- CISSP in 21 Days Second Edition
- CISSP in 21 Days Second Edition
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Preface
- 1. Day 1 – Security and Risk Management - Security, Compliance, and Policies
- 2. Day 2 – Security and Risk Management - Risk Management, Business Continuity, and Security Education
- 3. Day 3 – Asset Security - Information and Asset Classification
- 4. Day 4 – Asset Security - Data Security Controls and Handling
- 5. Day 5 – Exam Cram and Practice Questions
- 6. Day 6 – Security Engineering - Security Design, Practices, Models, and Vulnerability Mitigation
- 7. Day 7 – Security Engineering - Cryptography
- 8. Day 8 – Communication and Network Security - Network Security
- An overview of communication and network security
- Network architecture, protocols, and technologies
- Open System Interconnect (OSI) model
- OSI layers and security
- Application layer protocols and security
- Presentation layer protocols and security
- Summary
- Sample questions
- 9. Day 9 – Communication and Network Security - Communication Security
- An overview of communication security
- Security in communication channels
- Attacks on communication networks
- Preventing or mitigating communication network attacks
- Summary
- Sample questions
- 10. Day 10 – Exam Cram and Practice Questions
- 11. Day 11 – Identity and Access Management - Identity Management
- 12. Day 12 – Identity and Access Management - Access Management, Provisioning, and Attacks
- 13. Day 13 – Security Assessment and Testing - Designing, Performing Security Assessment, and Tests
- An overview of security assessment and testing
- Security assessment and test strategies
- Security controls
- Summary
- Sample questions
- 14. Day 14 – Security Assessment and Testing - Controlling, Analyzing, Auditing, and Reporting
- 15. Day 15 – Exam Cram and Practice Questions
- 16. Day 16 – Security Operations - Foundational Concepts
- An overview of operations security
- The physical security design
- Physical and operations security controls
- Operations/facility security
- Protecting and securing equipment
- Computer investigations
- Summary
- Sample questions
- 17. Day 17 – Security Operations - Incident Management and Disaster Recovery
- 18. Day 18 – Software Development Security - Security in Software Development Life Cycle
- 19. Day 19 – Software Development Security - Assessing effectiveness of Software Security
- 20. Day 20 – Exam Cram and Practice Questions
- 21. Day 21 – Exam Cram and Mock Test
Q1. During a periodical review of information security controls and their effectiveness in a corporation, that a file was found to be containing privacy-related data in a publicly accessible location. Which one of the following is ultimately responsible for such a security violation?
- Data user
- Data custodian
- Data owner
- Data auditor
Q2. ______ is a cryptographic method in which plain text is scrambled to form a scrambled text that is not directly readable without unscrambling.
- Hashing
- Transposition
- Transformation
- Encryption
Q3. Which one of the following is a malicious threat?
- Software weakness
- Wrong configuration
- Botnet
- Weak encryption
Q4. Which one of the following is a Recovery Time Objective (RTO)?
- Recovery of data that was processed up to last week
- Recovery of statistical data for the past 12 months
- Recovery of IT Systems within 4 hours
- Recovery of people in the event of disaster
Q5. Which of the following represents Data in use? Drag and drop the correct examples to the red box.
Q6. ________ is a type of cybercrime wherein an unsuspecting user is lured by way of emails or pop-up messages to visit attacker-constructed malicious websites.
- Farming
- Framing
- Mishing
- Phishing
Q7. A corporation establishes security policies and procedures based on proper risk assessment and compliance requirements. Such an activity is called______.
- Risk management
- Risk mitigation strategy
- Due diligence
- Due care
Q8. Which of the following information classifications mandates the need to know principle?
- Confidential
- Sensitive
- Public Trust
- Non-Public
Q9. A cyber attack is perpetrated against a corporate network with the intention of destabilizing the systems and gaining competitive advantage. Such an attack can be referred as______.
- Cyberterrorism
- Cyber bullying
- Cyber stalking
- Denial of Service
Q10. Which one of the following is not a best security practice?
-
No Comment