystems662CredentialManagerApps663ScriptedAccess663SessionManagement663ManagingtheIdentityandAccessProvisioningLifecycle664ProvisioningandOnboarding665DeprovisioningandOffboarding666DefiningNewRoles667AccountMaintenance667AccountAccessReview667Summary668ExamEssentials669WrittenLab671ReviewQuestions672Chapter14ControllingandMonitoringAccess677ComparingAccessControlModels678ComparingPermissions,Rights,andPrivileges678UnderstandingAuthorizationMechanisms679DefiningRequirementswithaSecurityPolicy681IntroducingAccessControlModels681DiscretionaryAccessControl682NondiscretionaryAccessControl683ImplementingAuthenticationSystems690ImplementingSSOontheInternet691ImplementingSSOonInternalNetworks694UnderstandingAccessControlAttacks699RiskElements700CommonAccessControlAttacks700CoreProtectionMethods713
Page 30 of 31
CISSP Official Study Guide (2021) - Page 30 preview imageContentsviiSummary714ExamEssentials715WrittenLab717ReviewQuestions718Chapter15SecurityAssessmentandTesting723BuildingaSecurityAssessmentandTestingProgram725SecurityTesting725SecurityAssessments726SecurityAudits727PerformingVulnerabilityAssessments731DescribingVulnerabilities731VulnerabilityScans732PenetrationTesting742ComplianceChecks745TestingYourSoftware746CodeReviewandTesting746InterfaceTesting751MisuseCaseTesting751TestCoverageAnalysis752‘WebsiteMonitoring752ImplementingSecurityManagementProcesses753LogReviews753AccountManagement754DisasterRecoveryandBusinessContinuity754TrainingandAwareness755KeyPerformanceandRiskIndicators755Summary756ExamEssentials756WrittenLab758ReviewQuestions759Chapter16ManagingSecurityOperations763ApplyFoundationalSecurityOperationsConcepts765NeedtoKnowandLeastPrivilege765SeparationofDuties(SoD)andResponsibilities767Two-PersonControl768JobRotation768MandatoryVacations768PrivilegedAccountManagement769ServiceLevelAgreements(SLAs)771AddressingPersonnelSafetyandSecurity771Duress771Travel772
Page 31 of 31
CISSP Official Study Guide (2021) - Page 31 preview imageviiiContentsEmergencyManagement773SecurityTrainingandAwareness773ProvisionResourcesSecurely773InformationandAssetOwnership774AssetManagement774ApplyResourceProtection776MediaManagement776MediaProtectionTechniques776ManagedServicesintheCloud779SharedResponsibilitywithCloudServiceModels780ScalabilityandElasticity782PerformConfigurationManagement(CM)782Provisioning783Baselining783UsingImagesforBaselining783Automation784ManagingChange785ChangeManagement787Versioning788ConfigurationDocumentation788ManagingPatchesandReducingVulnerabilities789SystemstoManage789PatchManagement789VulnerabilityManagement791VulnerabilityScans792CommonVulnerabilitiesandExposures792Summary793ExamEssentials794WrittenLab796ReviewQuestions797Chapter17PreventingandRespondingtoIncidents801ConductingIncidentManagement803DefininganIncident803IncidentManagementSteps804ImplementingDetectiveandPreventiveMeasures810BasicPreventiveMeasures810UnderstandingAttacks811IntrusionDetectionandPreventionSystems820SpecificPreventiveMeasures828LoggingandMonitoring834LoggingTechniques834TheRoleofMonitoring837MonitoringTechniques840
Preview Mode

This document has 1250 pages. Sign in to access the full document!

Study Now!

X-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
Document Chat

Document Details

Subject
Certified Information Systems Security Professional

Related Documents

View all
Certification Guides

ISC2 CISSP Certified Information Systems Security Professional Official Practice Tests, 4th Edition (2024)

4.2
00
Certification Guides

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024)

4.4
00
Certification Guides

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide and Practice Tests (2024)

4.2
00
Certification Guides

The Official ISC2 CISSP CBK Reference (2021)

4.7
53
Certification Guides

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021)

4.1
109
Certification Guides

CISSP Official Practice Tests (2021)

4.1
109
Certification Guides

CISSP All-in-One Exam Guide (2021)

4.6
145
Certification Guides

All in One CISSP Exam Guide (2022)

5.0
143
Certification Guides

Official ISC2 Guide to the CISSP CBK (2019)

4.5
40
Certification Guides

CISSP Cert Guide (2022)

4.6
148