- CISSP in 21 Days Second Edition
- CISSP in 21 Days Second Edition
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Preface
- 1. Day 1 – Security and Risk Management - Security, Compliance, and Policies
- 2. Day 2 – Security and Risk Management - Risk Management, Business Continuity, and Security Education
- 3. Day 3 – Asset Security - Information and Asset Classification
- 4. Day 4 – Asset Security - Data Security Controls and Handling
- 5. Day 5 – Exam Cram and Practice Questions
- 6. Day 6 – Security Engineering - Security Design, Practices, Models, and Vulnerability Mitigation
- 7. Day 7 – Security Engineering - Cryptography
- 8. Day 8 – Communication and Network Security - Network Security
- An overview of communication and network security
- Network architecture, protocols, and technologies
- Open System Interconnect (OSI) model
- OSI layers and security
- Application layer protocols and security
- Presentation layer protocols and security
- Summary
- Sample questions
- 9. Day 9 – Communication and Network Security - Communication Security
- An overview of communication security
- Security in communication channels
- Attacks on communication networks
- Preventing or mitigating communication network attacks
- Summary
- Sample questions
- 10. Day 10 – Exam Cram and Practice Questions
- 11. Day 11 – Identity and Access Management - Identity Management
- 12. Day 12 – Identity and Access Management - Access Management, Provisioning, and Attacks
- 13. Day 13 – Security Assessment and Testing - Designing, Performing Security Assessment, and Tests
- An overview of security assessment and testing
- Security assessment and test strategies
- Security controls
- Summary
- Sample questions
- 14. Day 14 – Security Assessment and Testing - Controlling, Analyzing, Auditing, and Reporting
- 15. Day 15 – Exam Cram and Practice Questions
- 16. Day 16 – Security Operations - Foundational Concepts
- An overview of operations security
- The physical security design
- Physical and operations security controls
- Operations/facility security
- Protecting and securing equipment
- Computer investigations
- Summary
- Sample questions
- 17. Day 17 – Security Operations - Incident Management and Disaster Recovery
- 18. Day 18 – Software Development Security - Security in Software Development Life Cycle
- 19. Day 19 – Software Development Security - Assessing effectiveness of Software Security
- 20. Day 20 – Exam Cram and Practice Questions
- 21. Day 21 – Exam Cram and Mock Test
Q1. Which one of the following is not a mandatory access control?
- Rule-based access control
- Role-based access control
- Lattice based access control
- Discretionary access control
Q2. If access to an object is controlled based on parameters such as location, time, and so on, then this type of access control is known as what?
- Content-dependent access control
- Context-dependent access control
- Character-dependent access control
- Class-dependent access control
Q3. Which one of the following is also called as a logic bomb?
- Spoofing
- Trojan horse getting activated on an event
- Vulnerability exploitation by an attacker
- Virus
Q4. Dictionary attack is a type of?
- Denial-of-Service attack
- Spoofing
- Password guessing attack
- Social engineering
Q5. Basic functionality of the malicious code is to_______.
- Upgrade the operating system
- Execute itself in the client system
- Spoof
- Denial-of-Service
Q6. CAPTCHA is one of the popular mechanisms used by websites to control input to the access control system is supplied by humans and not machines. This mechanism is called Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA). Which type of machines is this access control system predominantly concerned with?
- WebDots
- BotNets
- WebBots
- WebNets
Q7. The Man-in-the-middle attack is an example of_______.
- Sniffing
- Spoofing
- Eavesdropping
- Cache poisoning
Q8. Hiding or showing menus in an application depending on the access permissions of a user is known as________.
- Context-dependent access control
- Content-dependent access control
- Mandatory access control
- Role based access control
-
No Comment