CISSP Exam Cram 2nd Edition

Description

Updated for 2009

Covers the critical information you'll need to know to score higher on your CISSP exam!

* Build and manage an effective, integrated security architecture
* Systematically protect your physical facilities and the IT resources they contain
* Implement and administer access control
* Use cryptography to help guarantee data integrity, confidentiality, and authenticity
* Secure networks, Internet connections, and communications
* Make effective business continuity and disaster recovery plans, and execute them successfully
* Address today's essential legal, regulatory, and compliance issues
* Master the basics of security forensics
* Develop more secure applications and systems from the ground up
* Use security best practices ranging from risk management to operations and auditing
* Understand and perform the crucial non-technical tasks associated with IT security

CD Features Test Engine Powered by MeasureUp!

* Detailed explanations of correct and incorrect answers
* Multiple test modes
* Random questions and order of answers
* Coverage of each CISSP exam domain

CONTENTS:

Introduction 1

Chapter 1:

The CISSP Certification Exam ............................................................15

Introduction ..............................................................................................16

Assessing Exam Readiness........................................................................16

Taking the Exam.......................................................................................17

Multiple-Choice Question Format ..........................................................19

Exam Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Question-Handling Strategies..................................................................21

Mastering the Inner Game.......................................................................21

Need to Know More?...............................................................................22

Chapter 2:

Physical Security ...........................................................................23

Introduction ..............................................................................................24

Physical Security Risks .............................................................................24

Natural Disasters.............................................................................25

Man-Made Threats .........................................................................26

Technical Problems .........................................................................27

Facility Concerns and Requirements.......................................................28

CPTED ...........................................................................................28

Area Concerns .................................................................................29

Location. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Construction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Doors, Walls, Windows, and Ceilings............................................31

Asset Placement...............................................................................34

Perimeter Controls...................................................................................34

Fences ..............................................................................................34

Gates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Bollards ............................................................................................37

CCTV Cameras ..............................................................................38

Lighting ...........................................................................................39

Guards and Dogs.............................................................................40

Locks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Employee Access Control ........................................................................44

Badges, Tokens, and Cards..............................................................44

Biometric Access Controls ..............................................................46

Environmental Controls...........................................................................47

Heating, Ventilating, and Air Conditioning...................................48

Electrical Power........................................................................................49

Uninterruptible Power Supply .......................................................50

Equipment Life Cycle ..............................................................................50

Fire Prevention, Detection, and Suppression..........................................51

Fire-Detection Equipment..............................................................52

Fire Suppression ..............................................................................52

Alarm Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Intrusion Detection Systems...........................................................55

Monitoring and Detection ..............................................................56

Exam Prep Questions ...............................................................................58

Answers to Exam Prep Questions............................................................60

Suggested Reading and Resources ...........................................................61

Chapter 3:

Access Control Systems and Methodology .............................................63

Introduction ..............................................................................................64

Identification, Authentication, and Authorization ..................................65

Authentication .................................................................................65

Single Sign-On .........................................................................................78

Kerberos. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

SESAME. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Authorization and Access Controls Techniques ......................................81

Discretionary Access Control .........................................................81

Mandatory Access Control..............................................................82

Role-Based Access Control .............................................................84

Other Types of Access Controls .....................................................85

Access Control Methods ..........................................................................86

Centralized Access Control.............................................................86

Decentralized Access Control.........................................................89

Access Control Types ...............................................................................90

Administrative Controls ..................................................................90

Technical Controls ..........................................................................91

Physical Controls.............................................................................91

Access Control Categories ..............................................................92

Audit and Monitoring...............................................................................93

Monitoring Access and Usage ........................................................93

Intrusion Detection Systems...........................................................94

Intrusion Prevention Systems .........................................................98

Network Access Control .................................................................98

Keystroke Monitoring.....................................................................99

Emanation Security .......................................................................100

Access Control Attacks ...........................................................................101

Password Attacks ...........................................................................101

Spoofing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Sniffing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Eavesdropping and Shoulder Surfing...........................................105

Wiretapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Identity Theft ................................................................................106

Denial of Service Attacks ..............................................................107

Distributed Denial of Service Attacks ..........................................109

Botnets ...........................................................................................109

Exam Prep Questions .............................................................................111

Answers to Exam Prep Questions..........................................................113

Suggesting Reading and Resources........................................................115

Chapter 4:

Cryptography...............................................................................117

Introduction ............................................................................................118

Cryptographic Basics ..............................................................................118

History of Encryption ............................................................................121

Steganography ........................................................................................126

Steganography Operation .............................................................127

Digital Watermark ........................................................................128

Algorithms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Cipher Types and Methods ....................................................................130

Symmetric Encryption ...........................................................................131