CramX Logo
RegisterLog in

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024)

Boost your confidence with ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024), a collection of solved certification exam papers for thorough preparation.

Lucas Allen
Contributor
4.7
34
10 months ago
Preview (16 of 1839 Pages)
100%
Log in to unlock

Page 1

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 1 preview image

Loading page ...

Page 2

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 2 preview image

Loading page ...

Page 3

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 3 preview image

Loading page ...

Table of ContentsCoverTable of ContentsTitle PageCopyrightDedicationAcknowledgmentsAbout the AuthorsAbout the Technical EditorsIntroductionOverview of the CISSP ExamThe Elements of This Study GuideInteractive Online Learning Environment and Test BankStudy Guide Exam ObjectivesObjective MapHow to Contact the PublisherAssessment TestAnswers to Assessment TestChapter 1: Security Governance Through Principles and PoliciesSecurity 101Understand and Apply Security ConceptsSecurity BoundariesEvaluate and Apply Security Governance PrinciplesManage the Security FunctionSecurity Policy, Standards, Procedures, and GuidelinesThreat ModelingSupply Chain Risk ManagementSummary

Page 4

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 4 preview image

Loading page ...

Study EssentialsWritten LabReview QuestionsChapter 2: Personnel Security and Risk Management ConceptsPersonnel Security Policies and ProceduresUnderstand and Apply Risk Management ConceptsSocial EngineeringEstablish and Maintain a Security Awareness, Education, andTraining ProgramSummaryStudy EssentialsWritten LabReview QuestionsChapter 3: Business Continuity PlanningPlanning for Business ContinuityProject Scope and PlanningBusiness Impact AnalysisContinuity PlanningPlan Approval and ImplementationSummaryStudy EssentialsWritten LabReview QuestionsChapter 4: Laws, Regulations, and ComplianceCategories of LawsLawsState Privacy LawsComplianceContracting and Procurement

Page 5

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 5 preview image

Loading page ...

SummaryStudy EssentialsWritten LabReview QuestionsChapter 5: Protecting Security of AssetsIdentifying and Classifying Information and AssetsEstablishing Information and Asset Handling RequirementsData Protection MethodsUnderstanding Data RolesUsing Security BaselinesSummaryStudy EssentialsWritten LabReview QuestionsChapter 6: Cryptography and Symmetric Key AlgorithmsCryptographic FoundationsModern CryptographySymmetric CryptographyCryptographic Life CycleSummaryStudy EssentialsWritten LabReview QuestionsChapter 7: PKI and Cryptographic ApplicationsAsymmetric CryptographyHash FunctionsDigital SignaturesPublic Key InfrastructureAsymmetric Key Management

Page 6

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 6 preview image

Loading page ...

Hybrid CryptographyApplied CryptographyCryptographic AttacksSummaryStudy EssentialsWritten LabReview QuestionsChapter 8: Principles of Security Models, Design, and CapabilitiesSecure Design PrinciplesTechniques for Ensuring CIAUnderstand the Fundamental Concepts of Security ModelsSelect Controls Based on Systems Security RequirementsUnderstand Security Capabilities of Information SystemsSummaryStudy EssentialsWritten LabReview QuestionsChapter 9: Security Vulnerabilities, Threats, andCountermeasuresShared ResponsibilityData Localization and Data SovereigntyAssess and Mitigate the Vulnerabilities of SecurityArchitectures, Designs, and Solution ElementsClient-Based SystemsServer-Based SystemsIndustrial Control SystemsDistributed SystemsHigh-Performance Computing (HPC) SystemsReal-Time Operating SystemsInternet of Things

Page 7

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 7 preview image

Loading page ...

Edge and Fog ComputingEmbedded Devices and Cyber-Physical SystemsMicroservicesInfrastructure as CodeImmutable ArchitectureVirtualized SystemsContainerizationMobile DevicesEssential Security Protection MechanismsCommon Security Architecture Flaws and IssuesSummaryStudy EssentialsWritten LabReview QuestionsChapter 10: Physical Security RequirementsApply Security Principles to Site and Facility DesignImplement Site and Facility Security ControlsImplement and Manage Physical SecuritySummaryStudy EssentialsWritten LabReview QuestionsChapter 11: Secure Network Architecture and ComponentsOSI ModelTCP/IP ModelAnalyzing Network TrafficCommon Application Layer ProtocolsTransport Layer ProtocolsDomain Name System

Page 8

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 8 preview image

Loading page ...

Internet Protocol (IP) NetworkingARP ConcernsSecure Communication ProtocolsImplications of Multilayer ProtocolsSegmentationEdge NetworksWireless NetworksSatellite CommunicationsCellular NetworksContent Distribution Networks (CDNs)Secure Network ComponentsSummaryStudy EssentialsWritten LabReview QuestionsChapter 12: Secure Communications and Network AttacksProtocol Security MechanismsSecure Voice CommunicationsRemote Access Security ManagementMultimedia CollaborationMonitoring and ManagementLoad BalancingManage Email SecurityVirtual Private NetworkSwitching and Virtual LANsNetwork Address TranslationThird-Party ConnectivitySwitching TechnologiesWAN Technologies

Page 9

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 9 preview image

Loading page ...

Fiber-Optic LinksPrevent or Mitigate Network AttacksSummaryStudy EssentialsWritten LabReview QuestionsChapter 13: Managing Identity and AuthenticationControlling Access to AssetsThe AAA ModelImplementing Identity ManagementManaging the Identity and Access Provisioning Life CycleSummaryStudy EssentialsWritten LabReview QuestionsChapter 14: Controlling and Monitoring AccessComparing Access Control ModelsImplementing Authentication SystemsZero-Trust Access Policy EnforcementUnderstanding Access Control AttacksSummaryStudy EssentialsWritten LabReview QuestionsChapter 15: Security Assessment and TestingBuilding a Security Assessment and Testing ProgramPerforming Vulnerability AssessmentsTesting Your SoftwareTraining and Exercises

Page 10

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 10 preview image

Loading page ...

Implementing Security Management Processes andCollecting Security Process DataSummaryExam EssentialsWritten LabReview QuestionsChapter 16: Managing Security OperationsApply Foundational Security Operations ConceptsAddress Personnel Safety and SecurityProvision Information and Assets SecurelyApply Resource ProtectionManaged Services in the CloudPerform Configuration Management (CM)Manage ChangeManage Patches and Reduce VulnerabilitiesSummaryStudy EssentialsWritten LabReview QuestionsChapter 17: Preventing and Responding to IncidentsConducting Incident ManagementImplementing Detection and Preventive MeasuresLogging and MonitoringAutomating Incident ResponseSummaryStudy EssentialsWritten LabReview QuestionsChapter 18: Disaster Recovery Planning

Page 11

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 11 preview image

Loading page ...

The Nature of DisasterUnderstand System Resilience, High Availability, and FaultToleranceRecovery StrategyRecovery Plan DevelopmentTraining, Awareness, and DocumentationTesting and MaintenanceSummaryStudy EssentialsWritten LabReview QuestionsChapter 19: Investigations and EthicsInvestigationsMajor Categories of Computer CrimeEthicsSummaryStudy EssentialsWritten LabReview QuestionsChapter 20: Software Development SecurityIntroducing Systems Development ControlsEstablishing Databases and Data WarehousingStorage ThreatsUnderstanding Knowledge-Based SystemsSummaryStudy EssentialsWritten LabReview QuestionsChapter 21: Malicious Code and Application Attacks

Page 12

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 12 preview image

Loading page ...

MalwareMalware PreventionApplication AttacksInjection VulnerabilitiesExploiting Authorization VulnerabilitiesExploiting Web Application VulnerabilitiesApplication Security ControlsSecure Coding PracticesSummaryStudy EssentialsWritten LabReview QuestionsAppendix A: Answers to Review QuestionsChapter 1: Security Governance Through Principles andPoliciesChapter 2: Personnel Security and Risk ManagementConceptsChapter 3: Business Continuity PlanningChapter 4: Laws, Regulations, and ComplianceChapter 5: Protecting Security of AssetsChapter 6: Cryptography and Symmetric Key AlgorithmsChapter 7: PKI and Cryptographic ApplicationsChapter 8: Principles of Security Models, Design, andCapabilitiesChapter 9: Security Vulnerabilities, Threats, andCountermeasuresChapter 10: Physical Security RequirementsChapter 11: Secure Network Architecture and ComponentsChapter 12: Secure Communications and Network AttacksChapter 13: Managing Identity and Authentication

Page 13

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 13 preview image

Loading page ...

Chapter 14: Controlling and Monitoring AccessChapter 15: Security Assessment and TestingChapter 16: Managing Security OperationsChapter 17: Preventing and Responding to IncidentsChapter 18: Disaster Recovery PlanningChapter 19: Investigations and EthicsChapter 20: Software Development SecurityChapter 21: Malicious Code and Application AttacksAppendix B: Answers to Written LabsChapter 1: Security Governance Through Principles andPoliciesChapter 2: Personnel Security and Risk ManagementConceptsChapter 3: Business Continuity PlanningChapter 4: Laws, Regulations, and ComplianceChapter 5: Protecting Security of AssetsChapter 6: Cryptography and Symmetric Key AlgorithmsChapter 7: PKI and Cryptographic ApplicationsChapter 8: Principles of Security Models, Design, andCapabilitiesChapter 9: Security Vulnerabilities, Threats, andCountermeasuresChapter 10: Physical Security RequirementsChapter 11: Secure Network Architecture and ComponentsChapter 12: Secure Communications and Network AttacksChapter 13: Managing Identity and AuthenticationChapter 14: Controlling and Monitoring AccessChapter 15: Security Assessment and TestingChapter 16: Managing Security OperationsChapter 17: Preventing and Responding to Incidents

Page 14

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 14 preview image

Loading page ...

Chapter 18: Disaster Recovery PlanningChapter 19: Investigations and EthicsChapter 20: Software Development SecurityChapter 21: Malicious Code and Application AttacksIndexEnd User License AgreementList of TablesChapter 2TABLE 2.1 Comparison of quantitative and qualitative riskanalysisTABLE 2.2 Quantitative risk analysis formulasChapter 5TABLE 5.1 Securing email dataTABLE 5.2 Unmodified data within a databaseTABLE 5.3 Masked dataChapter 6TABLE 6.1 AND operation truth tableTABLE 6.2 OR operation truth tableTABLE 6.3 NOT operation truth tableTABLE 6.4 Exclusive OR operation truth tableTABLE 6.5 Using the Vigenère systemTABLE 6.6 The encryption operationTABLE 6.7 Symmetric and asymmetric key comparisonTABLE 6.8 Comparison of symmetric and asymmetriccryptography systemsTABLE 6.9 Symmetric encryption memorization chart

Page 15

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 15 preview image

Loading page ...

Chapter 7TABLE 7.1 Hash algorithm memorization chartTABLE 7.2 Digital certificate formatsChapter 8TABLE 8.1 Subjects and objectsTABLE 8.2 Fail terms' definitions related to physical anddigital productsTABLE 8.3 An access control matrixTABLE 8.4 Common Criteria evaluation assurance levelsChapter 10TABLE 10.1 Static voltage and damageTABLE 10.2 Fire extinguisher classesChapter 11TABLE 11.1 IP classesTABLE 11.2 IP classes' default subnet masksTABLE 11.3 802.11 wireless networking amendmentsTABLE 11.4 UTP categoriesChapter 12TABLE 12.1 Common load-balancing scheduling techniquesTABLE 12.2 Circuit switching vs. packet switchingTABLE 12.3 Bandwidth levels of SDH and SONETList of IllustrationsChapter 1FIGURE 1.1 The CIA TriadFIGURE 1.2 The five elements of AAA services

Page 16

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024) - Page 16 preview image

Loading page ...

FIGURE 1.3 Strategic, tactical, and operational plan timelinecomparisonFIGURE 1.4 An example of diagramming to reveal threatconcernsFIGURE 1.5 A risk matrix or risk heat mapChapter 2FIGURE 2.1 Former employees must return all companyproperty.FIGURE 2.2 The cyclical relationships of risk elementsFIGURE 2.3 The six major elements of quantitative riskanalysisFIGURE 2.4 The categories of security controls in a defense-in-depth impleme...FIGURE 2.5 The elements of the risk managementframework (RMF) (from NIST SP...Chapter 3FIGURE 3.1 Earthquake hazard map of the United StatesChapter 5FIGURE 5.1 Data classificationsFIGURE 5.2 Clearing a hard driveChapter 6FIGURE 6.1 Challenge-response authentication protocolFIGURE 6.2 The magic doorFIGURE 6.3 Symmetric key cryptographyFIGURE 6.4 Asymmetric key cryptographyChapter 7FIGURE 7.1 Asymmetric key cryptographyFIGURE 7.2 Steganography tool
Preview Mode

This document has 1839 pages. Sign in to access the full document!

Study Now!

X-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
Document Chat

Document Details

Subject
Certified Information Systems Security Professional

Related Documents

View all
Certification Guides

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide and Practice Tests (2024)

Prepare confidently with ISC2 CISSP Certified Information Systems Security Professional Official Study Guide and Practice Tests (2024), offering structured revision tests to reinforce key concepts.

Certification Guides

ISC2 CISSP Certified Information Systems Security Professional Official Practice Tests, 4th Edition (2024)

ISC2 CISSP Certified Information Systems Security Professional Official Practice Tests, 4th Edition (2024) is your go-to practice exam, covering essential topics needed for your certification success.

Certification Guides

CISSP Official Study Guide (2021)

CISSP Official Study Guide (2021) provides detailed explanations to help you understand key concepts.

Certification Guides

Official ISC2 Guide to the CISSP CBK (2019)

Official ISC2 Guide to the CISSP CBK (2019) provides detailed explanations to help you understand key concepts.

Certification Guides

The Official ISC2 CISSP CBK Reference (2021)

The Official ISC2 CISSP CBK Reference (2021) helps you master complex topics with simplified explanations.

Certification Guides

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021)

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) makes exam prep stress-free with structured learning.

Certification Guides

CISSP Official Practice Tests (2021)

CISSP Official Practice Tests (2021) is your shortcut to certification success—start preparing today!

Certification Guides

CISSP All-in-One Exam Guide (2021)

CISSP All-in-One Exam Guide (2021) ensures you are exam-ready with expert-curated content.

Certification Guides

All in One CISSP Exam Guide (2022)

All in One CISSP Exam Guide (2022) is designed to make certification prep easy and effective.

Certification Guides

CISSP Cert Guide (2022)

CISSP Cert Guide (2022) is your essential resource for acing certification exams with confidence.