- CISSP in 21 Days Second Edition
- CISSP in 21 Days Second Edition
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Preface
- 1. Day 1 – Security and Risk Management - Security, Compliance, and Policies
- 2. Day 2 – Security and Risk Management - Risk Management, Business Continuity, and Security Education
- 3. Day 3 – Asset Security - Information and Asset Classification
- 4. Day 4 – Asset Security - Data Security Controls and Handling
- 5. Day 5 – Exam Cram and Practice Questions
- 6. Day 6 – Security Engineering - Security Design, Practices, Models, and Vulnerability Mitigation
- 7. Day 7 – Security Engineering - Cryptography
- 8. Day 8 – Communication and Network Security - Network Security
- An overview of communication and network security
- Network architecture, protocols, and technologies
- Open System Interconnect (OSI) model
- OSI layers and security
- Application layer protocols and security
- Presentation layer protocols and security
- Summary
- Sample questions
- 9. Day 9 – Communication and Network Security - Communication Security
- An overview of communication security
- Security in communication channels
- Attacks on communication networks
- Preventing or mitigating communication network attacks
- Summary
- Sample questions
- 10. Day 10 – Exam Cram and Practice Questions
- 11. Day 11 – Identity and Access Management - Identity Management
- 12. Day 12 – Identity and Access Management - Access Management, Provisioning, and Attacks
- 13. Day 13 – Security Assessment and Testing - Designing, Performing Security Assessment, and Tests
- An overview of security assessment and testing
- Security assessment and test strategies
- Security controls
- Summary
- Sample questions
- 14. Day 14 – Security Assessment and Testing - Controlling, Analyzing, Auditing, and Reporting
- 15. Day 15 – Exam Cram and Practice Questions
- 16. Day 16 – Security Operations - Foundational Concepts
- An overview of operations security
- The physical security design
- Physical and operations security controls
- Operations/facility security
- Protecting and securing equipment
- Computer investigations
- Summary
- Sample questions
- 17. Day 17 – Security Operations - Incident Management and Disaster Recovery
- 18. Day 18 – Software Development Security - Security in Software Development Life Cycle
- 19. Day 19 – Software Development Security - Assessing effectiveness of Software Security
- 20. Day 20 – Exam Cram and Practice Questions
- 21. Day 21 – Exam Cram and Mock Test
Q1. Which one of the following is considered the BEST penetration testing method when the organization wants to ascertain the hacking possibilities from external networks to the internal systems?
- Black box testing
- Blue box testing
- Grey box testing
- White box testing
Q2. Vulnerabilities in IT systems are considered:
- Holes or errors
- Software functionality
- Hardware functionality
- None of the above
Q3. Which of the following step is not a vulnerability assessment and penetration testing process?
- Scope
- Result analysis
- Software development
- Reporting
Q4. Common Vulnerabilities and Exposures (CVE) is a:
- Dictionary
- Database
- Software program
- Vulnerability
Q5. The National Vulnerability Database (NVD) provides:
- Common Software defects
- Common Vulnerability Scoring System
- Common Vulnerability Sorting System
- Common hardware defects
Q6. If you need to address multi-level security requirements, which of the following models will you choose?
- Take-Grant Model
- Bell-LaPadula Model
- Biba Model
- Clark-Wilson Model
Q7. A boundary condition error results in:
- Buffer overflow
- Buffer reset
- Segmentation fault
- System reset
Q8. Which of the following statement about the Biba model is FALSE?
- Data integrity model
- No read up
- No read down
- No write up
Q9. Which of the following are used as evaluation parameters in Information Technology Security Evaluation Criteria (ITSEC)?
Q10. Which one of the following is a true representation of the protection domain in a Trusted Computer System (TCS)?
- It is a function to control or prevent direct access by an insecure or lower-level entity to a secure or higher-level entity
- It is a function to control or prevent direct access by an insecure or higher-level entity to a secure or higher-level entity
- It is a function to control or prevent direct access by an insecure or higher-level entity to a secure or lower-level entity
- It is a function to control or prevent direct access by an insecure or lower-level entity to an insecure or higher-level entity
-
No Comment