CramX Logo
RegisterLog in

CISSP Exam Cram, 5th Edition (2021)

CISSP Exam Cram, 5th Edition (2021) is the ultimate study tool to help you pass your exam on the first try.

Sebastian Lopez
Contributor
4.7
45
about 1 year ago
Preview (31 of 754 Pages)
100%
Log in to unlock

Page 1

CISSP Exam Cram, 5th Edition (2021) - Page 1 preview image

Loading page ...

Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 2

CISSP Exam Cram, 5th Edition (2021) - Page 2 preview image

Loading page ...

Page 3

CISSP Exam Cram, 5th Edition (2021) - Page 3 preview image

Loading page ...

CompTIA®Security+ SY0-601Exam Cram,Companion WebsiteAccess interactive study tools on this book’s companion website,including practice test software, Glossary, and Cram Sheet.To access the companion website, simply follow these steps:1. Go towww.pearsonitcertification.com/register.2. Enter the print book ISBN:9780136798675.3. Answer the security question to validate your purchase.4. Go to your account page.5. Click on the Registered Products tab.6. Under the book listing, click on the Access Bonus Content link.If you have any issues accessing the companion website, you cancontact our support team by going tohttp://pearsonitp.echelp.org.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 4

CISSP Exam Cram, 5th Edition (2021) - Page 4 preview image

Loading page ...

CompTIA®Security+SY0-601Exam CramMarty M. WeissPearson221 River StreetHoboken, NJ 07030 USAHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 5

CISSP Exam Cram, 5th Edition (2021) - Page 5 preview image

Loading page ...

CompTIA®Security+ SY0-601 Exam CramCopyright © 2021 by Pearson Education, Inc.All rights reserved. This publication is protected by copyright, andpermission must be obtained from the publisher prior to any prohibitedreproduction, storage in a retrieval system, or transmission in any form orby any means, electronic, mechanical, photocopying, recording, or likewise.For information regarding permissions, request forms, and the appropriatecontacts within the Pearson Education Global Rights & PermissionsDepartment, please visit www.pearson.com/permissions.No patent liability is assumed with respect to the use of the informationcontained herein. Although every precaution has been taken in thepreparation of this book, the publisher and author assume no responsibilityfor errors or omissions. Nor is any liability assumed for damages resultingfrom the use of the information contained herein.ISBN-13: 978-0-13-679867-5ISBN-10: 0-13-679867-5Library of Congress Control Number: 20209145280222TrademarksAll terms mentioned in this book that are known to be trademarks or servicemarks have been appropriately capitalized. Pearson IT Certification cannotattest to the accuracy of this information. Use of a term in this book shouldnot be regarded as affecting the validity of any trademark or service mark.Warning and DisclaimerEvery effort has been made to make this book as complete and as accurateas possible, but no warranty or fitness is implied. The information providedis on an “as is” basis. The author and the publisher shall have neitherliability nor responsibility to any person or entity with respect to any loss ordamages arising from the information contained in this book.Special SalesFor information about buying this title in bulk quantities, or for special salesopportunities (which may include electronic versions; custom cover designs;and content particular to your business, training goals, marketing focus,or branding interests), please contact our corporate sales department atcorpsales@pearsoned.com or (800) 382-3419.For government sales inquiries, please contactgovernmentsales@pearsoned.com.For questions about sales outside the U.S., please contactintlcs@pearson.com.Editor-in-ChiefMark TaubDirector,ITP ProductManagementBrett BartowExecutive EditorNancy DavisDevelopmentEditorEllie C. BruManaging EditorSandra SchroederProject EditorMandie FrankCopy EditorKitty WilsonIndexerKen JohnsonProofreaderDonna MulderTechnical EditorChristopherCraytonPublishingCoordinatorCindy TeetersDesignerChuti PrasertsithCompositorcodeMantraHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 6

CISSP Exam Cram, 5th Edition (2021) - Page 6 preview image

Loading page ...

CreditsFigure NumberAttribution/CreditFigure 2-1Screenshot of an example of what user’s see whenthey were infected with ransomware © WannaCryFigure 5-1Screenshot of an example of an interactive threat map© 2018 AO Kaspersky LabFigure 10-4Screenshot of The AWS Management Console© 2020, Amazon Web Services, Inc.Figure 12-1Courtesy of Apple, Inc.Figure 23-1Screenshot of Windows local security policysettings for the account lockout policy © Microsoft2020Figure 23-2Screenshot of Windows local security policysettings for the password policy © Microsoft 2020Figure 24-1Screenshot of Standard Microsoft Windows filepermissions © Microsoft 2020Figure 25-1Screenshot of details of a digital certificate © 2020Apple Inc.Figure 26-1Screenshot of using a command-line interface toaccess a remote computer by using SSH © 2020Apple, Inc.Figure 26-2Screenshot of using the cURL command to returnthe source code of a web page © 2020 Apple, Inc.Figure 26-3Screenshot of using the ping command-line utility© 2020 Apple, Inc.Figure 28-1Screenshot of an example of a SIEM system secu-rity dashboard © security information and eventmanagementFigure 28-2Screenshot of Microsoft Windows Event ViewerSecurity log © Microsoft 2020Figure 28-3Screenshot of Activity Monitor for macOS © 2020Apple, Inc.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 7

CISSP Exam Cram, 5th Edition (2021) - Page 7 preview image

Loading page ...

Contents at a GlanceIntroductionxxviiPart I: Attacks, Threats, and Vulnerabilities1CHAPTER 1Social Engineering Techniques3CHAPTER 2Attack Basics15CHAPTER 3Application Attacks35CHAPTER 4Network Attacks53CHAPTER 5Threat Actors, Vectors, and Intelligence Sources73CHAPTER 6Vulnerabilities89CHAPTER 7Security Assessment Techniques99CHAPTER 8Penetration Testing Techniques111Part II: Architecture and Design121CHAPTER 9Enterprise Security Concepts123CHAPTER 10Virtualization and Cloud Computing145CHAPTER 11Secure Application Development, Deployment, andAutomation165CHAPTER 12Authentication and Authorization Design189CHAPTER 13Cybersecurity Resilience205CHAPTER 14Embedded and Specialized Systems225CHAPTER 15Physical Security Controls239CHAPTER 16Cryptographic Concepts261Part III: Implementation279CHAPTER 17Secure Protocols281CHAPTER 18Host and Application Security Solutions307CHAPTER 19Secure Network Design339CHAPTER 20Wireless Security Settings371CHAPTER 21Secure Mobile Solutions389CHAPTER 22Cloud Cybersecurity Solutions421CHAPTER 23Identity and Account Management Controls433Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 8

CISSP Exam Cram, 5th Edition (2021) - Page 8 preview image

Loading page ...

vContents at a GlanceCHAPTER 24Authentication and Authorization Solutions449CHAPTER 25Public Key Infrastructure473Part IV: Operations and Incident Response491CHAPTER 26Organizational Security493CHAPTER 27Incident Response509CHAPTER 28Incident Investigation529CHAPTER 29Incident Mitigation541CHAPTER 30Digital Forensics551Part V: Governance, Risk, and Compliance567CHAPTER 31Control Types569CHAPTER 32Regulations, Standards, and Frameworks575CHAPTER 33Organizational Security Policies583CHAPTER 34Risk Management597CHAPTER 35Sensitive Data and Privacy613Glossary of Essential Terms and Components625Index655Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 9

CISSP Exam Cram, 5th Edition (2021) - Page 9 preview image

Loading page ...

Table of ContentsIntroduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxviiPart I: Attacks, Threats, and Vulnerabilities1CHAPTER 1:Social Engineering Techniques. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3The Social Engineer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4Tailgating. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5Dumpster Diving. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5Shoulder Surfing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6Phishing and Related Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6Watering Hole Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Typo Squatting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Hoaxes and Influence Campaigns. . . . . . . . . . . . . . . . . . . . . . .10Principles of Influence (Reasons for Effectiveness). . . . . . . . . . . . . . .10What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14CHAPTER 2:Attack Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15Malware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16Viruses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17Worms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19Trojan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19Rootkits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20Logic Bombs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22Bots. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22Crypto-Malware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23Potentially Unwanted Programs (PUPs). . . . . . . . . . . . . . . . . .25Spyware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25Adware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25Cryptomining Software. . . . . . . . . . . . . . . . . . . . . . . . .26Physical Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26Adversarial Artificial Intelligence (AI). . . . . . . . . . . . . . . . . . . . . . . .27Password Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28Birthday Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30Downgrade Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 10

CISSP Exam Cram, 5th Edition (2021) - Page 10 preview image

Loading page ...

Table of ContentsviiCHAPTER 3:Application Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35Race Conditions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36Improper Software Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37Resource Exhaustion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37Overflows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38Code Injections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39Driver Manipulation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40Request Forgeries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41Directory Traversal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44Replay Attack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45Secure Sockets Layer (SSL) Stripping. . . . . . . . . . . . . . . . . . . . . . . .45Application Programming Interface (API) Attacks. . . . . . . . . . . . . . . .47Pass-the-Hash Attack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52CHAPTER 4:Network Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53Wireless. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54Short-Range Wireless Communications. . . . . . . . . . . . . . . . . .56Bluetooth. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56Near-Field Communication. . . . . . . . . . . . . . . . . . . . . . .57RFID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57On-Path Attack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58Layer 2 Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59MAC Spoofing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60ARP Poisoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60MAC Flooding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61Port Stealing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61Domain Name System (DNS) Attacks. . . . . . . . . . . . . . . . . . . . . . . .62Domain Hijacking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62Universal Resource Locator (URL) Redirection. . . . . . . . . . . . .62DNS Poisoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63Denial of Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64Distributed DoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66Malicious Code and Script Execution. . . . . . . . . . . . . . . . . . . . . . . .68What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 11

CISSP Exam Cram, 5th Edition (2021) - Page 11 preview image

Loading page ...

viiiCompTIA®Security+ SY0-601 Exam CramCHAPTER 5:Threat Actors, Vectors, and Intelligence Sources. . . . . . . . . . . . . . . . . . .73Threat Actor Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74Threat Actor Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75Script Kiddies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76Insiders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77Hacktivists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78Criminal Syndicates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78Competitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78State Actors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79Vectors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80Threat Intelligence and Research Sources. . . . . . . . . . . . . . . . . . . . .81Sharing Centers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81Open-Source Intelligence. . . . . . . . . . . . . . . . . . . . . . . . . . . .82What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87CHAPTER 6:Vulnerabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89Cloud-Based vs. On-Premises. . . . . . . . . . . . . . . . . . . . . . . . . . . . .90Zero-Day. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90Weak Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91Improper or Weak Patch Management. . . . . . . . . . . . . . . . . . .94Third-Party Risks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95Impacts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98CHAPTER 7:Security Assessment Techniques. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99Vulnerability Scans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100Intrusive vs. Non-Intrusive. . . . . . . . . . . . . . . . . . . . . . . . . . .102Credentialed vs. Non-Credentialed. . . . . . . . . . . . . . . . . . . . . .103Threat Assessment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103Security Information and Event Management (SIEM). . . . . . . . .104Threat Hunting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107Security Orchestration, Automation, and Response (SOAR). . . . .108What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 12

CISSP Exam Cram, 5th Edition (2021) - Page 12 preview image

Loading page ...

Table of ContentsixCHAPTER 8:Penetration Testing Techniques. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111Testing Methodology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115Discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115Attack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117Reporting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118Team Exercises. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120Part II: Architecture and Design121CHAPTER 9:Enterprise Security Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123Configuration Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124Data Confidentiality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126Data Loss Prevention. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127Cloud Access Security Brokers. . . . . . . . . . . . . . . . . . . . .128Encryption and Data Obfuscation. . . . . . . . . . . . . . . . . . . . . . .129Rights Management. . . . . . . . . . . . . . . . . . . . . . . . . . . .132Hardware Security Module (HSM). . . . . . . . . . . . . . . . . .133Encrypted Traffic Management. . . . . . . . . . . . . . . . . . . .134Data Integrity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135Data Availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136Site Resiliency. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137Geographic Considerations. . . . . . . . . . . . . . . . . . . . . . .138Deception and Disruption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143CHAPTER 10:Virtualization and Cloud Computing. . . . . . . . . . . . . . . . . . . . . . . . . . . .145Virtualization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145Hypervisors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146Type I Hypervisors. . . . . . . . . . . . . . . . . . . . . . . . . . . . .146Type II Hypervisors. . . . . . . . . . . . . . . . . . . . . . . . . . . .147Type I vs. Type II Hypervisors. . . . . . . . . . . . . . . . . . . . .147Containers and Microservices. . . . . . . . . . . . . . . . . . . . . . . . .148Virtual Desktop Infrastructure (VDI). . . . . . . . . . . . . . . . . . . .150Virtual Machine (VM) Sprawl Avoidance. . . . . . . . . . . . . . . . . .151VM Escape Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 13

CISSP Exam Cram, 5th Edition (2021) - Page 13 preview image

Loading page ...

xCompTIA®Security+ SY0-601 Exam CramSoftware-Defined Networking (SDN). . . . . . . . . . . . . . . . . . . .152Infrastructure as Code (IaC). . . . . . . . . . . . . . . . . . . . . . . . . .153On-Premises vs. Off-Premises. . . . . . . . . . . . . . . . . . . . . . . . . . . . .154Cloud Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155Service Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156IaaS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158PaaS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159SaaS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159Deployment Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161Private. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161Public. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161Hybrid. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162Community. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164CHAPTER 11:Secure Application Development, Deployment, and Automation. . . . . . . .165Application Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166Development and Testing. . . . . . . . . . . . . . . . . . . . . . . . . . . .166Staging and Production. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167Provisioning and Deprovisioning. . . . . . . . . . . . . . . . . . . . . . .168Integrity Measurement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168Change Management and Version Control. . . . . . . . . . . . . . . . . . . . .169Secure Coding Techniques. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170Normalization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172Stored Procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173Encryption, Obfuscation, and Camouflage. . . . . . . . . . . . . . . . .173Code Reuse and Dead Code. . . . . . . . . . . . . . . . . . . . . . . . . .174Use of Third-Party Libraries and SDKs. . . . . . . . . . . . . . . . . .175Server-Side vs. Client-Side Execution and Validation. . . . . . . . .175Data Exposure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176Proper Error Handling. . . . . . . . . . . . . . . . . . . . . . . . . .176Proper Input Validation. . . . . . . . . . . . . . . . . . . . . . . . .177Code Signing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178Memory Management. . . . . . . . . . . . . . . . . . . . . . . . . .179Automation and Scripting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180Secure DevOps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181Scalability and Elasticity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 14

CISSP Exam Cram, 5th Edition (2021) - Page 14 preview image

Loading page ...

Table of ContentsxiCHAPTER 12:Authentication and Authorization Design. . . . . . . . . . . . . . . . . . . . . . . .189Identification and Authentication, Authorization, andAccounting (AAA). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189Multifactor Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190Single Sign-on. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192Federation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193Transitive Trust. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194Authentication Technologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195Tokens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195Biometrics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198Card Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200Certificate-Based Authentication. . . . . . . . . . . . . . . . . . . . . . .201What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204CHAPTER 13:Cybersecurity Resilience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205Redundancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205High Availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208Load Balancers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209NIC Teaming. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211RAID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211Backups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214Full Backups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217Differential Backups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217Incremental Backups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218Copies and Snapshots. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218Non-persistence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219Revert to Known State or Good Configuration. . . . . . . . .220Live Boot Media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221Defense in Depth. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224CHAPTER 14:Embedded and Specialized Systems. . . . . . . . . . . . . . . . . . . . . . . . . . .225Embedded Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225SoC and RTOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226SCADA and ICS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227Smart Devices and IoT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229Heating, Ventilation, Air Conditioning (HVAC). . . . . . . . . . . . .231Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 15

CISSP Exam Cram, 5th Edition (2021) - Page 15 preview image

Loading page ...

xiiCompTIA®Security+ SY0-601 Exam CramMultifunction Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232Surveillance Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233Special-Purpose Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . .233Medical Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233Vehicles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234Aircraft and UAV. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235Resource Constraints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238CHAPTER 15:Physical Security Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239Perimeter Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239Signs, Fencing, and Gates. . . . . . . . . . . . . . . . . . . . . . . . . . . .240Lighting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241Barricades and Bollards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241Cameras. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242Security Guards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242Internal Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243Alarms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244Motion and Infrared Detection. . . . . . . . . . . . . . . . . . . . . . . .244Access Control Vestibules. . . . . . . . . . . . . . . . . . . . . . . . . . . .245Locks and Lock Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245Equipment Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246Cable Locks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246Cages and Safes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246Locking Cabinets and Enclosures. . . . . . . . . . . . . . . . . . . . . . .247Screen Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248Air Gaps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248Environmental Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249Protected Cabling, Protected Distribution, and Faraday Cages. . .249HVAC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251Fire Suppression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252Hot and Cold Aisles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254Secure Data Destruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259CHAPTER 16:Cryptographic Concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .261Cryptosystems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .262Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 16

CISSP Exam Cram, 5th Edition (2021) - Page 16 preview image

Loading page ...

Table of ContentsxiiiKeys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .262Key Exchange. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263Symmetric Algorithms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264Asymmetric Algorithms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266Elliptic Curve and Emerging Cryptography. . . . . . . . . . . . . . . .268Session Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268Nonrepudiation and Digital Signatures. . . . . . . . . . . . . . . . . . .269Hashing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .271Use of Proven Technologies and Implementation. . . . . . . . . . . . . . . .272Steganography. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273Cryptography Use Cases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .274Cryptography Constraints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277Part III: Implementation279CHAPTER 17:Secure Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .281Secure Web Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282Internet Protocol Security (IPsec). . . . . . . . . . . . . . . . . . . . . . .284Secure File Transfer Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . .286Secure Email Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .287Secure Internet Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288Lightweight Directory Access Protocol (LDAP). . . . . . . . . . . . .289Secure Real-Time Transport Protocol (SRTP). . . . . . . . . . . . . .290Simple Network Management Protocol (SNMP). . . . . . . . . . . .290Secure Protocol Use Cases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293Secure Web Communication. . . . . . . . . . . . . . . . . . . . . . . . . .293Using HTTPS for Web Communications. . . . . . . . . . . . .293Using SSL/TLS for Remote Access. . . . . . . . . . . . . . . . .294Using DNSSEC for Domain Name Resolution. . . . . . . . .294Secure File Transfer Communication. . . . . . . . . . . . . . . . . . . .295Using FTPS and SFTP for File Transfer. . . . . . . . . . . . . .295Secure Email Communications. . . . . . . . . . . . . . . . . . . . . . . .296Using S/MIME, POP3S, and IMAPS for Email. . . . . . . . .296Securing Internal Communications. . . . . . . . . . . . . . . . . . . . . .297Using SRTP for Voice and Video. . . . . . . . . . . . . . . . . . .297Using LDAPS for Directory Services. . . . . . . . . . . . . . . .298Using SNMPv3 with Routing and Switching. . . . . . . . . . .298Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 17

CISSP Exam Cram, 5th Edition (2021) - Page 17 preview image

Loading page ...

xivCompTIA®Security+ SY0-601 Exam CramUsing Network Address Allocation. . . . . . . . . . . . . . . . . .299Using Time Synchronization. . . . . . . . . . . . . . . . . . . . . .302Using Subscription Services. . . . . . . . . . . . . . . . . . . . . .303What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .305CHAPTER 18:Host and Application Security Solutions. . . . . . . . . . . . . . . . . . . . . . . . .307Endpoint Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .308Firewalls and HIPS/HIDS Solutions. . . . . . . . . . . . . . . . . . . . .308Anti-Malware and Other Host Protections. . . . . . . . . . . . . . . .310Endpoint Detection and Response (EDR). . . . . . . . . . . . .314Data Execution Prevention (DEP). . . . . . . . . . . . . . . . . .314Data Loss Prevention (DLP). . . . . . . . . . . . . . . . . . . . . .315Removable Media Control. . . . . . . . . . . . . . . . . . . . . . .316Application Allow/Block Lists. . . . . . . . . . . . . . . . . . . . . . . . .317Web Application Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . .317Application Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .318Code Analyzers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319Static Code Analyzers. . . . . . . . . . . . . . . . . . . . . . . . . . .319Dynamic Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319Stress Testing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321Application Sandboxing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321Hardware and Firmware Security. . . . . . . . . . . . . . . . . . . . . . . . . . .322FDE and SED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322TPM and HSM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324Boot Integrity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326Boot Attestation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328Hardware Root of Trust. . . . . . . . . . . . . . . . . . . . . . . . . . . . .329Operating System Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .330Patch Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .331Disabling Unnecessary Ports and Services. . . . . . . . . . . . . . . . .332Least Functionality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335Secure Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335Trusted Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . .336What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338CHAPTER 19:Secure Network Design. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .339Network Devices and Segmentation. . . . . . . . . . . . . . . . . . . . . . . . .340Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 18

CISSP Exam Cram, 5th Edition (2021) - Page 18 preview image

Loading page ...

Table of ContentsxvRouters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .340Network Address Translation (NAT). . . . . . . . . . . . . . . .341Switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .342Port Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343Virtual Local Area Network (VLAN). . . . . . . . . . . . . . . . . . . .344Bridges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .345Security Devices and Boundaries. . . . . . . . . . . . . . . . . . . . . . . . . . .347Screened Subnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350Web Application Firewalls. . . . . . . . . . . . . . . . . . . . . . . . . . . .353Proxies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .354Unified Threat Management (UTM). . . . . . . . . . . . . . . . . . . .357VPN Concentrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .358NIDS and NIPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .360Detection Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . .362Analytics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .364Network Access Control (NAC). . . . . . . . . . . . . . . . . . . . . . . .365What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369CHAPTER 20:Wireless Security Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .371Access Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372Wireless Cryptographic Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . .373Wired Equivalent Privacy (WEP). . . . . . . . . . . . . . . . . . . . . . .374Wi-Fi Protected Access (WPA). . . . . . . . . . . . . . . . . . . . . . . .375Temporal Key Integrity Protocol. . . . . . . . . . . . . . . . . . .376Counter Mode with Cipher Block Chaining MessageAuthentication Code Protocol. . . . . . . . . . . . . . . . . . . .376Wi-Fi Protected Access Version 2 (WPA2). . . . . . . . . . . . . . . . .376Wi-Fi Protected Access Version 3 (WPA3). . . . . . . . . . . . . . . . .377Authentication Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .377Wireless Access Installations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379Antenna Types, Placement, and Power. . . . . . . . . . . . . . . . . . .380MAC Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .383Disabling SSID Broadcast. . . . . . . . . . . . . . . . . . . . . . . . . . . .384What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .387CHAPTER 21:Secure Mobile Solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .389Communication Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .389Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 19

CISSP Exam Cram, 5th Edition (2021) - Page 19 preview image

Loading page ...

xviCompTIA®Security+ SY0-601 Exam CramMobile Device Management Concepts. . . . . . . . . . . . . . . . . . . . . . .393Device, Application, and Content Management. . . . . . . . . . . . .393Mobile Device Management. . . . . . . . . . . . . . . . . . . . . .394Mobile Content Management. . . . . . . . . . . . . . . . . . . . .394Mobile Application Management. . . . . . . . . . . . . . . . . . .395Protections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .398Screen Locks, Passwords, and PINs. . . . . . . . . . . . . . . . .398Biometrics and Context-Aware Authentication. . . . . . . . . .398Remote Wiping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .399Geolocation, Geofencing, and Push Notifications. . . . . . . .400Storage Segmentation and Containerization. . . . . . . . . . .402Full Device Encryption (FDE). . . . . . . . . . . . . . . . . . . . .403Enforcement and Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .405Jailbreaking and Rooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . .405Custom Firmware, Carrier Unlocking, and OTA Updates. .406Third-Party App Stores and Sideloading. . . . . . . . . . . . . .407Storage and USB OTG. . . . . . . . . . . . . . . . . . . . . . . . .408Enforcement for Normal Device Functions. . . . . . . . . . . .409Wi-Fi Methods, Tethering, and Payments. . . . . . . . . . . . .410Deployment Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .412BYOD, CYOD, COPE, and Corporate-Owned Devices. . . . . . .412Virtual Desktop Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . .413Deployment Strategies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .414Architecture/Infrastructure Considerations. . . . . . . . . . . .414Adherence to Corporate Policies and Acceptable Use. . . . .415Legal Concerns. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .416Privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .416Data Ownership and Support. . . . . . . . . . . . . . . . . . . . .417Patch and Antivirus Management. . . . . . . . . . . . . . . . . . .417Forensics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .418What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .420CHAPTER 22:Cloud Cybersecurity Solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .421Cloud Workloads. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422Regions and Availability Zones. . . . . . . . . . . . . . . . . . . . . . . . .423Virtual Private Cloud (VPC). . . . . . . . . . . . . . . . . . . . . . . . . .423Security Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .424Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 20

CISSP Exam Cram, 5th Edition (2021) - Page 20 preview image

Loading page ...

Table of ContentsxviiManaging Secrets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .426Central Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427Third-Party Cloud Security Solutions. . . . . . . . . . . . . . . . . . . . . . . .428What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431CHAPTER 23:Identity and Account Management Controls. . . . . . . . . . . . . . . . . . . . . .433Account Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .433Account Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .435Onboarding and Offboarding. . . . . . . . . . . . . . . . . . . . . . . . . .435Least Privilege. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436Access Auditing and Reviews. . . . . . . . . . . . . . . . . . . . . . . . . .436Time of Day and Location Restrictions. . . . . . . . . . . . . . . . . . .438Logical Access Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . .439Account Policy Enforcement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .441Password Complexity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .442Account Expiration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .442Forgotten Passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .443Account Lockout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .443Password Age and History. . . . . . . . . . . . . . . . . . . . . . . . . . . .444Password Length and Rotation. . . . . . . . . . . . . . . . . . . . . . . . .445What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .448CHAPTER 24:Authentication and Authorization Solutions. . . . . . . . . . . . . . . . . . . . . . .449Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .450Unencrypted Plaintext Credentials. . . . . . . . . . . . . . . . . . . . . .451Filesystem Permissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .452Access Violations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .456Authentication Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .457Authentication Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . .457802.1X. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459AAA Protocols and Services. . . . . . . . . . . . . . . . . . . . . . . . . . .459Federated Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461Kerberos. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .464Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466Privileged Access Management. . . . . . . . . . . . . . . . . . . . . . . . .469What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .472Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 21

CISSP Exam Cram, 5th Edition (2021) - Page 21 preview image

Loading page ...

xviiiCompTIA®Security+ SY0-601 Exam CramCHAPTER 25:Public Key Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .473PKI Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .474Certificate Authority (CA). . . . . . . . . . . . . . . . . . . . . . . . . . . .475Certification Practice Statement. . . . . . . . . . . . . . . . . . . .476Trust Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .476Key Escrow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .477Digital Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .478Public and Private Key Usage. . . . . . . . . . . . . . . . . . . . .480Certificate Signing Request. . . . . . . . . . . . . . . . . . . . . . .481Certificate Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .482Certificate Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .482Certificate Formats. . . . . . . . . . . . . . . . . . . . . . . . . . . .484Certificate Revocation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .486OCSP Stapling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .487Pinning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .488What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .489Part IV: Operations and Incident Response491CHAPTER 26:Organizational Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .493Shell and Script Environments. . . . . . . . . . . . . . . . . . . . . . . . . . . . .494Network Reconnaissance and Discovery. . . . . . . . . . . . . . . . . . . . . .496Exploitation Frameworks. . . . . . . . . . . . . . . . . . . . . . . . . . . . .502Packet Capture and Replay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .502Password Crackers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .504Forensics and Data Sanitization. . . . . . . . . . . . . . . . . . . . . . . . . . . .505What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .508CHAPTER 27:Incident Response. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .509Attack Frameworks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .509Cyber Kill Chain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .510MITRE ATT&CK. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .510Diamond Model of Intrusion Analysis. . . . . . . . . . . . . . . . . . . .511Incident Response Plan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .512Documented Incident Type/Category Definitions. . . . . . . . . . . .513Roles and Responsibilities. . . . . . . . . . . . . . . . . . . . . . . . . . . .513Reporting Requirements and Escalation. . . . . . . . . . . . . . . . . .514Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 22

CISSP Exam Cram, 5th Edition (2021) - Page 22 preview image

Loading page ...

Table of ContentsxixCyber-Incident Response Teams. . . . . . . . . . . . . . . . . . . . . . . .515Training, Tests, and Exercises. . . . . . . . . . . . . . . . . . . . . . . . . .516Incident Response Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .517Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .517Incident Identification and Analysis. . . . . . . . . . . . . . . . . . . . .518Containment, Eradication, and Recovery. . . . . . . . . . . . . . . . . .519Post-Incident Activities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .521Continuity and Recovery Plans. . . . . . . . . . . . . . . . . . . . . . . . . . . . .522Disaster Recovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .522Continuity of Operations Planning. . . . . . . . . . . . . . . . . . . . . .524What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .528CHAPTER 28:Incident Investigation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .529SIEM Dashboards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .530Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531Network Activity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .536Protocol Analyzers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .537Network Flow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .538What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .539CHAPTER 29:Incident Mitigation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .541Containment and Eradication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .541Quarantining. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .542Configuration Changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .543Firewalls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .544Application Control. . . . . . . . . . . . . . . . . . . . . . . . . . . .545Secure Orchestration, Automation, and Response (SOAR). . . . . .546What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .549CHAPTER 30:Digital Forensics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .551Data Breach Notifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .552Strategic Intelligence/Counterintelligence Gathering. . . . . . . . . . . . .554Track Person-hours. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .555Order of Volatility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .555Chain of Custody. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .556Data Acquisition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .559Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 23

CISSP Exam Cram, 5th Edition (2021) - Page 23 preview image

Loading page ...

xxCompTIA®Security+ SY0-601 Exam CramCapture System Images. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .560Capture Network Traffic and Logs. . . . . . . . . . . . . . . . . . . . . .560Capture Video and Photographs. . . . . . . . . . . . . . . . . . . . . . . .561Record Time Offset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .562Take Hashes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .562Capture Screenshots. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .563Collect Witness Interviews. . . . . . . . . . . . . . . . . . . . . . . . . . .563What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .565Part V: Governance, Risk, and Compliance567CHAPTER 31:Control Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569Nature of Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .570Functional Use of Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .570Deterrent Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .571Preventive Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .571Detective Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .571Corrective Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .572Compensating Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .572What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .574CHAPTER 32:Regulations, Standards, and Frameworks. . . . . . . . . . . . . . . . . . . . . . . .575Industry-Standard Frameworks and Reference Architectures. . . . . . . .575Regulatory and Non-regulatory Requirements. . . . . . . . . . . . . .576Industry-Specific Frameworks. . . . . . . . . . . . . . . . . . . . . . . . .577Benchmarks and Secure Configuration Guides. . . . . . . . . . . . . . . . . .579Platform- and Vendor-Specific Guides. . . . . . . . . . . . . . . . . . .579General-Purpose Guides. . . . . . . . . . . . . . . . . . . . . . . . . . . . .580What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .581CHAPTER 33:Organizational Security Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .583Policy Framework. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .583Human Resource Management Policies. . . . . . . . . . . . . . . . . . . . . . .584Background Checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .584Onboarding and Offboarding. . . . . . . . . . . . . . . . . . . . . . . . . .584Mandatory Vacations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .585Separation of Duties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .585Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 24

CISSP Exam Cram, 5th Edition (2021) - Page 24 preview image

Loading page ...

Table of ContentsxxiJob Rotation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .586Clean Desk Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .586Role-Based Awareness and Training. . . . . . . . . . . . . . . . . . . . .586Continuing Education. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .588Acceptable Use Policy/Rules of Behavior. . . . . . . . . . . . . . . . . .589Internet Usage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .590Nondisclosure Agreements. . . . . . . . . . . . . . . . . . . . . . . . . . .591Disciplinary and Adverse Actions. . . . . . . . . . . . . . . . . . . . . . .591Exit Interviews. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .592Third-Party Risk Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . .592Interoperability Agreements. . . . . . . . . . . . . . . . . . . . . . . . . . .593What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .596CHAPTER 34:Risk Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .597Risk Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .598Risk Register. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .598Risk Response Techniques. . . . . . . . . . . . . . . . . . . . . . . . . . . .599Threat Assessment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .601Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .602Qualitative vs. Quantitative Measures. . . . . . . . . . . . . . . . . . . .604Single Loss Expectancy. . . . . . . . . . . . . . . . . . . . . . . . . .605Annual Rate of Occurrence. . . . . . . . . . . . . . . . . . . . . . .606Annual Loss Expectancy. . . . . . . . . . . . . . . . . . . . . . . . .606Business Impact Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .606Critical Functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .607Identification of Critical Systems. . . . . . . . . . . . . . . . . . .607Single Points of Failure. . . . . . . . . . . . . . . . . . . . . . . . . .607Recovery Objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .608MTTF, MTBF, and MTTR. . . . . . . . . . . . . . . . . . . . . . . . . . .609Impact. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .610What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .612CHAPTER 35:Sensitive Data and Privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .613Sensitive Data Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .613Data Sensitivity Labeling and Handling. . . . . . . . . . . . . . . . . .614Privacy Laws and Regulatory Compliance. . . . . . . . . . . . .616Data Roles and Responsibilities. . . . . . . . . . . . . . . . . . . . . . . .618Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 25

CISSP Exam Cram, 5th Edition (2021) - Page 25 preview image

Loading page ...

xxiiCompTIA®Security+ SY0-601 Exam CramData Retention and Disposal. . . . . . . . . . . . . . . . . . . . . . . . . .620Privacy Impact Assessment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .621What Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .623Glossary of Essential Terms and Components. . . . . . . . . . . . . . . . . . . . . . .625Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .655Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 26

CISSP Exam Cram, 5th Edition (2021) - Page 26 preview image

Loading page ...

About the AuthorMarty M. Weisshas spent most of his career in information security and riskmanagement, helping large organizations. Marty holds a bachelor of sciencedegree in computer studies from the University of Maryland UniversityCollege and an MBA from the Isenberg School of Management at theUniversity of Massachusetts Amherst. He holds several certifications, includingCISSP, CISA, and Security+. Marty has authored and coauthored more than ahalf-dozen books on information technology, many that have been described asriveting and Dostoevsky-esque in reviews by his mother. A Florida native, henow lives in New England.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 27

CISSP Exam Cram, 5th Edition (2021) - Page 27 preview image

Loading page ...

DedicationThis book is dedicated to my parents.AcknowledgmentsThank you, the reader of this book. It’s a pleasure to help others achieve agoal, and I’m thankful for that opportunity. Thank you to the entire teamthat helped to bring this book together. I’d like to acknowledge, in particular,Carole Jelen, Nancy Davis, Ellie Bru, Chris Crayton, Mandie Frank, and KittyWilson. Also, thank you, Diane Barrett. While you weren’t directly involvedin this edition, many of your words and ideas exist from previous editions.Finally, thank you to my friends and family for their support and understand-ing through the entire process.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 28

CISSP Exam Cram, 5th Edition (2021) - Page 28 preview image

Loading page ...

About the Technical ReviewerChris Craytonis a technical consultant, trainer, author, and industry-leadingtechnical editor. He has worked as a computer technology and networkinginstructor, information security director, network administrator, network engi-neer, and PC specialist. Chris has authored several print and online books onPC repair, CompTIA A+, CompTIA Security+, and Microsoft Windows. Hehas also served as technical editor and content contributor on numerous tech-nical titles for several of the leading publishing companies. He holds numerousindustry certifications, has been recognized with many professional and teach-ing awards, and has served as a state-level SkillsUSA final competition judge.We Want to Hear from You!As the reader of this book,youare our most important critic and commenta-tor. We value your opinion and want to know what we’re doing right, what wecould do better, what areas you’d like to see us publish in, and any other wordsof wisdom you’re willing to send our way.We welcome your comments. You can email or write to let us know what youdid or didn’t like about this book—as well as what we can do to make ourbooks better.Please note that we cannot help you with technical problems related to the topic ofthis book.When you write, please be sure to include this book’s title and author as wellas your name and email address. We will carefully review your comments andshare them with the author and editors who worked on the book.Email:community@informit.comHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 29

CISSP Exam Cram, 5th Edition (2021) - Page 29 preview image

Loading page ...

Reader ServicesRegister your copy ofCompTIA®Security+ SY0-601 Exam Cramatwww.pearsonitcertification.com for convenient access to downloads, updates,and corrections as they become available. To start the registration process, goto www.pearsonitcertification.com/register and log in or create an account.*Enter the product ISBN 9780136798675 and clickSubmit. When the pro-cess is complete, you will find any available bonus content under RegisteredProducts.*Be sure to check the box to indicate that you would like to hear from us toreceive exclusive discounts on future editions of this product.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 30

CISSP Exam Cram, 5th Edition (2021) - Page 30 preview image

Loading page ...

IntroductionWelcome toCompTIA®Security+ SY0-601 Exam Cram, sixth edition. This bookhelps you get ready to take and pass the CompTIA Security+ SY0-601 exam.This book is designed to remind you of everything you need to know to passthe SY0-601 certification exam. Each chapter includes a number of practicequestions that should give you a reasonably accurate assessment of your knowl-edge, and, yes, we’ve provided the answers and their explanations for thesequestions. Read this book, understand the material, and you’ll stand a very goodchance of passing the real test.Exam Crambooks help you understand and appreciate the subjects and materialsyou need to know to pass CompTIA certification exams.Exam Crambooks areaimed strictly at test preparation and review. They do not teach you everythingyou need to know about a subject. Instead, the authors streamline and highlightthe pertinent information by presenting and dissecting the questions and problemsthey’ve discovered that you’re likely to encounter on a CompTIA test.We strongly recommend that you spend some time installing and working withsecurity tools such as Wireshark and Metasploit and experimenting with themany network and security-related resources provided with many operatingsystems. The Security+ exam focuses on such activities and the knowledge andskills they can provide you. Nothing beats hands-on experience and familiar-ity when it comes to understanding the questions you’re likely to encounter ona certification test. Book learning is essential, but without a doubt, hands-onexperience is the best teacher of all!Let’s begin by looking at preparation for the exam.How to Prepare for the ExamThis text follows the official exam objectives closely to help ensure your suc-cess. The CompTIA exam covers 5 domains and 35 objectives. This book isdivided into 5 parts and 35 chapters, aligning with those domains and objec-tives. These official objectives from CompTIA can be found here:https://www.comptia.org/training/resources/exam-objectives.As you examine the numerous exam topics now covered in Security+, resist theurge to panic! This book you are holding will provide you with the knowledge(and confidence) that you need to succeed. You just need to make sure you readit and follow the guidance it provides throughout your Security+ journey.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 31

CISSP Exam Cram, 5th Edition (2021) - Page 31 preview image

Loading page ...

xxviiiCompTIA®Security+ SY0-601 Exam CramPractice TestsThis book is filled with practice exam questions to get you ready! Cram quiz-zes end each chapter, and each question also includes complete explanations.In addition, the book includes two additional full practice tests in the PearsonTest Prep software, available to you either online or as an offline Windowsapplication. To access the practice exams, please see the instructions in thecard inserted in the sleeve in the back of the book. This card includes aunique access code that enables you to activate your exams in the Pearson TestPrep software.In case you are interested in more practice exams than are provided with thisbook, Pearson IT Certification publishes a Premium Edition eBook and Prac-tice Test product. In addition to providing you with three eBook files (EPUB,PDF, and Kindle) this product provides you with two additional exams’ worthof questions. The Premium Edition version also offers you a link to the specificsection in the book that presents an overview of the topic covered in the ques-tion, allowing you to easily refresh your knowledge. The insert card in the backof the book includes a special offer for an 80% discount off of this PremiumEdition eBook and Practice Test product, which is an incredible deal.Taking a Certification ExamAfter you prepare for your exam, you need to register with a testing center.At the time of this writing, the cost to take the Security+ exam is US $349 forindividuals. Students in the United States are eligible for a significant discount.In addition, check with your employer as many workplaces provide reimburse-ment programs for certification exams. For more information about thesediscounts, you can contact a local CompTIA sales representative, who cananswer any questions you might have. If you don’t pass, you can take the examagain for the same cost as the first attempt until you pass. The test is adminis-tered by Pearson VUE testing centers, with locations globally. In addition, theCompTIA Security+ certification is a requirement for many within the U.S.military, and testing centers are available on some military bases.You will have 90 minutes to complete the exam. The exam consists of a maxi-mum of 90 questions. If you have prepared, you should find that this is plentyof time to properly pace yourself and review the exam before submission.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Preview Mode

This document has 754 pages. Sign in to access the full document!

Study Now!

X-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
Document Chat

Document Details

Subject
Certified Information Systems Security Professional

Related Documents

View all
Certification Guides

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024)

Boost your confidence with ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024), a collection of solved certification exam papers for thorough preparation.

Certification Guides

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide and Practice Tests (2024)

Prepare confidently with ISC2 CISSP Certified Information Systems Security Professional Official Study Guide and Practice Tests (2024), offering structured revision tests to reinforce key concepts.

Certification Guides

ISC2 CISSP Certified Information Systems Security Professional Official Practice Tests, 4th Edition (2024)

ISC2 CISSP Certified Information Systems Security Professional Official Practice Tests, 4th Edition (2024) is your go-to practice exam, covering essential topics needed for your certification success.

Certification Guides

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021)

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) makes exam prep stress-free with structured learning.

Certification Guides

CISSP Official Practice Tests (2021)

CISSP Official Practice Tests (2021) is your shortcut to certification success—start preparing today!

Certification Guides

CISSP All-in-One Exam Guide (2021)

CISSP All-in-One Exam Guide (2021) ensures you are exam-ready with expert-curated content.

Certification Guides

All in One CISSP Exam Guide (2022)

All in One CISSP Exam Guide (2022) is designed to make certification prep easy and effective.

Certification Guides

CISSP Official Study Guide (2021)

CISSP Official Study Guide (2021) provides detailed explanations to help you understand key concepts.

Certification Guides

Official ISC2 Guide to the CISSP CBK (2019)

Official ISC2 Guide to the CISSP CBK (2019) provides detailed explanations to help you understand key concepts.

Certification Guides

The Official ISC2 CISSP CBK Reference (2021)

The Official ISC2 CISSP CBK Reference (2021) helps you master complex topics with simplified explanations.