SHON HARRIS CISSP PDF
Book CISSP All-in-One Exam Guide, Seventh Edition By Shon Harris, Fernando Maymi Reading Ebook CISSP All-in-One Exam Guide, Seventh Edition By Shon . CISSP® - Certified Information Systems Security Professional. For the Next ALL IN ONE. CISSP. ®. EXAM GUIDE. Sixth Edition. Shon Harris. New York • C. CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide HARRIS, Shon, All-In-One CISSP Certification Exam Guide,
|Language:||English, Spanish, Japanese|
|Genre:||Fiction & Literature|
|ePub File Size:||MB|
|PDF File Size:||MB|
|Distribution:||Free* [*Regsitration Required]|
CISSP. ®. EXAM GUIDE. Sixth Edition. Shon Harris. New York • Chicago • San to Do a Privacy Assessment” at sppn.info to. A fully revised edition of the #1 CISSP training resourceThoroughly updated for the PDF copy of the bookABOUT THE AUTHORS:Shon Harris, CISSP, was the . Locations are approximate in e-readers, and you may need to page down one or more times - Selection from CISSP All-in-One Exam Guide, Seventh Edition.
Customer Reviews Most helpful customer reviews 11 of 12 people found the following review helpful. Brooks Too verbose in many sections, and the CD-Rom based questions don't line up with the points of emphasis in the text. It as if they are preparing you for an Algebra II exam in the book, with humor that's unnecessary and too much description about things not in the exam, and then they give you a Geometry quiz at the end because they're both Mathematics.
For this type of book, I'd rather see a focused, concerted effort on getting me ready for the exam. Leave the long dialog for a survey course or an "topics in computer security" text. If the CISSP exam has ridiculous rote memorization requirements as the text says it does , then we should have more practice and study tips for those parts of the exam. Then break it down for me, and tell me how you differentiate. This is the book you need to pass! By Lori M. This was a really good book and I know it helped me pass my exam.
I'm a 4th year Software Developer. I'm mentioning this because I think it's helpful to know what skill level someone has reading this material and going into the exam. I first downloadd the CBK and it was horrible. It was such a chore reading through each chapter and I knew it was time to change up so I downloadd this book.
I read the first two chapters and then I started reading the summaries and doing the chapter tests. I can say that this book did a way better job explaining the concepts you will see on the exam.
Penetration testing should only be performed with teh consent and knowledge of the management staff. Performing unapproved security testing could result in productivity loss, trigger emergency response teams, or even cost you your job. These topics will be address more in-depth in later chapters, but shoulder surfing is when a person looks over another person's shoulder and watches keystrokes or data as it appears on the screen.
When they are used to tie together a set of unconnected requests for web pages to cause an electronic map of where one has been. When they are used to keep logs of who is using an anonymizer to access a site instead of their regular userid.
When the e-mail addresses of users that have registered to access the web site are sold to marketing firms. Therefore I think A is the better choice.
This possibility means that once your identity becomes known to a single company listed in your cookies file, any of the others might know who you are every time you visit their sites.
The result is that a web site about gardening that you never told your name could sell not only your name to mail-order companies, but also the fact that you spent a lot of time one Saturday night last June reading about how to fertilize roses. More disturbing scenarios along the same lines could be imagined. Data content and backup B. Integrity and security of data C. Authentication of user access D. Two certificates for the gateway only. Two certificates for the gateway and two for the acquirers.
Two certificates for each acquirer. Two certificates for the gateway and two for each acquirer. Answer: B Explanation: I think it may be D two for each acquirer. Which unless I read it wrong it means each person must have 2 certificates exchanged with the gateway. SET covers the end-to-end transaction from the cardholder to the financial institution". The SET protocol specifies a method of entity authentication referred to as trust chaining. This method entails the exchange of digital certificates and verification of the public keys by validating the digital signatures of the issuing CA.
Which one of the following conditions is NOT necessary for a long dictionary attack to succeed? The attacker must have access to the target system. The attacker must have read access to the password file. The attacker must have write access to the password file. The attacker must know the password encryption mechanism and key variable. Answer: C Explanation: The program encrypts the combination of characters and compares them to the encrypted entries in the password file.
If a match is found, the program has uncovered a password. Security measures that protect message traffic independently on each communication path are called A. Link oriented B. Pass-through oriented D. End-to-end oriented Answer: A Explanation: Link encryption encrypts all the data along a specific communication path like a satellite link, T3 line, or telephone circuit.
Not only is the user information encrypted, but the header, trailers, addresses, and routing data hat are part of the packets are also encrypted. This provides extra protection against packet sniffers and eavesdroppers.
Which security program exists if a user accessing low-level data is able to draw conclusions about high-level information? Interference B. Inference C. Polyinstatiation D.
To mitigate the impact of a software vendor going out of business, a company that uses vendor software should require which one of the following? Detailed credit investigation prior to acquisition.
Source code held in escrow. Standby contracts with other vendors. Substantial penalties for breech of contract. SLA and standby are good ideas but in this case B is right. Under a software escrow agreement, the developer provides copies of the application source code to an independent third-party organization. The third party then maintains updated backup copies of the source code in a secure fashion.
The agreement between the end user and the developer specifies "trigger events", such as the failure of the developer to meet terms of a service level agreement SLA or the liquidation of the developer's firm.
Which one of the following instigates a SYN flood attack? Generating excessive broadcast packets. Creating a high number of half-open connections. The attacker floods the target system's small "in-process" queue with connection requests, but it does not respond when a target system replies to those requests. This causes the target system to time out while waiting for the proper response, which makes the system crash or become unusable. This process repeats hundreds or even thousands of times, and the targeted computer eventually becomes overwhelmed and runs out of available resources for the half-opened connections.
At that time, it either crashes or simply ignores all inbound connection requests because it cant possibly handle any more half-open connections.
What is the purpose of certification path validation?
Checks the legitimacy of the certificates in the certification path. Checks that all certificates in the certification path refer to same certification practice statement. Checks that no revoked certificates exist outside the certification path.
Checks that the names in the certification path are the same. Revoked certificates are not checked outside the certification path. A Transaction with Digital Certificates 1. Certificate Authority sends Certificate Transaction to Repository. Repository responds to Party Transacting with Subscriber the verification request. John needs to obtain a digital certificate for himself so that he can participate in a PKI, so he makes a request to the RA.
The RA requests certain identification from John, like a copy of his drivers licens, his phone number, address, and other identification information. The CA creates a certificate with Johns public key and identify information embedded. If it is created at the CA, his private key needs to be sent to him by secure means. In most cases the user generates this pair and sends in his public key during the registration process. Now John is registered and can participate in PKI.
John decides he wants to communicate with Diane, so he requests Dianes public key from a public directory. The directory, sometimes called a repository, sends Dianes public key, and John uses this to encrypt a session key that will be used to encrypt their messages. John sends the encrypted session key to Diane. Jon then sends his certificate, containing his public key, to Diane. When Diane receives Johns certificate, her browser looks to see if it trusts the CA that digitally signed this certificate.
Dianes browser trusts this CA, and she makes a reques to the CA to see if this certificate is still valid. The CA responds that the certificate is valid, so Diane decrypts the session key with her private key. Now they can both communicate using encryption. Which of the following is a means of restricting access to objects based on the identity of the subject to which they belong? Mandatory access control B. Group access control C.
Discretionary access control D. User access control Answer: A "An identity-based access control is a type of discretionary access control based on an individual's identity. Each subject possesses attributes that define its clearance, or authority to access resources.
Each object possesses attributes that define its classification. Different types of security methods classify resources in different ways.
Shop by category
For example, subject is granted access to object B if the security system can find a rule that allows a subject with subject As clearance to access an object with object Bs classification.
Why is the investigation of computer crime involving malicious damage especially challenging? Information stored in a computer is intangible evidence. Evidence may be destroyed in an attempt to restore the system. Isolating criminal activity in e detailed audit log is difficult. Reports resulting from common user error often obscure the actual violation.
Answer: B The gathering, control, storage, and preservation of evidence are extremely critical in any legal investigation. Because evidence involved in a computer crime might be intangible and subject to easy modification without a trace, evidence must be carefully handled and controlled throughout its entire life cycle. Which one of the following properties of a transaction processing system ensures that once a transaction completes successfully commits , the update service even if there is a system failure?
Atomicity B. Consistency C. Isolation D. Durability Answer: A Atomicity is correct. Consistency is not a viable answer.
Atomicity states that database modifications must follow an "all or nothing" rule. Each transaction is said to be "atomic. It is critical that the database management system maintain the atomic nature of transactions in spite of any DBMS, operating system or hardware failure.
Consistency states that only valid data will be written to the database. If, for some reason, a transaction is executed that violates the database's consistency rules, the entire transaction will be rolled back and the database will be restored to a state consistent with those rules. On the other hand, if a transaction successfully executes, it will take the database from one state that is consistent with the rules to another state that is also consistent with the rules.
Isolation requires that multiple transactions occurring at the same time not impact each other's execution. The database should either perform Joe's entire transaction before executing Mary's or viceversa. This prevents Joe's transaction from reading intermediate data produced as a side effect of part of Mary's transaction that will not eventually be committed to the database.
Note that the isolation property does not ensure which transaction will execute first, merely that they will not interfere with each other.
Durability ensures that any transaction committed to the database will not be lost. Durability is ensured through the use of database backups and transaction logs that facilitate the restoration of committed transactions in spite of any subsequent software or hardware failures. Which one of the following control steps is usually NOT performed in data warehousing applications?
Monitor summary tables for regular use. Control meta data from being used interactively. Monitor the data purging plan. Reconcile data moved between the operations environment and data warehouse. Answer: A Explanation: Not: B It is important to control meta data from being used interactively by unauthorized users. Data warehouses and data mining are significant to security professionals for two reasons. First, as previously mentioned, data warehouses contain large amounts of potentially sensitive information vulnerable to aggregation and inference attacks, and security practitioners must ensure that adequate access controls and other security measures are in place to safeguard this data.
The term data scrubbing refers to maintenance of the data warehouse by deleting information that is unreliable or no longer relevant. Protect the system hardware from environment damage. Monitor the actions of vendor service personnel. Safeguard information assets that are resident in the system.
Establish thresholds for violation detection and logging.
Answer: C I think A or C could be the answers. I am leaning towards the C answer but use your best judgment. A Cissp candidate will be expected to know the resources that must be protected, the privileges that must be restricted, the control mechanisms that are available, the potential for access abuse, the appropriate controls, and the principles of good practice. The auditing method that assesses the extent of the system testing, and identifies specific program logic that has not been tested is called A.
Decision process analysis B. Mapping C. Parallel simulation D. Test data method Answer: D Testing of software modules or unit testing should be addressed when the modules are being designed. Personnel separate from the programmers should conduct this testing.
The test data is part of the specifications. Live or actual field data is not recommended for use in the testing procedures because both data types might not cover out-ofrange situations and the correct outputs of the test are unknown. Special test suites of data that exercise all paths of the software to the fullest extent possible and whose corrected resulting outputs are known beforehand should be used.
Which one of the following describes Kerchoffs Assumption for cryptoanalytic attack? Key is secret; algorithm is known B. Key is known; algorithm is known C. Key is secret; algorithm is secret D. Key is known; algorithm is secret Answer: A Explanation: Kerhkoff's laws were intended to formalize the real situation of ciphers in the field. Basically, the more we use any particular cipher system, the more likely it is that it will "escape" into enemy hands.
HTM Question: Which one of the following access control models associates every resource and every user of a resource with one of an ordered set of classes? Take-Grant model B. Biba model C. Lattice model D. Clark-Wilson model Answer: C With a lattice model you first have to define a set of security classes that can be assigned to users or objects After you have defined set of security classes, you define a set flow operations showing when information can flow from one class to another - Roberta Bragg Cissp Certification Training Guide que pg 23 Question: The concept that all accesses must be meditated, protected from modification, and verifiable as correct is the concept of A.
Secure model B. Security locking C. Security kernel D. Secure state Answer: C A security kernel is defined as the hardware, firmware, and software elements of a trusted computing base that implements the reference monitor concept. A reference monitor is a system component that enforces access controls on an object. Therefore, the reference monitor concept is an abstract machine that mediates all access of subjects to objects. Which one of the following could a company implement to help reduce PBX fraud?
Call vectoring B. Teleconferencing bridges D.
PBX's Private Branch Exchange are telephone switches used within state agencies to allow employees to make out-going and receive in- coming phone calls. These PBX's can also provide connections for communications between personal computers and local and wide area networks. Security measures must be taken to avoid the possibility of theft of either phone service or information through the telephone systems.
A screening router can perform packet filtering based upon what data? Translated source destination addresses. Inverse address resolution. Source and destination port number. Source and destination addresses and application data.
CISSP All-in-One Exam Guide, Seventh Edition, 7th Edition
Answer: C The original answer was A translated source destination address. I did not come across this term in my reading. Screening router A screening router is one of the simplest firewall strategies to implement. This is a popular design because most companies already have the hardware in place to implement it.
A screening router is an excellent first line of defense in the creation of your firewall strategy. A controlled light fixture mounted on a 5-meter pole can illuminate an area 30 meter in diameter. For security lighting purposes, what would be the proper distance between fixtures? The identity of a remote communicating entity and the authenticity of the source of the data that are received. The authenticity of a remote communicating entity and the path through which communications Are received.
The location of a remote communicating entity and the path through which communications Are received. The identity of a remote communicating entity and the level of security of the path through Which data are received. Answer: A Explanation: OSI model needs to know the source of the data and that it is who it says it is. Path it the data take is not cared about unless source routing is used.
The level of security is not cared about inherently by the receiving node in general unless configured. A is the best option in this question. When block chaining cryptography is used, what type of code is calculated and appended to the data to ensure authenticity?
Message authentication code. Ciphertext authentication code C. Cyclic redundancy check D. This is incorrect as cipthertext is the result not an authentication code. The computation is a function of the entire message and a secret key; it is practically impossible to find another message with the same authenticator. The receiver checks the authenticity of the message by computing the MAC using the same secret key and then verifying that the computed value is the same as the one transmitted with the message.
A MAC can be used to provide authenticity for unencrypted messages as well as for encrypted ones. What are the assurance designators used in the Common Criteria CC? EALs are combinations of assurance components. Which option is NOT a benefit derived from the use of neural networks?
Follow the author
Linearity B. Input-Output Mapping C. Adaptivity D. Fault Tolerance Answer: D Linearity: "If the sum of the weighted inputs then exceeds the threshold, the neuron will "fire" and there will be an output from that neuron.
An alternative approach would be to have the output of the neuron be a linear function of the sum of the artificial neuron inputs. What is an important factor affecting the time required to perpetrate a manual trial and error attack to gain access to a target computer system?
Keyspace for the password. Expertise of the person performing the attack. Processing speed of the system executing the attack. Encryption algorithm used for password transfer. Answer: A I am not sure of the answer on this question. B seems good but the reference below states that Keyspace or length of password is the main deterrent.
I did not come across something that directly relates in my readings. If each character in the password may take on 96 different values typical of printable ASCII characters then each additional character presents the attacker with 96 times as many passwords to try.
If the number of alternatives is large enough, the trial-and-error attack might discourage the attacker, or lead to the attacker's detection. Evidence corroboration is achieved by A. Creating multiple logs using more than one utility. Establishing secure procedures for authenticating users. Maintaining all evidence under the control of an independent source. Implementing disk mirroring on all devices where log files are stored.
Answer: C Corroborative evidence is supporting evidence used to help prove an idea or point. It cannot stand on its own, but is used as a supplementary tool to help prove a primary piece of evidence.
Which one of the following can be identified when exceptions occur using operations security detective controls? Unauthorized people seeing confidential reports. Unauthorized people destroying confidential reports. Authorized operations people performing unauthorized functions.
Authorized operations people not responding to important console messages. Answer: C C is the one that makes the most since.
Unlike preventative controls, these controls operate after the fact and can be used to track an unauthorized transaction for prosecution, or to lessen an error's impact on the system by identifying it quickly. An example of this type of control is an audit trail. SYN flood B. Spam C. Ping of death D. Spam can be innocuous as an advertisement from a well-meaning vendor or as malignant as floods or unrequested messages with viruses or Trojan horses attached SYN Flood Attack - A type of DoS.
Ping of death attack - A type of DoS. A ping of death attack employs an oversized ping packet.
Using special tools, an attacker can send numerous oversized ping packets to a victim. In many cases, when the victimized system attempts to process the packets, an error occurs causing the system to freeze, crash, or reboot.
Macro Viruses - A virus that utilizes crude technologies to infect documents created in the Microsoft Word environment. Scheduled tests of application contingency plans should be based on the A. Size and complexity of the application. Number of changes to the application. Criticality of the application.
Reliability of the application. Answer: C All though not directly answering the question a little inference lead to this "Priorities - It is extremely important to know what is critical versus nice to have It is necessary to know which department must come online first, which second, and so on It maybe more necessary to ensure that the database is up and running before working to bring the file server online.
Data inference violations can be reduced using A. Polyinstantiation technique. Rules based meditation. Multi-level data classification.Certificates Answer: D Explanation: Digital certificates provide communicating parties with the assurance that they are communicating with people who truly are who they claim to be. Repeat this process until you have completed your selections. Secure model B.
If you are a person who uses a biro, or if you make notes on passages on an e-reader, these attention-grabbing boxes are fantastic for easily separating the vital details.
Check digit verification Answer: B Explanation: Reasonableness check: A test to determine whether a value conforms to specified criteria.