ISC2 CISSP Study Guide 8th edition

Gain hands-on expertise in the ISC2 CISSP certification exam with CISSP course and performance-based labs. Performance-based labs simulate real-world, hardware, software & command line interface environments and can be mapped to any text-book, course & training. The complete study guide provides complete coverage of ISC2 CISSP exam objectives and includes topics such as business continuity planning, asset security, cryptography, PKI, cryptographic applications, laws, regulations, and compliance, and so on. The cert guide provide you all the necessary skills and knowledge required for understanding and using all the basic and advanced security principles and methods.

Here's what you will get

The vendor-neutral ISC2 CISSP certification is the ideal credential for those with proven deep technical and managerial competence to design, engineer, implement, and manage the overall information security program to protect organizations. This exam validates working knowledge of information technology security of an IT professional. The exam covers the ten domains of knowledge, including access control, business continuity, and security architecture.

Lessons
Lessons
22+
Quizzes
420+
Flashcards
742+
Glossary of terms
1221+
Test prep
Pre-assessment Questions
115+
Full Length Tests
3+
Post-Assessment Questions
115+
Lab
Performance lab
109+
Exam FAQs
What are the prerequisites for this exam?

ISC2 has the following pre-requisites:

  • At least five years of cumulative, paid, full-time work experience.
  • In two or more of the eight domains of the (ISC)2 CISSP Common Body of Knowledge (CBK).
What is the exam registration fee? USD 699
Where do I take the exam? Pearson VUE
What is the format of the exam? Multiple choice questions and advanced innovative questions
How many questions are asked in the exam? The exam contains 100-150 questions.
What is the duration of the exam? 180 minutes
What is the passing score? 700

(on a scale of 0-1000)

What is the exam's retake policy?
  • A candidate may sit for CISSP exam up to three times within a 12-month period.
  • If a candidate does not pass the exam the first time, he/she may retest after 30 test-free days.
  • If a candidate does not pass the exam the second time, he/she may retest after an additional 90 test-free days.
  • If a candidate does not pass the exam the third time, he/she may retest after 180 test-free days from their most recent exam attempt.
What is the validity of the certification? Three years
Where can I find more information about this exam? To know more about the CISSP-2018, click here.
Which certification covers this exam?
What are the career opportunities after passing this exam?
  • Security Auditor
  • Security Consultant
  • IT Director/Manager
  • Security Systems Engineer
  • Chief Information Security Officer

Here's what you will learn

  • Overview of the CISSP Exam
  • Notes on This Course's Organization
  • Understand and Apply Concepts of Confidentiality, Integrity, and Availability
  • Evaluate and Apply Security Governance Principles
  • Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
  • Understand and Apply Threat Modeling Concepts and Methodologies
  • Apply Risk-Based Management Concepts to the Supply Chain
  • Summary
  • Exam Essentials
  • Written Lab
  • Personnel Security Policies and Procedures
  • Security Governance
  • Understand and Apply Risk Management Concepts
  • Establish and Maintain a Security Awareness, Education, and Training Program
  • Manage the Security Function
  • Summary
  • Exam Essentials
  • Written Lab
  • Planning for Business Continuity
  • Project Scope and Planning
  • Business Impact Assessment
  • Continuity Planning
  • Plan Approval and Implementation
  • Summary
  • Exam Essentials
  • Written Lab
  • Categories of Laws
  • Laws
  • Compliance
  • Contracting and Procurement
  • Summary
  • Exam Essentials
  • Written Lab
  • Identify and Classify Assets
  • Determining Ownership
  • Using Security Baselines
  • Summary
  • Exam Essentials
  • Written Lab
  • Historical Milestones in Cryptography
  • Cryptographic Basics
  • Modern Cryptography
  • Symmetric Cryptography
  • Cryptographic Lifecycle
  • Summary
  • Exam Essentials
  • Written Lab
  • Asymmetric Cryptography
  • Hash Functions
  • Digital Signatures
  • Public Key Infrastructure
  • Asymmetric Key Management
  • Applied Cryptography
  • Cryptographic Attacks
  • Summary
  • Exam Essentials
  • Written Lab
  • Implement and Manage Engineering Processes Using Secure Design Principles
  • Understand the Fundamental Concepts of Security Models
  • Select Controls Based On Systems Security Requirements
  • Understand Security Capabilities of Information Systems
  • Summary
  • Exam Essentials
  • Written Lab
  • Assess and Mitigate Security Vulnerabilities
  • Client-Based Systems
  • Server-Based Systems
  • Database Systems Security
  • Distributed Systems and Endpoint Security
  • Internet of Things
  • Industrial Control Systems
  • Assess and Mitigate Vulnerabilities in Web-Based Systems
  • Assess and Mitigate Vulnerabilities in Mobile Systems
  • Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
  • Essential Security Protection Mechanisms
  • Common Architecture Flaws and Security Issues
  • Summary
  • Exam Essentials
  • Written Lab
  • Apply Security Principles to Site and Facility Design
  • Implement Site and Facility Security Controls
  • Implement and Manage Physical Security
  • Summary
  • Exam Essentials
  • Written Lab
  • OSI Model
  • TCP/IP Model
  • Converged Protocols
  • Wireless Networks
  • Secure Network Components
  • Cabling, Wireless, Topology, Communications, and Transmission Media Technology
  • Summary
  • Exam Essentials
  • Written Lab
  • Network and Protocol Security Mechanisms
  • Secure Voice Communications
  • Multimedia Collaboration
  • Manage Email Security
  • Remote Access Security Management
  • Virtual Private Network
  • Virtualization
  • Network Address Translation
  • Switching Technologies
  • WAN Technologies
  • Miscellaneous Security Control Characteristics
  • Security Boundaries
  • Prevent or Mitigate Network Attacks
  • Summary
  • Exam Essentials
  • Written Lab
  • Controlling Access to Assets
  • Comparing Identification and Authentication
  • Implementing Identity Management
  • Managing the Identity and Access Provisioning Lifecycle
  • Summary
  • Exam Essentials
  • Written Lab
  • Comparing Access Control Models
  • Understanding Access Control Attacks
  • Summary
  • Exam Essentials
  • Written Lab
  • Building a Security Assessment and Testing Program
  • Performing Vulnerability Assessments
  • Testing Your Software
  • Implementing Security Management Processes
  • Summary
  • Exam Essentials
  • Written Lab
  • Applying Security Operations Concepts
  • Securely Provisioning Resources
  • Managing Configuration
  • Managing Change
  • Managing Patches and Reducing Vulnerabilities
  • Summary
  • Exam Essentials
  • Written Lab
  • Managing Incident Response
  • Implementing Detective and Preventive Measures
  • Logging, Monitoring, and Auditing
  • Summary
  • Exam Essentials
  • Written Lab
  • The Nature of Disaster
  • Understand System Resilience and Fault Tolerance
  • Recovery Strategy
  • Recovery Plan Development
  • Training, Awareness, and Documentation
  • Testing and Maintenance
  • Summary
  • Exam Essentials
  • Written Lab
  • Investigations
  • Major Categories of Computer Crime
  • Ethics
  • Summary
  • Exam Essentials
  • Written Lab
  • Introducing Systems Development Controls
  • Establishing Databases and Data Warehousing
  • Storing Data and Information
  • Understanding Knowledge-Based Systems
  • Summary
  • Exam Essentials
  • Written Lab
  • Malicious Code
  • Password Attacks
  • Application Attacks
  • Web Application Security
  • Reconnaissance Attacks
  • Masquerading Attacks
  • Summary
  • Exam Essentials
  • Written Lab

Hands on Activities (Labs)

  • Disk-Level Encryption
  • EFS (Encryption File System)
  • Configuring Audit Group Policy 
  • Complete Chain of Custody
  • Assigning Permissions to Folders
  • Identifying risk actions
  • Understanding elements of risk
  • Identifying steps in quantitative risk analysis
  • Standard access control list
  • Extended access control list
  • Identifying phases in BCP process
  • Identifying CFAA provisions
  • Checking the integrity of messages through MAC values
  • Identifying asymmetric algorithms
  • Identifying cryptographic attacks
  • Using OpenSSL to create a public/private key pair
  • Observe an SHA-Generated Hash Value
  • Observe an MD5-Generated Hash Value
  • Identifying sequence of sender's process in digital signature system
  • Understanding PKCS standards
  • Identifying OSI layer functions
  • Identifying OSI layers
  • Identifying steps in the encapsulation/decapsulation process
  • Identifying connectionless communication
  • Identifying abbreviations for various Internet layer protocols
  • Identifying TCP/IP protocol layers
  • Identifying TCP/IP layers
  • Identifying flag bit designator
  • Using Windows Firewall
  • Configuring Linux Firewall using iptable 
  • Identifying gateway firewalls
  • Identifying hardware devices
  • Connecting systems to the Internet through a router
  • Identifying firewall techniques
  • Identifying types of cable
  • Identifying components of a coaxial cable
  • Identifying network topologies
  • Identifying UTP categories
  • Identifying steps in CSMA technology
  • Identifying LAN sub technologies
  • Configuring IPSec
  • Configure VLAN
  • Identifying secure communication protocols
  • Identifying authentication protocols
  • Identifying phreaker tools
  • Identifying security solutions
  • Configuring VPN
  • Identifying VPN protocols
  • Static NAT (Network Address Translation)
  • Dynamic NAT (Network Address Translation)
  • Understanding NAT
  • Identifying switching technology properties
  • Identifying specialized protocols
  • Understanding transparency
  • Understanding security boundaries
  • Using ettercap for ARP Spoofing
  • Identifying types of Denial of Service attacks
  • Identifying access control types
  • Identifying authorization mechanisms
  • Restricting local accounts
  • Identifying drawbacks of Kerberos authentication
  • Identifying components of the Kerberos authentication protocol
  • Identifying authentication services
  • Identifying responsibilities
  • Reviewing an authorization letter for penetration testing
  • Identifying attacks
  • Identifying social engineering attacks
  • Configuring User Access Control Setting
  • Scanning Ports using Metasploit
  • Exploiting Windows 7 using Metasploit
  • Enabling a Keylogger in a Target Machine
  • Conducting vulnerability scanning using Nessus
  • Scan using nmap
  • Identifying terms associated with data destruction
  • Identifying steps within an effective patch management program
  • Identifying steps in incident response management
  • Enabling intrusion prevention and detection
  • Configuring Snort
  • Identifying malicious attacks
  • Working with a host-based IDS
  • Identifying sequence in which the IDS instructs the TCP to reset connections
  • DoS Attacks with SYN Flood
  • Identifying RAID level characteristics
  • Identifying processing sites in disaster recovery plan
  • Identifying disaster recovery plan tests
  • Full Backup
  • Incremental Backup
  • Configure RAID 5
  • Identifying computer crime types
  • Identifying stages in a waterfall lifecycle model
  • Understanding object-oriented programming terms
  • Identifying levels in Software Capability Maturity Model
  • Identifying testing methods
  • Identifying primary phases of SDLC
  • Identifying keys in a database
  • Identifying storage types
  • Causing a Darkcomet Trojan Infection
  • Identifying types of viruses
  • Identifying types of viruses
  • Using John the Ripper
  • Using Social Engineering Techniques to Plan an Attack
  • Attacking a Website using XSS Injection
  • Cross-Site Request Forgery with low complexity
  • Exploiting a Website using SQL Injection
  • Understanding application attacks
  • Defending against IP Spoofing
  • Using Burpsuite
CISSP-2018_pro CISSP-2018_pro
CISSP-2018
ISC2 CISSP Study Guide 8th edition
ISBN : 9781616910808
Rating :
(16)