CISSP Study Guide
eBook - ePub

CISSP Study Guide

  1. 640 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

CISSP Study Guide

About this book

CISSP Study Guide serves as a review for those who want to take the Certified Information Systems Security Professional (CISSP) exam and obtain CISSP certification. The exam is designed to ensure that someone who is handling computer security in a company has a standardized body of knowledge. The book is composed of 10 domains of the Common Body of Knowledge. In each section, it defines each domain. It also provides tips on how to prepare for the exam and take the exam. It also contains CISSP practice quizzes to test ones knowledge. The first domain provides information about risk analysis and mitigation. It also discusses security governance. The second domain discusses different techniques for access control, which is the basis for all the security disciplines. The third domain explains the concepts behind cryptography, which is a secure way of communicating that is understood only by certain recipients. Domain 5 discusses security system design, which is fundamental for operating the system and software security components. Domain 6 is a critical domain in the Common Body of Knowledge, the Business Continuity Planning, and Disaster Recovery Planning. It is the final control against extreme events such as injury, loss of life, or failure of an organization. Domains 7, 8, and 9 discuss telecommunications and network security, application development security, and the operations domain, respectively. Domain 10 focuses on the major legal systems that provide a framework in determining the laws about information system.- Clearly Stated Exam Objectives- Unique Terms / Definitions- Exam Warnings- Helpful Notes- Learning By Example- Stepped Chapter Ending Questions- Self Test Appendix- Detailed Glossary- Web Site (http://booksite.syngress.com/companion/conrad) Contains Two Practice Exams and Ten Podcasts-One for Each Domain

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access CISSP Study Guide by Joshua Feldman,Seth Misenar,Eric Conrad in PDF and/or ePUB format, as well as other popular books in Computer Science & Certification Guides in Computer Science. We have over one million books available in our catalogue for you to explore.

Chapter 1

Introduction

Exam objectives in this chapter

ā€¢ How to Prepare for the Exam
ā€¢ How to Take the Exam
ā€¢ Good Luck!
This book is born out of real-world information security industry experience. The authors of this book have held the titles of systems administrator, systems programmer, network engineer/security engineer, security director, HIPAA security officer, ISSO, security consultant, instructor, and others.
This book is also born out of real-world instruction. We have logged countless road miles teaching information security classes to professionals around the world. We have taught thousands of students in hundreds of classes: both physically on most of the continents, as well as online. Classes include CISSPĀ®, of course, but also penetration testing, security essentials, hacker techniques, information assurance boot camps, and others.
Good instructors know that students have spent time and money to be with them, and time can be the most precious. We respect our students and their time: we do not waste it. We teach our students what they need to know, and we do so as efficiently as possible.
This book is also a reaction to other books on the same subject. As the years have passed, other booksā€™ page counts have grown, often past 1000 pages. As Larry Wall once said, ā€œThere is more than one way to do it.ā€1 Those are fine books, but our experience tells us that there is another way. If we can teach someone with the proper experience how to pass the CISSPĀ® exam in a 6-day boot camp, is a 1000+ page CISSPĀ® book plus really necessary?
We asked ourselves: what can we do that has not been done before? What can we do better or differently? Can we write a shorter book that gets to the point, respects our studentā€™s time, and allows them to pass the exam?
We believe the answer is yes: you are reading the result. We know what is important, and we will not waste your time. This book will teach you what you need to know, and do so as concisely as possible.

How to prepare for the exam

Read this book, and understand it: all of it. If we cover a subject in this book, we are doing so because it is testable (unless noted otherwise). The exam is designed to test your understanding of the Common Body of Knowledge, which may be thought of as the universal language of information security professionals. It is said to be ā€œa mile wide and two inches deep.ā€ Formal terminology is critical: pay attention to it.
Learn the acronyms in this book and the words they represent, backwards and forwards. Both the glossary and index of this book are highly detailed, and map from acronym to name. We did this because it is logical for a technical book, and also to get you into the habit of understanding acronyms forwards and backwards.
Much of the exam question language can appear unclear at times: formal terms from the Common Body of Knowledge can act as a beacon to lead you through the more difficult questions, highlighting the words in the question that really matter.

The Notes Card Approach

As you are studying, keep a ā€œnotes cardā€ file for highly specific information that does not lend itself to immediate retention. A notes card is simply a text file (you can create it with a simple editor like Wordpad) that contains a condensed list of detailed information.
Populate your notes card with any detailed information (which you do not already know from previous experience) which is important for the exam, like the five levels of the Software Capability Maturity Level (CMM; covered in Chapter 9, Domain 8: Application Development Security), or the ITSEC and Common Criteria Levels (covered in Chapter 6, Domain 5: Security Architecture and Design), for example.
The goal of the notes card is to avoid getting lost in the ā€œweedsā€: drowning in specific information that is difficult to retain on first sight. Keep your studies focused on core concepts, and copy specific details to the notes card. When you are done, print the file. As your exam date nears, study your notes card more closely. In the days before your exam, really focus on those details.

Practice Tests

Quizzing can be the best way to gauge your understanding of this material, and of your readiness to take the exam. A wrong answer on a test question acts as a laser beam: showing you what you know, and more importantly, what you do not know. Each chapter in this book has 15 practice test questions at the end, ranging from easy to medium to hard. The Self Test Appendix includes explanations for all correct and incorrect answers; these explanations are designed to help you understand why the answers you chose were marked correct or incorrect. This bookā€™s companion Web site is located at http://booksite.syngress.com/companion/Conrad. It contains 500 questions written specifically for this book: two full practice exams. Use them. The companion site also contains 10 podcasts, each providing an overview of one of the 10 domains of knowledge.
You should aim for 80% plus correct answers on any practice test. The real exam requires 700 out of 1000 points, but achieving 80%+ on practice tests will give you some margin for error. Take these quizzes closed-book, just as you will take the real exam. Pay careful attention to any wrong answers, and be sure to reread the relevant section of this book. Identify any weaker domains (we all have them): domains where you consistently get more wrong answers than others. Then focus your studies on those weak areas.

Read the Glossary

As you wrap up your studies, quickly read through the glossary towards the back of this book. It has over 1000 entries, and is highly detailed by design. The glossary definitions should all be familiar concepts to you at this point.
If you see a glossary definition that is not clear or obvious to you, go back to the chapter it is based on, and reread that material. Ask yourself: do I understand this concept enough to answer a question about it?

Readiness Checklist

These steps will serve as a ā€œreadiness checklistā€ as you near the exam day. If you are consistently scoring over 80% on practice tests, understand all glossary terms, and perform a final thorough read through of your notes card, you are ready to go.

How to take the exam

The CISSPĀ® exam is an old-school paper-and-pencil exam. You take it with a #2 pencil, question booklet, and Scantron answer sheet. You will be carefully filling in circles with your pencil, flashing back to fond (or not-so-fond) memories of exams like the SAT exam in high school.
The exam has 250 questions, with a 6-hour time limit. Six hours sounds like a long time, until you do the math: 250 questions in 360 minutes leaves less than a minute and a half to answer each question. The exam is long and can be grueling; it is also a race against time. Preparation is the key to success.

Steps to Becoming a CISSPĀ®

Becoming a CISSPĀ® requires four steps:
ā€¢ Proper professional information security experience
ā€¢ Agreeing to the (ISC)2 Ā© code of ethics
ā€¢ Passing the CISSPĀ® exam
ā€¢ Endorsement by another CISSPĀ®
Additional details are available on the examination registration form available at www.isc2.org.
The exam currently requires 5 years of professional experience in 2 or more of the 10 domains of knowledge. Those domains are covered in Chapters 2-11 of this book. You may waive 1 year with a college degree or approved certification; see the examination registration form for more information.
You may pass the exam before you have enough professional experience and become an ā€œAssociate of (ISC)2 Ā©.ā€ Once you meet the experience requirement, you can then complete the process and become a CISSPĀ®.
The (ISC)2 Ā© code of ethics is discussed in both Chapter 2, Domain 1: Information Security Governance and Risk Management; and Chapter 11, Domain 10: Legal, Regulations, Investigations, and Compliance.
Passing the exam is discussed in section ā€œHow to Take the Exam,ā€ and we discuss endorsement in section ā€œAfter the Examā€ below.

Exam Logistics

The CISSPĀ® exam schedule is posted at (ISC)2 Ā© Web site, http://www.isc2.org/, under the ā€œCertification Programsā€ tab at ā€œRegister Now/View Schedules.ā€ Exams often sell out, so if there is a date and time that works well for you, consider locking that date in and booking the exam.
If the exam is being held at a hotel, consider staying in the hotel the night before. This will ensure you are already onsite the morning of the exam, and will help you be calm, cool, and collected. If you must drive to the exam the morning of the exam, leave plenty of time. Consider getting to the site over an hour early, or plan to grab breakfast nearby. This will build in a time buffer, in case something goes wrong. As information security professionals like to say: plan for the worst, and hope for the best.
Be sure to bring snacks and a beverage with you; your exam proctor will probably require you to keep these in a bag in the back of the room. Make sure you get up at least every hour or hour and a half, and walk around the room a bit, and grab a small bite or drink. The time you spend doing this is ā€œwall time,ā€ but it is time well spent. You will not remain mentally sharp if you sit in a chair for 6 hour without eating, drinking, or moving. Your brain will be operating at high capacity, and will require plenty of oxygen. Keep your blood flowing by walking around the room now and again.
Also bring some #2 pencils, and a good eraser. ā€œGoodā€ means an eraser that erases (and does not smudge). Test your pencils and eraser. Ear plugs may also be handy: some hotels have ā€œairā€ walls that do not muffle sound very well. Hotels can be loud places, especially on weekends (when most exams are held).
The exam is available in multiple languages; currently they are available in English, Japanese, Korean, German, French, and Spanish. If your native language is not available, you may take a translation-only dictionary with you and use it during the exam. Expect the proctor to inspect this closely. More details are available on the examination registration form available at www.isc2.org.
Remember that the exam is closed-book: it comes down to you, a #2 pencil, a question booklet, and answer key. Mentally prepare accordingly.

How to Take the Exam

The exam has 250 multiple-choice questions with four possible answers, lettered A, B, C, or D. Each question has one correct answer. A blank answer is a wrong answer: guessing does not hurt you. At the end of your exam, all 250 questions should have one answer chosen.
The questions will be mixed from the 10 domains; the questions do not (overtly) state the domain they are based on. There are 25 research questions (10% of the exam) that do not count towards your final score. These questions are not marked: you must answer all 250 questions as if they count.
Scan all questions for the key words, including formal Common Body of Knowledge terms. Acronyms are your friend: you can identify them quickly, and they are often impor...

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Acknowledgments
  6. About the authors
  7. Chapter 1. Introduction
  8. Chapter 2. Domain 1: Information security governance and risk management
  9. Chapter 3. Domain 2: Access control
  10. Chapter 4. Domain 3: Cryptography
  11. Chapter 5. Domain 4: Physical (Environmental) security
  12. Chapter 6. Domain 5: Security architecture and design
  13. Chapter 7. Domain 6: Business continuity and disaster recovery planning
  14. Chapter 8. Domain 7: Telecommunications and network security
  15. Chapter 9. Domain 8: Application development security
  16. Chapter 10. Domain 9: Operations security
  17. Chapter 11. Domain 10: Legal, regulations, investigations, and compliance
  18. APPENDIX: Self test
  19. Glossary
  20. Index