CramX Logo
RegisterLog in

CISSP Official Study Guide (2021)

CISSP Official Study Guide (2021) provides detailed explanations to help you understand key concepts.

4.2
143
about 1 year ago
Preview (31 of 1250 Pages)
100%
Log in to unlock

Page 1

CISSP Official Study Guide (2021) - Page 1 preview image

Loading page ...

T=StudyX

Page 2

CISSP Official Study Guide (2021) - Page 2 preview image

Loading page ...

DownloadedfromStudyXY.com&+StudyXYnas,as.aTBStudy[|AnythingThisContentHasbeenPostedOnStudyXY.comassupplementarylearningmaterial.StudyXYdoesnotendroseanyuniversity,collegeorpublisher.Allmaterialspostedareundertheliabilityofthecontribu:ors.wv6)www.studyxy.com

Page 3

CISSP Official Study Guide (2021) - Page 3 preview image

Loading page ...

T=StudyX

Page 4

CISSP Official Study Guide (2021) - Page 4 preview image

Loading page ...

CISSP®CertifiedInformationSystemsSecurityProfessionalNinthEdition

Page 5

CISSP Official Study Guide (2021) - Page 5 preview image

Loading page ...

T=StudyX

Page 6

CISSP Official Study Guide (2021) - Page 6 preview image

Loading page ...

CISSP®CertifiedInformationSystemsSecurityProfessionalNinthEditionMikeChappleJamesMichaelStewartDarrilGibson

Page 7

CISSP Official Study Guide (2021) - Page 7 preview image

Loading page ...

Copyright©2021byJohnWiley&Sons,Inc.Allrightsreserved.PublishedbyJohnWiley&Sons,Inc.,Hoboken,NewJerseyPublishedsimultaneouslyinCanadaandtheUnitedKingdomISBN:978-1-119-78623-8ISBN:978-1-119-78633-7(ebk)ISBN:978-1-119-78624-5(cbk)Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanningorotherwise,exceptaspermittedunderSections107or108ofthe1976UnitedStatesCopyrightAct,withouteitherthepriorwrittenpermissionofthePublisher,orauthorizationthroughpaymentoftheappropriateper-copyfeetotheCopyrightClearanceCenter,222RosewoodDrive,Danvers,MA01923,(978)750-8400,fax(978)646-8600.RequeststothePublisherforpermissionshouldbeaddressedtothePermissionsDepartment,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)748-6011,fax(201)748-6008,oronlineathttp://www.wiley.com/go/permissions.LimitofLiability/DisclaimerofWarranty:Whilethepublisherandauthorhaveusedtheirbesteffortsinpreparingthisbook,theymakenorepresentationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthisbookandspecificallydisclaimanyimpliedwarrantiesofmerchantabilityorfitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysalesrepresentativesorwrittensalesmaterials.Theadviceandstrategiescontainedhereinmaynotbesuitableforyoursituation.Youshouldconsultwithaprofessionalwhereappropriate.Neitherthepublishernorauthorshallbeliableforanylossofprofitoranyothercommercialdamages,includingbutnotlimitedtospecial,incidental,consequential,orotherdamages.Forgeneralinformationonourotherproductsandservicesortoobtaintechnicalsupport,pleasecontactourCustomerCareDepartmentwithintheU.S.at(877)762-2974,outsidetheU.S.at(317)572-3993orfax(317)572-4002.Wileyalsopublishesitsbooksinavarietyofelectronicformats.Somecontentthatappearsinprintmaynotbeavailableinelectronicformats.FormoreinformationaboutWileyproducts,visitourwebsiteatwww.wiLey.com.LibraryofCongressControlNumber:2021935479TRADEMARKS:WILEYandtheWileylogoaretrademarksorregisteredtrademarksofJohnWiley&Sons,Inc.and/oritsaffiliates,intheUnitedStatesandothercountries,andmaynotbeusedwithoutwrittenpermission.(SC)andCISSParetrademarksorregisteredtrademarksof(ISC)?,Inc.Allothertrademarksarethepropertyoftheirrespectiveowners.JohnWiley&Sons,Inc.isnorassociatedwithanyproductorvendormentionedinthisbook.Coverimage(s):©JeremyWoodhouse/GettyImages,Inc.Coverdesign:WileyStudy

Page 8

CISSP Official Study Guide (2021) - Page 8 preview image

Loading page ...

ToDewittLatimer,mymentor,friend,andcolleague.Imissyoudearly.—MikeChappleToCathy,yourperspectiveontheworldandlifeoftensurprisesme,challengesme,andmakesmeloveyouevenmore.—JamesMichaelStewartToNimfa,thanksforsharingyourlifewithmeforthepast29yearsandlettingmeshareminewithyou.—DarrilGibsonStudy

Page 9

CISSP Official Study Guide (2021) - Page 9 preview image

Loading page ...

T=StudyX

Page 10

CISSP Official Study Guide (2021) - Page 10 preview image

Loading page ...

AcknowledgmentsWe'dliketoexpressourthankstoWileyforcontinuingtosupportthisproject.Extrathankstothedevelopmenteditor,KellyTalbot,andtechnicaleditors,JerryRayome,ChrisCrayton,andAaronKraus,whoperformedamazingfeatsinguidingustoimprovethisbook.Thanksaswelltoouragent,CaroleJelen,forcontinuingtoassistinnailingdowntheseprojects.Mike,James,andDarrilSpecialthanksgotomymanyfriendsandcolleaguesinthecybersecuritycommunitywhoprovidedhoursofinterestingconversationanddebateonsecurityissuesthatinspiredandinformedmuchofthematerialinthisbook.IwouldliketothanktheteamatWiley,whoprovidedinvaluableassistancethroughoutthebookdevelopmentprocess.Ialsooweadebtofgratitudetomyliteraryagent,CaroleJelenofWatersideProductions.Mycoauthors,JamesMichaelStewartandDarrilGibson,weregreatcol-laboratorsandI'dliketothankthembothfortheirthoughtfulcontributionstomychapters.I'dalsoliketothankthemanypeoplewhoparticipatedintheproductionofthisbookbutwhomIneverhadthechancetomeet:thegraphicsteam,theproductionstaff,andallofthoseinvolvedinbringingthisbooktopress.—MikeChappleThankstoMikeChappleandDarrilGibsonforcontinuingtocontributetothisproject.ThanksalsotoallmyCISSPcoursestudentswhohaveprovidedtheirinsightandinputtoimprovemytrainingcoursewareandultimatelythistome.Tomyadoringwife,Cathy:BuildingalifeandafamilytogetherhasbeenmorewonderfulthanIcouldhaveeverimagined.ToSlaydeandRemi:Youaregrowingupsofastandlearningatanoutstandingpace,andyoucontinuetodelightandimpressmedaily.Youarebothgrowingintoamazingindividuals.Tomymom,Johnnie:Itiswonderfultohaveyoucloseby.ToMark:Nomatterhowmuchtimehaspassedorhowlittleweseeeachother,Ihavebeenandalwayswillbeyourfriend.Andfinally,asalways,toElvis:Youwerewayaheadofthecurrentbaconobsessionwithyourpeanutbutter/banana/baconsandwich;Ithinkthat’sproofyoutraveledthroughtime!—JamesMichaelStewartIt’sbeenapleasureworkingwithtalentedpeoplelikeJamesMichaelStewartandMikeChapple.Thankstobothofyouforallyourworkandcollaborativeeffortsonthisproject.Thetechnicaleditors,JerryRayome,ChrisCrayton,andAaronKraus,provideduswithsomeoutstandingfeedback,andthisbookisbetterbecauseoftheirefforts.ThankstotheteamatWiley(includingprojectmanagers,editors,andgraphicartists)foralltheworkyoudidhelpingusgetthisbooktoprint.Last,thankstomywife,Nimfa,forputtingupwithmyoddhoursasIworkedonthisbook.—DarrilGibsonStudy

Page 11

CISSP Official Study Guide (2021) - Page 11 preview image

Loading page ...

T=StudyX

Page 12

CISSP Official Study Guide (2021) - Page 12 preview image

Loading page ...

AbouttheAuthorsMikeChapple,PhD,~CISSP,Security+,CySA+,PenTest+,CISA,CISM,CCSP,CIPP/US,isateachingprofessorofIT,analytics,andoperationsattheUniversityofNotreDame.Inthepast,hewaschiefinformationofficerofBrandInstituteandaninformationsecurityresearcherwiththeNationalSecurityAgencyandtheU.S.AirForce.Hisprimaryareasofexpertiseincludenetworkintrusiondetectionandaccesscontrols.Mikeisafrequentcon-tributortoTechTarget’sSearchSecuritysiteandtheauthorofmorethan25books,includingthecompanionbooktothisstudyguide:CISSPOfficial(ISC)?PracticeTests,CompTIACySA+StudyGuide:ExamCS0-001,CompTIASecurity+StudyGuide:ExamSY0-601,andCyberwarfare:InformationOperationsinaConnectedWorld.MikeoffersstudygroupsfortheCISSP,SSCP,Security+,andCSA+certificationsonhiswebsiteatwww.certmike.com.JamesMichaelStewart,CISSP,CEH,CHFI,ECSA,CND,ECIH,CySA+,PenTest+,CASP+,Security+,Network+,A+,CISM,andCFR,hasbeenwritingandtrainingformorethan25years,withacurrentfocusonsecurity.HehasbeenteachingCISSPtrainingcoursessince2002,nottomentionothercoursesoninternetsecurityandethicalhacking/penetrationtesting.Heistheauthorofandcontributortomorethan75booksonsecuritycertification,Microsofttopics,andnetworkadministration,includingCompTIASecurity+ReviewGuide:ExamSY0-601.MoreinformationaboutMichaelcanbefoundathiswebsiteatwww.impactonline.com.DarrilGibson,CISSP,Security+,CASP,istheCEOofYCDA(shortforYouCanDoAnything),andhehasauthoredorcoauthoredmorethan40books.Darrilregularlywrites,consults,andteachesonawidevarietyoftechnicalandsecuritytopicsandholdsseveralcer-tifications.Heregularlypostsblogarticlesatblogs.getcertifiedgetahead.comaboutcertificationtopicsandusesthatsitetohelppeoplestayabreastofchangesincertificationexams.Heloveshearingfromreaders,especiallywhentheypassanexamafterusingoneofhisbooks,andyoucancontacthimthroughthebloggingsite.

Page 13

CISSP Official Study Guide (2021) - Page 13 preview image

Loading page ...

T=StudyX

Page 14

CISSP Official Study Guide (2021) - Page 14 preview image

Loading page ...

AbouttheTechnicalEditorsJerryRayome,BS/MSComputerScience,CISSP,hasbeenemployedasamemberoftheCyberSecurityProgramatLawrenceLivermoreNationalLaboratoryforover20years,providingcybersecurityservicesthatincludesoftwaredevelopment,penetrativetesting,inci-dentresponse,firewallimplementation/administration,firewallauditing,honeynetdeploy-ment/monitoring,cyberforensicinvestigations,NIST800-53controlimplementation/assessment,cloudriskassessment,andcloudsecurityauditing.ChrisCraytonisatechnicalconsultant,trainer,author,andindustry-leadingtechnicaleditor.Hehasworkedasacomputertechnologyandnetworkinginstructor,informationsecuritydirector,networkadministrator,networkengineer,andPCspecialist.ChrishasauthoredseveralprintandonlinebooksonPCrepair,CompTIAA+,CompTIASecurity+,andMicrosoftWindows.Hehasalsoservedastechnicaleditorandcontentcontributoronnumeroustechnicaltitlesforseveralleadingpublishingcompanies.Heholdsnumerousindustrycertifications,includingCISSP,MCSE,CompTIAS+,N+,A+,andmanyothers.Hehasalsobeenrecognizedwithmanyprofessionalandteachingawards,andhehasservedasastate-levelSkillsUSAfinalcompetitionjudge.AaronKraus,CISSP,CCSP,isaninformationsecuritypractitioner,instructor,andauthorwhohasworkedacrossindustriesandaroundtheworld.Hehasspentmorethan15yearsasaconsultantorsecurityriskmanagerinroleswithgovernment,financialservices,andtechstartups,includingmostrecentlyincyberriskinsurance,andhasspent13yearsteaching,writing,anddevelopingsecuritycoursewareatLearningTreeInternational,whereheisalsodeanofcybersecuritycurriculum.Hiswritingandeditingexperienceincludesofficial(ISC)?referencebooks,practiceexams,andstudyguidesforbothCISSPandCCSP.

Page 15

CISSP Official Study Guide (2021) - Page 15 preview image

Loading page ...

T=StudyX

Page 16

CISSP Official Study Guide (2021) - Page 16 preview image

Loading page ...

ContentsataGlanceIntroductionxxxviiAssessmentTestlixChapter1SecurityGovernanceThroughPrinciplesandPolicies1Chapter2PersonnelSecurityandRiskManagementConcepts43Chapter3BusinessContinuityPlanning113Chapter4Laws,Regulations,andCompliance143Chapter5ProtectingSecurityofAssets179Chapter6CryptographyandSymmetricKeyAlgorithms219Chapter7PKIandCryptographicApplications263Chapter8PrinciplesofSecurityModels,Design,andCapabilities309Chapter9SecurityVulnerabilities,Threats,andCountermeasures353Chapter10PhysicalSecurityRequirements447Chapter11SecureNetworkArchitectureandComponents495Chapter12SecureCommunicationsandNetworkAttacks581Chapter13ManagingIdentityandAuthentication637Chapter14ControllingandMonitoringAccess677Chapter15SecurityAssessmentandTesting723Chapter16ManagingSecurityOperations763Chapter17PreventingandRespondingtoIncidents801Chapter18DisasterRecoveryPlanning861Chapter19InvestigationsandEthics909Chapter20SoftwareDevelopmentSecurity941Chapter21MaliciousCodeandApplicationAttacks993AppendixAAnswerstoReviewQuestions1041AppendixBAnswerstoWrittenLabs1099Index1117

Page 17

CISSP Official Study Guide (2021) - Page 17 preview image

Loading page ...

T=StudyX

Page 18

CISSP Official Study Guide (2021) - Page 18 preview image

Loading page ...

ContentsIntroductionxxxviiAssessmentTestlixChapter1SecurityGovernanceThroughPrinciplesandPolicies1Security1013UnderstandandApplySecurityConcepts4Confidentiality5Integrity6Availability7DAD,Overprotection,Authenticity,Non-repudiation,andAAAServices7ProtectionMechanisms11SecurityBoundaries13EvaluateandApplySecurityGovernancePrinciples14Third-PartyGovernance15DocumentationReview15ManagetheSecurityFunction16AlignmentofSecurityFunctiontoBusinessStrategy,Goals,Mission,andObjectives17OrganizationalProcesses19OrganizationalRolesandResponsibilities21SecurityControlFrameworks22DueDiligenceandDueCare23SecurityPolicy,Standards,Procedures,andGuidelines23SecurityPolicies24SecurityStandards,Baselines,andGuidelines24SecurityProcedures25ThreatModeling26IdentifyingThreats26DeterminingandDiagrammingPotentialAttacks28PerformingReductionAnalysis28PrioritizationandResponse30SupplyChainRiskManagement31Summary33ExamEssentials33WrittenLab36ReviewQuestions37

Page 19

CISSP Official Study Guide (2021) - Page 19 preview image

Loading page ...

xviContentsChapter2PersonnelSecurityandRiskManagementConcepts43PersonnelSecurityPoliciesandProcedures45JobDescriptionsandResponsibilities45CandidateScreeningandHiring46Onboarding:EmploymentAgreementsandPolicies47EmployeeOversight48Offboarding,Transfers,andTerminationProcesses49Vendor,Consultant,andContractorAgreementsandControls52CompliancePolicyRequirements53PrivacyPolicyRequirements54UnderstandandApplyRiskManagementConcepts5sRiskTerminologyandConcepts56AssetValuation58IdentifyThreatsandVulnerabilities60RiskAssessment/Analysis60RiskResponses66Costvs.BenefitofSecurityControls69CountermeasureSelectionandImplementation72ApplicableTypesofControls74SecurityControlAssessment76MonitoringandMeasurement76RiskReportingandDocumentation77ContinuousImprovement77RiskFrameworks79SocialEngineering81SocialEngineeringPrinciples$3ElicitingInformation85Prepending85Phishing85SpearPhishing87Whaling87Smishing88Vishing88Spam89ShoulderSurfing90InvoiceScams90Hoax90ImpersonationandMasquerading91TailgatingandPiggybacking91DumpsterDiving92IdentityFraud93TypoSquatting94InfluenceCampaigns94

Page 20

CISSP Official Study Guide (2021) - Page 20 preview image

Loading page ...

ContentsxviiEstablishandMaintainaSecurityAwareness,Education,andTrainingProgram9%Awareness97Training97Education98Improvements98EffectivenessEvaluation99Summary100ExamEssentials101WrittenLab106ReviewQuestions107Chapter3BusinessContinuityPlanning113PlanningforBusinessContinuity114ProjectScopeandPlanning115OrganizationalReview116BCPTeamSelection117ResourceRequirements119LegalandRegulatoryRequirements120BusinessImpactAnalysis121IdentifyingPriorities122RiskIdentification123LikelihoodAssessment125ImpactAnalysis126ResourcePrioritization128ContinuityPlanning128StrategyDevelopment129ProvisionsandProcesses129PlanApprovalandImplementation131PlanApproval131PlanImplementation132TrainingandEducation132BCPDocumentation132Summary136ExamEssentials137WrittenLab138ReviewQuestions139Chapter4Laws,Regulations,andCompliance143CategoriesofLaws144CriminalLaw144CivilLaw146AdministrativeLaw146Laws147ComputerCrime147IntellectualProperty(IP)[+studyxy

Page 21

CISSP Official Study Guide (2021) - Page 21 preview image

Loading page ...

xviiiContentsLicensing158Import/Export158Privacy160StatePrivacyLaws168Compliance169ContractingandProcurement171Summary171ExamEssentials172WrittenLab173ReviewQuestions174Chapter5ProtectingSecurityofAssets179IdentifyingandClassifyingInformationandAssets180DefiningSensitiveData180DefiningDataClassifications182DefiningAssetClassifications185UnderstandingDataStates185DeterminingComplianceRequirements186DeterminingDataSecurityControls186EstablishingInformationandAssetHandlingRequirements188DataMaintenance189DataLossPrevention189MarkingSensitiveDataandAssets190HandlingSensitiveInformationandAssets192DataCollectionLimitation192DataLocation193StoringSensitiveData193DataDestruction194EnsuringAppropriateDataandAssetRetention197DataProtectionMethods199DigitalRightsManagement199CloudAccessSecurityBroker200Pseudonymization200Tokenization201Anonymization202UnderstandingDataRoles204DataOwners204AssetOwners205Business/MissionOwners206DataProcessorsandDataControllers206DataCustodians207Administrators207UsersandSubjects208

Page 22

CISSP Official Study Guide (2021) - Page 22 preview image

Loading page ...

ContentsxixUsingSecurityBaselines208ComparingTailoringandScoping209StandardsSelection210Summary211ExamEssentials211WrittenLab213ReviewQuestions214Chapter6CryptographyandSymmetricKeyAlgorithms219CryptographicFoundations220GoalsofCryptography220CryptographyConcepts223CryptographicMathematics224Ciphers230ModernCryptography238CryptographicKeys238SymmetricKeyAlgorithms239AsymmetricKeyAlgorithms241HashingAlgorithms244SymmetricCryptography244CryptographicModesofOperation245DataEncryptionStandard247TripleDES247InternationalDataEncryptionAlgorithm248Blowfish249Skipjack249RivestCiphers249AdvancedEncryptionStandard250CAST250ComparisonofSymmetricEncryptionAlgorithms251SymmetricKeyManagement252CryptographicLifecycle255Summary255ExamEssentials256WrittenLab257ReviewQuestions258Chapter7PKIandCryptographicApplications263AsymmetricCryptography264PublicandPrivateKeys264RSA265ElGamal267EllipticCurve268Diffie-HellmanKeyExchange269QuantumCryptography270

Page 23

CISSP Official Study Guide (2021) - Page 23 preview image

Loading page ...

xxContentsHashFunctions271SHA272MDS$273RIPEMD273ComparisonofHashAlgorithmValueLengths274DigitalSignatures275HMAC276DigitalSignatureStandard277PublicKeyInfrastructure277Certificates278CertificateAuthorities279CertificateLifecycle280CertificateFormats283AsymmetricKeyManagement284HybridCryptography285AppliedCryptography285PortableDevices285Email286WebApplications290SteganographyandWatermarking292Networking294EmergingApplications295CryptographicAttacks297Summary301ExamEssentials302WrittenLab303ReviewQuestions304Chapter8PrinciplesofSecurityModels,Design,andCapabilities309SecureDesignPrinciples310ObjectsandSubjects311ClosedandOpenSystems312SecureDefaults314FailSecurely314KeepItSimple316ZeroTrust317PrivacybyDesign319TrustburVerify319TechniquesforEnsuringCIA320Confinement320Bounds320Isolation321AccessControls321TrustandAssurance321

Page 24

CISSP Official Study Guide (2021) - Page 24 preview image

Loading page ...

ContentsxxiUnderstandtheFundamentalConceptsofSecurityModels322TrustedComputingBase323StateMachineModel325InformationFlowModel325NoninterferenceModel326Take-GrantModel326AccessControlMatrix327Bell-LaPadulaModel328BibaModel330Clark-WilsonModel333BrewerandNashModel334Goguen—MeseguerModel335SutherlandModel335Graham-DenningModel335Harrison-Ruzzo-UllmanModel336SelectControlsBasedonSystemsSecurityRequirements337CommonCriteria337AuthorizationtoOperate340UnderstandSecurityCapabilitiesofInformationSystems341MemoryProtection341Virtualization342TrustedPlatformModule342Interfaces343FaultTolerance343Encryption/Decryption343Summary343ExamEssentials344WrittenLab347ReviewQuestions348Chapter9SecurityVulnerabilities,Threats,andCountermeasures353SharedResponsibility354AssessandMitigatetheVulnerabilitiesofSecurityArchitectures,Designs,andSolutionElements355Hardware356Firmware370Client-BasedSystems372MobileCode372LocalCaches375Server-BasedSystems375Large-ScaleParallelDataSystems376GridComputing377PeertoPeer378

Page 25

CISSP Official Study Guide (2021) - Page 25 preview image

Loading page ...

xxiiContentsIndustrialControlSystems378DistributedSystems380High-PerformanceComputing(HPC)Systems382InternetofThings383EdgeandFogComputing385EmbeddedDevicesandCyber-PhysicalSystems386StaticSystems387Network-EnabledDevices388Cyber-PhysicalSystems389ElementsRelatedtoEmbeddedandStaticSystems389SecurityConcernsofEmbeddedandStaticSystems390SpecializedDevices393Microservices394InfrastructureasCode395VirtualizedSystems397VirtualSoftware399VirtualizedNetworking400Software-DefinedEverything400VirtualizationSecurityManagement403Containerization405ServerlessArchitecture406MobileDevices406MobileDeviceSecurityFeatures408MobileDeviceDeploymentPolicies420EssentialSecurityProtectionMechanisms426ProcessIsolation426HardwareSegmentation427SystemSecurityPolicy427CommonSecurityArchitectureFlawsandIssues428CovertChannels428AttacksBasedonDesignorCodingFlaws430Rootkits431IncrementalAttacks431Summary432ExamEssentials433WrittenLab440ReviewQuestions441Chapter10PhysicalSecurityRequirements447ApplySecurityPrinciplestoSiteandFacilityDesign448SecureFacilityPlan448SiteSelection449FacilityDesign450

Page 26

CISSP Official Study Guide (2021) - Page 26 preview image

Loading page ...

ContentsiiImplementSiteandFacilitySecurityControls452EquipmentFailure453‘WiringClosets454ServerRooms/DataCenters455IntrusionDetectionSystems458Cameras460AccessAbuses462MediaStorageFacilities462EvidenceStorage463RestrictedandWorkAreaSecurity464UtilityConsiderations465FirePrevention,Detection,andSuppression470ImplementandManagePhysicalSecurity476PerimeterSecurityControls477InternalSecurityControls481KeyPerformanceIndicatorsofPhysicalSecurity483Summary484ExamEssentials485WrittenLab488ReviewQuestions489Chapter11SecureNetworkArchitectureandComponents495OSIModel497HistoryoftheOSIModel497OSIFunctionality498Encapsulation/Deencapsulation498OSILayers500TCP/IPModel504AnalyzingNetworkTraffic505CommonApplicationLayerProtocols506TransportLayerProtocols508DomainNameSystem509DNSPoisoning511DomainHijacking514InternetProtocol(IP)Networking5161Pv4vs.IPv6516IPClasses517ICMP519IGMP519ARPConcerns519SecureCommunicationProtocols521ImplicationsofMultilayerProtocols522ConvergedProtocols523VoiceoverInternetProtocol(VoIP)524Software-DefinedNetworking525

Page 27

CISSP Official Study Guide (2021) - Page 27 preview image

Loading page ...

xxivContentsMicrosegmentation526WirelessNetworks527SecuringtheSSID529WirelessChannels529ConductingaSiteSurvey530WirelessSecurity531Wi-FiProtectedSetup(WPS)533WirelessMACFilter534WirelessAntennaManagement534UsingCaptivePortals535GeneralWi-FiSecurityProcedure535WirelessCommunications536WirelessAttacks539OtherCommunicationProtocols543CellularNetworks544ContentDistributionNetworks(CDNs)545SecureNetworkComponents545SecureOperationofHardware546CommonNetworkEquipment547NetworkAccessControl549Firewalls550EndpointSecurity556Cabling,Topology,andTransmissionMediaTechnology~~559TransmissionMedia559NetworkTopologies563Ethernet565Sub-Technologies566Summary569ExamEssentials570WrittenLab574ReviewQuestions575Chapter12SecureCommunicationsandNetworkAttacks581ProtocolSecurityMechanisms582AuthenticationProtocols582PortSecurity585QualityofService(QoS)585SecureVoiceCommunications586PublicSwitchedTelephoneNetwork586VoiceoverInternetProtocol(VoIP)586VishingandPhreaking588PBXFraudandAbuse589RemoteAccessSecurityManagement590RemoteAccessandTelecommutingTechniques591RemoteConnectionSecurity591PlanaRemoteAccessSecurityPolicy[+Stuy|

Page 28

CISSP Official Study Guide (2021) - Page 28 preview image

Loading page ...

ContentsovMultimediaCollaboration593RemoteMeeting593InstantMessagingandChat594LoadBalancing595VirtualIPsandLoadPersistence596Active-Activevs.Active-Passive596ManageEmailSecurity596EmailSecurityGoals597UnderstandEmailSecurityIssues599EmailSecuritySolutions599VirtualPrivateNetwork602Tunneling603HowVPNsWork604Always-On606SplitTunnelvs.FullTunnel607CommonVPNProtocols607SwitchingandVirtualLANs610NetworkAddressTranslation614PrivateIPAddresses616StatefulNAT617AutomaticPrivateIPAddressing617Third-PartyConnectivity618SwitchingTechnologies620CircuitSwitching620PacketSwitching620VirtualCircuits621WANTechnologies622Fiber-OpticLinks624SecurityControlCharacteristics624Transparency625TransmissionManagementMechanisms625PreventorMitigateNetworkAttacks625Eavesdropping626ModificationAttacks626Summary626ExamEssentials628WrittenLab630ReviewQuestions631Chapter13ManagingIdentityandAuthentication637ControllingAccesstoAssets639ControllingPhysicalandLogicalAccess640TheCIATriadandAccessControls640ManagingIdentificationandAuthentication641ComparingSubjectsandObjects642

Page 29

CISSP Official Study Guide (2021) - Page 29 preview image

Loading page ...

xviContentsRegistration,Proofing,andEstablishmentofIdentity643AuthorizationandAccountability644AuthenticationFactorsOverview645SomethingYouKnow647SomethingYouHave650SomethingYouAre651MultifactorAuthentication(MFA)655Two-FactorAuthenticationwithAuthenticatorApps655PasswordlessAuthentication656DeviceAuthentication657ServiceAuthentication658MutualAuthentication659ImplementingIdentityManagement659SingleSign-On659SSOandFederatedIdentities660CredentialManagementSystems662CredentialManagerApps663ScriptedAccess663SessionManagement663ManagingtheIdentityandAccessProvisioningLifecycle664ProvisioningandOnboarding665DeprovisioningandOffboarding666DefiningNewRoles667AccountMaintenance667AccountAccessReview667Summary668ExamEssentials669WrittenLab671ReviewQuestions672Chapter14ControllingandMonitoringAccess677ComparingAccessControlModels678ComparingPermissions,Rights,andPrivileges678UnderstandingAuthorizationMechanisms679DefiningRequirementswithaSecurityPolicy681IntroducingAccessControlModels681DiscretionaryAccessControl682NondiscretionaryAccessControl683ImplementingAuthenticationSystems690ImplementingSSOontheInternet691ImplementingSSOonInternalNetworks694UnderstandingAccessControlAttacks699RiskElements700CommonAccessControlAttacks700CoreProtectionMethods713

Page 30

CISSP Official Study Guide (2021) - Page 30 preview image

Loading page ...

ContentsviiSummary714ExamEssentials715WrittenLab717ReviewQuestions718Chapter15SecurityAssessmentandTesting723BuildingaSecurityAssessmentandTestingProgram725SecurityTesting725SecurityAssessments726SecurityAudits727PerformingVulnerabilityAssessments731DescribingVulnerabilities731VulnerabilityScans732PenetrationTesting742ComplianceChecks745TestingYourSoftware746CodeReviewandTesting746InterfaceTesting751MisuseCaseTesting751TestCoverageAnalysis752‘WebsiteMonitoring752ImplementingSecurityManagementProcesses753LogReviews753AccountManagement754DisasterRecoveryandBusinessContinuity754TrainingandAwareness755KeyPerformanceandRiskIndicators755Summary756ExamEssentials756WrittenLab758ReviewQuestions759Chapter16ManagingSecurityOperations763ApplyFoundationalSecurityOperationsConcepts765NeedtoKnowandLeastPrivilege765SeparationofDuties(SoD)andResponsibilities767Two-PersonControl768JobRotation768MandatoryVacations768PrivilegedAccountManagement769ServiceLevelAgreements(SLAs)771AddressingPersonnelSafetyandSecurity771Duress771Travel772

Page 31

CISSP Official Study Guide (2021) - Page 31 preview image

Loading page ...

viiiContentsEmergencyManagement773SecurityTrainingandAwareness773ProvisionResourcesSecurely773InformationandAssetOwnership774AssetManagement774ApplyResourceProtection776MediaManagement776MediaProtectionTechniques776ManagedServicesintheCloud779SharedResponsibilitywithCloudServiceModels780ScalabilityandElasticity782PerformConfigurationManagement(CM)782Provisioning783Baselining783UsingImagesforBaselining783Automation784ManagingChange785ChangeManagement787Versioning788ConfigurationDocumentation788ManagingPatchesandReducingVulnerabilities789SystemstoManage789PatchManagement789VulnerabilityManagement791VulnerabilityScans792CommonVulnerabilitiesandExposures792Summary793ExamEssentials794WrittenLab796ReviewQuestions797Chapter17PreventingandRespondingtoIncidents801ConductingIncidentManagement803DefininganIncident803IncidentManagementSteps804ImplementingDetectiveandPreventiveMeasures810BasicPreventiveMeasures810UnderstandingAttacks811IntrusionDetectionandPreventionSystems820SpecificPreventiveMeasures828LoggingandMonitoring834LoggingTechniques834TheRoleofMonitoring837MonitoringTechniques840
Preview Mode

This document has 1250 pages. Sign in to access the full document!

Study Now!

X-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
Document Chat

Document Details

Subject
Certified Information Systems Security Professional

Related Documents

View all
Certification Guides

ISC2 CISSP Certified Information Systems Security Professional Official Practice Tests, 4th Edition (2024)

ISC2 CISSP Certified Information Systems Security Professional Official Practice Tests, 4th Edition (2024) is your go-to practice exam, covering essential topics needed for your certification success.

Certification Guides

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024)

Boost your confidence with ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024), a collection of solved certification exam papers for thorough preparation.

Certification Guides

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide and Practice Tests (2024)

Prepare confidently with ISC2 CISSP Certified Information Systems Security Professional Official Study Guide and Practice Tests (2024), offering structured revision tests to reinforce key concepts.

Certification Guides

The Official ISC2 CISSP CBK Reference (2021)

The Official ISC2 CISSP CBK Reference (2021) helps you master complex topics with simplified explanations.

Certification Guides

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021)

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) makes exam prep stress-free with structured learning.

Certification Guides

CISSP Official Practice Tests (2021)

CISSP Official Practice Tests (2021) is your shortcut to certification success—start preparing today!

Certification Guides

CISSP All-in-One Exam Guide (2021)

CISSP All-in-One Exam Guide (2021) ensures you are exam-ready with expert-curated content.

Certification Guides

All in One CISSP Exam Guide (2022)

All in One CISSP Exam Guide (2022) is designed to make certification prep easy and effective.

Certification Guides

Official ISC2 Guide to the CISSP CBK (2019)

Official ISC2 Guide to the CISSP CBK (2019) provides detailed explanations to help you understand key concepts.

Certification Guides

CISSP Cert Guide (2022)

CISSP Cert Guide (2022) is your essential resource for acing certification exams with confidence.