CISSP Cert Guide (2022)
CISSP Cert Guide (2022) is your essential resource for acing certification exams with confidence.
Emma Thompson
Contributor
4.1
148
about 2 months ago
Preview (31 of 1033)
Sign in to access the full document!
Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
CISSP Cert Guide
Fourth Edition
Robin Abernathy
Darren HayesHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Fourth Edition
Robin Abernathy
Darren HayesHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
CISSP Cert Guide
Copyright © 2023 by Pearson Education, Inc.
All rights reserved. No part of this book shall be reproduced, stored in
a retrieval system, or transmitted by any means, electronic, mechanical,
photocopying, recording, or otherwise, without written permission from
the publisher. No patent liability is assumed with respect to the use of the
information contained herein. Although every precaution has been taken in
the preparation of this book, the publisher and authors assume no
responsibility for errors or omissions. Nor is any liability assumed for
damages resulting from the use of the information contained herein.
ISBN-13: 978-0-13-750747-4
ISBN-10: 0-13-750747-X
Library of Congress Control Number: 2022943249
ScoutAutomatedPrintCode
Trademarks
All terms mentioned in this book that are known to be trademarks or
service marks have been appropriately capitalized. Pearson IT Certification
cannot attest to the accuracy of this information. Use of a term in this book
should not be regarded as affecting the validity of any trademark or service
mark.
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate
as possible, but no warranty or fitness is implied. The information provided
is on an “as is” basis. The authors and the publisher shall have neither
liability nor responsibility to any person or entity with respect to any loss
or damages arising from the information contained in this book.
Special Sales
For information about buying this title in bulk quantities, or for special
sales opportunities (which may include electronic versions; custom cover
designs; and content particular to your business, training goals, marketing
focus, or branding interests), please contact our corporate sales department
at corpsales@pearsoned.com or (800) 382-3419.
For government sales inquiries, please contact
governmentsales@pearsoned.com.
For questions about sales outside the U.S., please contact
intlcs@pearson.com.
Editor-in-Chief
Mark Taub
Product Line Manager
Brett Bartow
Executive Editor
James Manly
Development Editor
Ellie C. Bru
Managing Editor
Sandra Schroeder
Senior Project Editor
Tonya Simpson
Copy Editor
Chuck Hutchinson
Indexer
Erika Millen
Proofreader
Jen Hinchliffe
Technical Editors
R. Sarma Danturthi
Ben Mayo
Publishing Coordinator
Cindy Teeters
Cover Designer
Chuti Prasertsith
Compositor
codeMantraHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Copyright © 2023 by Pearson Education, Inc.
All rights reserved. No part of this book shall be reproduced, stored in
a retrieval system, or transmitted by any means, electronic, mechanical,
photocopying, recording, or otherwise, without written permission from
the publisher. No patent liability is assumed with respect to the use of the
information contained herein. Although every precaution has been taken in
the preparation of this book, the publisher and authors assume no
responsibility for errors or omissions. Nor is any liability assumed for
damages resulting from the use of the information contained herein.
ISBN-13: 978-0-13-750747-4
ISBN-10: 0-13-750747-X
Library of Congress Control Number: 2022943249
ScoutAutomatedPrintCode
Trademarks
All terms mentioned in this book that are known to be trademarks or
service marks have been appropriately capitalized. Pearson IT Certification
cannot attest to the accuracy of this information. Use of a term in this book
should not be regarded as affecting the validity of any trademark or service
mark.
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate
as possible, but no warranty or fitness is implied. The information provided
is on an “as is” basis. The authors and the publisher shall have neither
liability nor responsibility to any person or entity with respect to any loss
or damages arising from the information contained in this book.
Special Sales
For information about buying this title in bulk quantities, or for special
sales opportunities (which may include electronic versions; custom cover
designs; and content particular to your business, training goals, marketing
focus, or branding interests), please contact our corporate sales department
at corpsales@pearsoned.com or (800) 382-3419.
For government sales inquiries, please contact
governmentsales@pearsoned.com.
For questions about sales outside the U.S., please contact
intlcs@pearson.com.
Editor-in-Chief
Mark Taub
Product Line Manager
Brett Bartow
Executive Editor
James Manly
Development Editor
Ellie C. Bru
Managing Editor
Sandra Schroeder
Senior Project Editor
Tonya Simpson
Copy Editor
Chuck Hutchinson
Indexer
Erika Millen
Proofreader
Jen Hinchliffe
Technical Editors
R. Sarma Danturthi
Ben Mayo
Publishing Coordinator
Cindy Teeters
Cover Designer
Chuti Prasertsith
Compositor
codeMantraHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 4...
Pearson’s Commitment to Diversity, Equity, and
Inclusion
Pearson is dedicated to creating bias-free content that reflects the diversity of all
learners. We embrace the many dimensions of diversity, including but not limited
to race, ethnicity, gender, socioeconomic status, ability, age, sexual orientation, and
religious or political beliefs.
Education is a powerful force for equity and change in our world. It has the poten-
tial to deliver opportunities that improve lives and enable economic mobility. As we
work with authors to create content for every product and service, we acknowledge
our responsibility to demonstrate inclusivity and incorporate diverse scholarship so
that everyone can achieve their potential through learning. As the world’s leading
learning company, we have a duty to help drive change and live up to our purpose to
help more people create a better life for themselves and to create a better world.
Our ambition is to purposefully contribute to a world where
■ Everyone has an equitable and lifelong opportunity to succeed through
learning
■ Our educational products and services are inclusive and represent the rich
diversity of learners
■ Our educational content accurately reflects the histories and experiences of the
learners we serve
■ Our educational content prompts deeper discussions with learners and
motivates them to expand their own learning (and worldview)
While we work hard to present unbiased content, we want to hear from you about
any concerns or needs with this Pearson product so that we can investigate and
address them.
Please contact us with concerns about any potential bias at
https://www.pearson.com/report-bias.html.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Inclusion
Pearson is dedicated to creating bias-free content that reflects the diversity of all
learners. We embrace the many dimensions of diversity, including but not limited
to race, ethnicity, gender, socioeconomic status, ability, age, sexual orientation, and
religious or political beliefs.
Education is a powerful force for equity and change in our world. It has the poten-
tial to deliver opportunities that improve lives and enable economic mobility. As we
work with authors to create content for every product and service, we acknowledge
our responsibility to demonstrate inclusivity and incorporate diverse scholarship so
that everyone can achieve their potential through learning. As the world’s leading
learning company, we have a duty to help drive change and live up to our purpose to
help more people create a better life for themselves and to create a better world.
Our ambition is to purposefully contribute to a world where
■ Everyone has an equitable and lifelong opportunity to succeed through
learning
■ Our educational products and services are inclusive and represent the rich
diversity of learners
■ Our educational content accurately reflects the histories and experiences of the
learners we serve
■ Our educational content prompts deeper discussions with learners and
motivates them to expand their own learning (and worldview)
While we work hard to present unbiased content, we want to hear from you about
any concerns or needs with this Pearson product so that we can investigate and
address them.
Please contact us with concerns about any potential bias at
https://www.pearson.com/report-bias.html.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 5...
iv
Contents at a Glance
Introduction xlvii
CHAPTER 1 Security and Risk Management 5
CHAPTER 2 Asset Security 165
CHAPTER 3 Security Architecture and Engineering 213
CHAPTER 4 Communication and Network Security 377
CHAPTER 5 Identity and Access Management (IAM) 535
CHAPTER 6 Security Assessment and Testing 601
CHAPTER 7 Security Operations 637
CHAPTER 8 Software Development Security 733
CHAPTER 9 Final Preparation 791
Index 797
Online Elements
APPENDIX A Memory Tables
APPENDIX B Memory Tables Answer Key
GlossaryHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Contents at a Glance
Introduction xlvii
CHAPTER 1 Security and Risk Management 5
CHAPTER 2 Asset Security 165
CHAPTER 3 Security Architecture and Engineering 213
CHAPTER 4 Communication and Network Security 377
CHAPTER 5 Identity and Access Management (IAM) 535
CHAPTER 6 Security Assessment and Testing 601
CHAPTER 7 Security Operations 637
CHAPTER 8 Software Development Security 733
CHAPTER 9 Final Preparation 791
Index 797
Online Elements
APPENDIX A Memory Tables
APPENDIX B Memory Tables Answer Key
GlossaryHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 6...
Table of Contents
Introduction xlvii
Chapter 1 Security and Risk Management 5
Security Terms 6
CIA 6
Confidentiality 6
Integrity 7
Availability 7
Auditing and Accounting 7
Non-repudiation 8
Default Security Posture 8
Defense in Depth 9
Abstraction 10
Data Hiding 10
Encryption 10
Security Governance Principles 10
Security Function Alignment 12
Organizational Strategies and Goals 12
Organizational Mission and Objectives 12
Business Case 13
Security Budget, Metrics, and Efficacy 13
Resources 14
Organizational Processes 14
Acquisitions and Divestitures 15
Governance Committees 16
Organizational Roles and Responsibilities 16
Board of Directors 16
Management 17
Audit Committee 18
Data Owner 18
Data Custodian 19
System Owner 19
System Administrator 19Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Introduction xlvii
Chapter 1 Security and Risk Management 5
Security Terms 6
CIA 6
Confidentiality 6
Integrity 7
Availability 7
Auditing and Accounting 7
Non-repudiation 8
Default Security Posture 8
Defense in Depth 9
Abstraction 10
Data Hiding 10
Encryption 10
Security Governance Principles 10
Security Function Alignment 12
Organizational Strategies and Goals 12
Organizational Mission and Objectives 12
Business Case 13
Security Budget, Metrics, and Efficacy 13
Resources 14
Organizational Processes 14
Acquisitions and Divestitures 15
Governance Committees 16
Organizational Roles and Responsibilities 16
Board of Directors 16
Management 17
Audit Committee 18
Data Owner 18
Data Custodian 19
System Owner 19
System Administrator 19Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 7...
vi CISSP Cert Guide
Security Analyst 19
Application Owner 19
Supervisor 20
User 20
Auditor 20
Security Control Frameworks 20
ISO/IEC 27000 Series 21
Zachman Framework 25
The Open Group Architecture Framework (TOGAF) 25
Department of Defense Architecture Framework (DoDAF) 25
British Ministry of Defence Architecture Framework (MODAF) 25
Sherwood Applied Business Security Architecture (SABSA) 25
Control Objectives for Information and Related Technology (COBIT) 27
National Institute of Standards and Technology (NIST) Special Publication
(SP) 800 Series 27
HITRUST CSF 30
CIS Critical Security Controls 31
Committee of Sponsoring Organizations (COSO) of the Treadway Commission
Framework 32
Operationally Critical Threat, Asset, and Vulnerability Evaluation
(OCTAVE) 32
Information Technology Infrastructure Library (ITIL) 33
Six Sigma 34
Capability Maturity Model Integration (CMMI) 35
CCTA Risk Analysis and Management Method (CRAMM) 36
Top-Down Versus Bottom-Up Approach 36
Security Program Life Cycle 37
Due Care and Due Diligence 38
Compliance 38
Contractual, Legal, Industry Standards, and
Regulatory Compliance 40
Privacy Requirements Compliance 40
Legal and Regulatory Issues 41
Computer Crime Concepts 41
Computer-Assisted Crime 41Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Security Analyst 19
Application Owner 19
Supervisor 20
User 20
Auditor 20
Security Control Frameworks 20
ISO/IEC 27000 Series 21
Zachman Framework 25
The Open Group Architecture Framework (TOGAF) 25
Department of Defense Architecture Framework (DoDAF) 25
British Ministry of Defence Architecture Framework (MODAF) 25
Sherwood Applied Business Security Architecture (SABSA) 25
Control Objectives for Information and Related Technology (COBIT) 27
National Institute of Standards and Technology (NIST) Special Publication
(SP) 800 Series 27
HITRUST CSF 30
CIS Critical Security Controls 31
Committee of Sponsoring Organizations (COSO) of the Treadway Commission
Framework 32
Operationally Critical Threat, Asset, and Vulnerability Evaluation
(OCTAVE) 32
Information Technology Infrastructure Library (ITIL) 33
Six Sigma 34
Capability Maturity Model Integration (CMMI) 35
CCTA Risk Analysis and Management Method (CRAMM) 36
Top-Down Versus Bottom-Up Approach 36
Security Program Life Cycle 37
Due Care and Due Diligence 38
Compliance 38
Contractual, Legal, Industry Standards, and
Regulatory Compliance 40
Privacy Requirements Compliance 40
Legal and Regulatory Issues 41
Computer Crime Concepts 41
Computer-Assisted Crime 41Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 8...
Contents vii
Computer-Targeted Crime 41
Incidental Computer Crime 42
Computer Prevalence Crime 42
Hackers Versus Crackers 42
Computer Crime Examples 42
Major Legal Systems 43
Civil Law 44
Common Law 44
Criminal Law 44
Civil/Tort Law 45
Administrative/Regulatory Law 45
Customary Law 45
Religious Law 45
Mixed Law 45
Licensing and Intellectual Property 46
Patent 46
Trade Secret 47
Trademark 47
Copyright 48
Software Piracy and Licensing Issues 49
Internal Protection 49
Digital Rights Managements (DRM) 50
Cyber Crimes and Data Breaches 50
Import/Export Controls 51
Trans-Border Data Flow 51
Privacy 52
Personally Identifiable Information (PII) 52
Laws and Regulations 53
Investigation Types 62
Operations/Administrative 63
Criminal 63
Civil 64
Regulatory 64Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Computer-Targeted Crime 41
Incidental Computer Crime 42
Computer Prevalence Crime 42
Hackers Versus Crackers 42
Computer Crime Examples 42
Major Legal Systems 43
Civil Law 44
Common Law 44
Criminal Law 44
Civil/Tort Law 45
Administrative/Regulatory Law 45
Customary Law 45
Religious Law 45
Mixed Law 45
Licensing and Intellectual Property 46
Patent 46
Trade Secret 47
Trademark 47
Copyright 48
Software Piracy and Licensing Issues 49
Internal Protection 49
Digital Rights Managements (DRM) 50
Cyber Crimes and Data Breaches 50
Import/Export Controls 51
Trans-Border Data Flow 51
Privacy 52
Personally Identifiable Information (PII) 52
Laws and Regulations 53
Investigation Types 62
Operations/Administrative 63
Criminal 63
Civil 64
Regulatory 64Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 9...
viii CISSP Cert Guide
Industry Standards 64
eDiscovery 67
Professional Ethics 67
(ISC)2 Code of Ethics 67
Computer Ethics Institute 68
Internet Architecture Board 68
Organizational Code of Ethics 69
Security Documentation 69
Policies 70
Organizational Security Policy 71
System-Specific Security Policy 72
Issue-Specific Security Policy 72
Policy Categories 72
Processes 72
Procedures 72
Standards 73
Guidelines 73
Baselines 73
Business Continuity 73
Business Continuity and Disaster Recovery Concepts 73
Disruptions 74
Disasters 74
Disaster Recovery and the Disaster Recovery Plan (DRP) 75
Continuity Planning and the Business Continuity Plan (BCP) 76
Business Impact Analysis (BIA) 76
Contingency Plan 76
Availability 77
Reliability 77
Scope and Plan 77
Personnel Components 77
Scope 78
Business Contingency Planning 78
BIA Development 81
Identify Critical Processes and Resources 82Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Industry Standards 64
eDiscovery 67
Professional Ethics 67
(ISC)2 Code of Ethics 67
Computer Ethics Institute 68
Internet Architecture Board 68
Organizational Code of Ethics 69
Security Documentation 69
Policies 70
Organizational Security Policy 71
System-Specific Security Policy 72
Issue-Specific Security Policy 72
Policy Categories 72
Processes 72
Procedures 72
Standards 73
Guidelines 73
Baselines 73
Business Continuity 73
Business Continuity and Disaster Recovery Concepts 73
Disruptions 74
Disasters 74
Disaster Recovery and the Disaster Recovery Plan (DRP) 75
Continuity Planning and the Business Continuity Plan (BCP) 76
Business Impact Analysis (BIA) 76
Contingency Plan 76
Availability 77
Reliability 77
Scope and Plan 77
Personnel Components 77
Scope 78
Business Contingency Planning 78
BIA Development 81
Identify Critical Processes and Resources 82Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 10...
Contents ix
Identify Outage Impact and Estimate Downtime 82
Identify Resource Requirements 84
Identify Recovery Priorities 84
Personnel Security Policies and Procedures 85
Candidate Screening and Hiring 85
Employment Agreements and Policies 87
Employee Onboarding and Offboarding Policies 88
Vendor, Consultant, and Contractor Agreements and Controls 88
Compliance Policy Requirements 89
Privacy Policy Requirements 89
Job Rotation 89
Separation of Duties 89
Risk Management Concepts 90
Asset and Asset Valuation 90
Vulnerability 91
Threat 91
Threat Agent 91
Exploit 91
Risk 91
Exposure 92
Countermeasure 92
Risk Appetite 92
Attack 93
Breach 93
Risk Management Policy 94
Risk Management Team 94
Risk Analysis Team 94
Risk Assessment 95
Information and Asset (Tangible/Intangible) Value and Costs 95
Identity Threats and Vulnerabilities 96
Risk Assessment/Analysis 96
Countermeasure (Safeguard) Selection 98
Inherent Risk Versus Residual Risk 99
Handling Risk and Risk Response 99Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Identify Outage Impact and Estimate Downtime 82
Identify Resource Requirements 84
Identify Recovery Priorities 84
Personnel Security Policies and Procedures 85
Candidate Screening and Hiring 85
Employment Agreements and Policies 87
Employee Onboarding and Offboarding Policies 88
Vendor, Consultant, and Contractor Agreements and Controls 88
Compliance Policy Requirements 89
Privacy Policy Requirements 89
Job Rotation 89
Separation of Duties 89
Risk Management Concepts 90
Asset and Asset Valuation 90
Vulnerability 91
Threat 91
Threat Agent 91
Exploit 91
Risk 91
Exposure 92
Countermeasure 92
Risk Appetite 92
Attack 93
Breach 93
Risk Management Policy 94
Risk Management Team 94
Risk Analysis Team 94
Risk Assessment 95
Information and Asset (Tangible/Intangible) Value and Costs 95
Identity Threats and Vulnerabilities 96
Risk Assessment/Analysis 96
Countermeasure (Safeguard) Selection 98
Inherent Risk Versus Residual Risk 99
Handling Risk and Risk Response 99Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 11...
x CISSP Cert Guide
Implementation 100
Control Categories 100
Compensative 101
Corrective 101
Detective 101
Deterrent 102
Directive 102
Preventive 102
Recovery 102
Control Types 102
Administrative (Management) 103
Logical (Technical) 105
Physical 105
Controls Assessment, Monitoring, and Measurement 108
Reporting and Continuous Improvement 108
Risk Frameworks 109
NIST 109
ISO/IEC 27005:2018 126
Open Source Security Testing Methodology Manual (OSSTMM) 127
COSO’s Enterprise Risk Management (ERM) Integrated Framework 127
A Risk Management Standard by the Federation of European Risk
Management Associations (FERMA) 128
Geographical Threats 129
Internal Versus External Threats 129
Natural Threats 130
Hurricanes/Tropical Storms 130
Tornadoes 130
Earthquakes 130
Floods 131
Volcanoes 131
System Threats 131
Electrical 131
Communications 132
Utilities 133Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Implementation 100
Control Categories 100
Compensative 101
Corrective 101
Detective 101
Deterrent 102
Directive 102
Preventive 102
Recovery 102
Control Types 102
Administrative (Management) 103
Logical (Technical) 105
Physical 105
Controls Assessment, Monitoring, and Measurement 108
Reporting and Continuous Improvement 108
Risk Frameworks 109
NIST 109
ISO/IEC 27005:2018 126
Open Source Security Testing Methodology Manual (OSSTMM) 127
COSO’s Enterprise Risk Management (ERM) Integrated Framework 127
A Risk Management Standard by the Federation of European Risk
Management Associations (FERMA) 128
Geographical Threats 129
Internal Versus External Threats 129
Natural Threats 130
Hurricanes/Tropical Storms 130
Tornadoes 130
Earthquakes 130
Floods 131
Volcanoes 131
System Threats 131
Electrical 131
Communications 132
Utilities 133Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 12...
Contents xi
Human-Caused Threats 133
Explosions 133
Fire 133
Vandalism 134
Fraud 135
Theft 135
Collusion 135
Politically Motivated Threats 135
Strikes 136
Riots 136
Civil Disobedience 136
Terrorist Acts 136
Bombing 137
Threat Modeling 137
Threat Modeling Concepts 138
Threat Modeling Methodologies 138
STRIDE Model 139
Process for Attack Simulation and Threat Analysis (PASTA) Methodology 139
Trike Methodology 139
Visual, Agile, and Simple Threat (VAST) Model 140
NIST SP 800-154 140
Identifying Threats 141
Potential Attacks 142
Remediation Technologies and Processes 143
Security Risks in the Supply Chain 143
Risks Associated with Hardware, Software, and Services 144
Third-Party Assessment and Monitoring 144
Onsite Assessment 144
Document Exchange/Review 145
Process/Policy Review 145
Other Third-Party Governance Issues 145
Minimum Service-Level and Security Requirements 145
Service-Level Requirements 146Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Human-Caused Threats 133
Explosions 133
Fire 133
Vandalism 134
Fraud 135
Theft 135
Collusion 135
Politically Motivated Threats 135
Strikes 136
Riots 136
Civil Disobedience 136
Terrorist Acts 136
Bombing 137
Threat Modeling 137
Threat Modeling Concepts 138
Threat Modeling Methodologies 138
STRIDE Model 139
Process for Attack Simulation and Threat Analysis (PASTA) Methodology 139
Trike Methodology 139
Visual, Agile, and Simple Threat (VAST) Model 140
NIST SP 800-154 140
Identifying Threats 141
Potential Attacks 142
Remediation Technologies and Processes 143
Security Risks in the Supply Chain 143
Risks Associated with Hardware, Software, and Services 144
Third-Party Assessment and Monitoring 144
Onsite Assessment 144
Document Exchange/Review 145
Process/Policy Review 145
Other Third-Party Governance Issues 145
Minimum Service-Level and Security Requirements 145
Service-Level Requirements 146Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 13...
xii CISSP Cert Guide
Security Education, Training, and Awareness 147
Levels Required 147
Methods and Techniques 148
Periodic Content Reviews 148
Review All Key Topics 148
Complete the Tables and Lists from Memory 150
Define Key Terms 150
Answers and Explanations 157
Chapter 2 Asset Security 165
Asset Security Concepts 166
Asset and Data Policies 166
Data Quality 167
Data Documentation and Organization 168
Identify and Classify Information and Assets 169
Data and Asset Classification 170
Sensitivity and Criticality 170
PII 171
PHI 173
Proprietary Data 175
Private Sector Data Classifications 175
Military and Government Data Classifications 176
Information and Asset Handling Requirements 177
Marking, Labeling, and Storing 178
Destruction 178
Provision Resources Securely 179
Asset Inventory and Asset Management 179
Data Life Cycle 180
Databases 182
DBMS Architecture and Models 182
Database Interface Languages 185
Data Warehouses and Data Mining 185
Database Maintenance 186
Database Threats 186
Database Views 187Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Security Education, Training, and Awareness 147
Levels Required 147
Methods and Techniques 148
Periodic Content Reviews 148
Review All Key Topics 148
Complete the Tables and Lists from Memory 150
Define Key Terms 150
Answers and Explanations 157
Chapter 2 Asset Security 165
Asset Security Concepts 166
Asset and Data Policies 166
Data Quality 167
Data Documentation and Organization 168
Identify and Classify Information and Assets 169
Data and Asset Classification 170
Sensitivity and Criticality 170
PII 171
PHI 173
Proprietary Data 175
Private Sector Data Classifications 175
Military and Government Data Classifications 176
Information and Asset Handling Requirements 177
Marking, Labeling, and Storing 178
Destruction 178
Provision Resources Securely 179
Asset Inventory and Asset Management 179
Data Life Cycle 180
Databases 182
DBMS Architecture and Models 182
Database Interface Languages 185
Data Warehouses and Data Mining 185
Database Maintenance 186
Database Threats 186
Database Views 187Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 14...
Contents xiii
Database Locks 187
Polyinstantiation 187
Database ACID Test 187
Roles and Responsibilities 188
Data Owner 188
Data Controller 189
Data Custodian 189
System Owners 189
System Custodians 190
Business/Mission Owners 190
Data Processors 190
Data Users and Subjects 191
Data Collection and Limitation 191
Data Location 192
Data Maintenance 192
Data Retention 193
Data Remanence and Destruction 193
Data Audit 194
Asset Retention 195
Data Security Controls 197
Data Security 197
Data States 197
Data at Rest 198
Data in Transit 198
Data in Use 198
Data Access and Sharing 198
Data Storage and Archiving 199
Baselines 200
Scoping and Tailoring 201
Standards Selection 201
Data Protection Methods 202
Cryptography 202
Digital Rights Management (DRM) 203Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Database Locks 187
Polyinstantiation 187
Database ACID Test 187
Roles and Responsibilities 188
Data Owner 188
Data Controller 189
Data Custodian 189
System Owners 189
System Custodians 190
Business/Mission Owners 190
Data Processors 190
Data Users and Subjects 191
Data Collection and Limitation 191
Data Location 192
Data Maintenance 192
Data Retention 193
Data Remanence and Destruction 193
Data Audit 194
Asset Retention 195
Data Security Controls 197
Data Security 197
Data States 197
Data at Rest 198
Data in Transit 198
Data in Use 198
Data Access and Sharing 198
Data Storage and Archiving 199
Baselines 200
Scoping and Tailoring 201
Standards Selection 201
Data Protection Methods 202
Cryptography 202
Digital Rights Management (DRM) 203Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 15...
xiv CISSP Cert Guide
Data Loss Prevention (DLP) 204
Cloud Access Security Broker (CASB) 204
Review All Key Topics 205
Define Key Terms 205
Answers and Explanations 207
Chapter 3 Security Architecture and Engineering 213
Engineering Processes Using Secure Design Principles 214
Objects and Subjects 215
Closed Versus Open Systems 215
Threat Modeling 215
Least Privilege 216
Defense in Depth 216
Secure Defaults 216
Fail Securely 217
Separation of Duties (SoD) 217
Keep It Simple 218
Zero Trust 218
Privacy by Design 218
Trust but Verify 219
Shared Responsibility 219
Security Model Concepts 220
Confidentiality, Integrity, and Availability 220
Confinement 220
Bounds 221
Isolation 221
Security Modes 221
Dedicated Security Mode 221
System High Security Mode 221
Compartmented Security Mode 222
Multilevel Security Mode 222
Assurance and Trust 222
Security Model Types 222
State Machine Models 223
Multilevel Lattice Models 223Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Data Loss Prevention (DLP) 204
Cloud Access Security Broker (CASB) 204
Review All Key Topics 205
Define Key Terms 205
Answers and Explanations 207
Chapter 3 Security Architecture and Engineering 213
Engineering Processes Using Secure Design Principles 214
Objects and Subjects 215
Closed Versus Open Systems 215
Threat Modeling 215
Least Privilege 216
Defense in Depth 216
Secure Defaults 216
Fail Securely 217
Separation of Duties (SoD) 217
Keep It Simple 218
Zero Trust 218
Privacy by Design 218
Trust but Verify 219
Shared Responsibility 219
Security Model Concepts 220
Confidentiality, Integrity, and Availability 220
Confinement 220
Bounds 221
Isolation 221
Security Modes 221
Dedicated Security Mode 221
System High Security Mode 221
Compartmented Security Mode 222
Multilevel Security Mode 222
Assurance and Trust 222
Security Model Types 222
State Machine Models 223
Multilevel Lattice Models 223Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 16...
Contents xv
Matrix-Based Models 223
Noninterference Models 224
Information Flow Models 224
Take-Grant Model 225
Security Models 226
Bell-LaPadula Model 226
Biba Model 228
Clark-Wilson Integrity Model 228
Lipner Model 229
Brewer-Nash (Chinese Wall) Model 229
Graham-Denning Model 230
Harrison-Ruzzo-Ullman Model 230
Goguen-Meseguer Model 230
Sutherland Model 230
System Architecture Steps 230
ISO/IEC 42010:2011 231
Computing Platforms 231
Mainframe/Thin Clients 232
Distributed Systems 232
Middleware 232
Embedded Systems 232
Mobile Computing 233
Virtual Computing 233
Security Services 234
Boundary Control Services 234
Access Control Services 234
Integrity Services 234
Cryptography Services 234
Auditing and Monitoring Services 234
System Components 235
CPU 235
Memory and Storage 238
Input/Output Devices 241
Input/Output Structures 241Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Matrix-Based Models 223
Noninterference Models 224
Information Flow Models 224
Take-Grant Model 225
Security Models 226
Bell-LaPadula Model 226
Biba Model 228
Clark-Wilson Integrity Model 228
Lipner Model 229
Brewer-Nash (Chinese Wall) Model 229
Graham-Denning Model 230
Harrison-Ruzzo-Ullman Model 230
Goguen-Meseguer Model 230
Sutherland Model 230
System Architecture Steps 230
ISO/IEC 42010:2011 231
Computing Platforms 231
Mainframe/Thin Clients 232
Distributed Systems 232
Middleware 232
Embedded Systems 232
Mobile Computing 233
Virtual Computing 233
Security Services 234
Boundary Control Services 234
Access Control Services 234
Integrity Services 234
Cryptography Services 234
Auditing and Monitoring Services 234
System Components 235
CPU 235
Memory and Storage 238
Input/Output Devices 241
Input/Output Structures 241Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 17...
xvi CISSP Cert Guide
Firmware 242
Operating Systems 243
Memory Management 244
System Security Evaluation Models 244
TCSEC 245
Rainbow Series 245
ITSEC 248
Common Criteria 250
Security Implementation Standards 252
ISO/IEC 27001 253
ISO/IEC 27002 254
Payment Card Industry Data Security Standard (PCI DSS) 255
Controls and Countermeasures 255
Certification and Accreditation 256
Control Selection Based on Systems Security Requirements 256
Security Capabilities of Information Systems 257
Memory Protection 257
Trusted Platform Module 258
Interfaces 259
Fault Tolerance 259
Policy Mechanisms 260
Separation of Privilege 260
Accountability 260
Encryption/Decryption 260
Security Architecture Maintenance 261
Vulnerabilities of Security Architectures, Designs, and Solution
Elements 261
Client-Based Systems 262
Server-Based Systems 263
Data Flow Control 263
Database Systems 264
Inference 264
Aggregation 264
Contamination 264Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Firmware 242
Operating Systems 243
Memory Management 244
System Security Evaluation Models 244
TCSEC 245
Rainbow Series 245
ITSEC 248
Common Criteria 250
Security Implementation Standards 252
ISO/IEC 27001 253
ISO/IEC 27002 254
Payment Card Industry Data Security Standard (PCI DSS) 255
Controls and Countermeasures 255
Certification and Accreditation 256
Control Selection Based on Systems Security Requirements 256
Security Capabilities of Information Systems 257
Memory Protection 257
Trusted Platform Module 258
Interfaces 259
Fault Tolerance 259
Policy Mechanisms 260
Separation of Privilege 260
Accountability 260
Encryption/Decryption 260
Security Architecture Maintenance 261
Vulnerabilities of Security Architectures, Designs, and Solution
Elements 261
Client-Based Systems 262
Server-Based Systems 263
Data Flow Control 263
Database Systems 264
Inference 264
Aggregation 264
Contamination 264Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 18...
Contents xvii
Data Mining Warehouse 264
Cryptographic Systems 265
Industrial Control Systems 265
Cloud-Based Systems 268
Large-Scale Parallel Data Systems 274
Distributed Systems 275
Grid Computing 275
Peer-to-Peer Computing 275
Internet of Things 276
IoT Examples 277
Methods of Securing IoT Devices 277
NIST Framework for Cyber-Physical Systems 278
Microservices 280
Containerization 281
Serverless Systems 281
High-Performance Computing Systems 282
Edge Computing Systems 282
Virtualized Systems 283
Vulnerabilities in Web-Based Systems 283
Maintenance Hooks 284
Time-of-Check/Time-of-Use Attacks 284
Web-Based Attacks 285
XML 285
SAML 285
OWASP 286
Vulnerabilities in Mobile Systems 286
Device Security 287
Application Security 287
Mobile Device Concerns 287
NIST SP 800-164 290
Vulnerabilities in Embedded Systems 291
Cryptographic Solutions 292
Cryptography Concepts 292
Cryptography History 294Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Data Mining Warehouse 264
Cryptographic Systems 265
Industrial Control Systems 265
Cloud-Based Systems 268
Large-Scale Parallel Data Systems 274
Distributed Systems 275
Grid Computing 275
Peer-to-Peer Computing 275
Internet of Things 276
IoT Examples 277
Methods of Securing IoT Devices 277
NIST Framework for Cyber-Physical Systems 278
Microservices 280
Containerization 281
Serverless Systems 281
High-Performance Computing Systems 282
Edge Computing Systems 282
Virtualized Systems 283
Vulnerabilities in Web-Based Systems 283
Maintenance Hooks 284
Time-of-Check/Time-of-Use Attacks 284
Web-Based Attacks 285
XML 285
SAML 285
OWASP 286
Vulnerabilities in Mobile Systems 286
Device Security 287
Application Security 287
Mobile Device Concerns 287
NIST SP 800-164 290
Vulnerabilities in Embedded Systems 291
Cryptographic Solutions 292
Cryptography Concepts 292
Cryptography History 294Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 19...
xviii CISSP Cert Guide
Julius Caesar and the Caesar Cipher 295
Vigenere Cipher 295
Kerckhoffs’s Principle 297
World War II Enigma 297
Lucifer by IBM 298
Cryptosystem Features 298
Authentication 298
Confidentiality 298
Integrity 298
Authorization 299
Non-repudiation 299
NIST SP 800-175A and B 299
Cryptographic Mathematics 300
Boolean 300
Logical Operations (And, Or, Not, Exclusive Or) 300
Modulo Function 302
One-Way Function 302
Nonce 302
Split Knowledge 302
Cryptographic Life Cycle 302
Key Management 303
Algorithm Selection 304
Cryptographic Types 304
Running Key and Concealment Ciphers 305
Substitution Ciphers 305
One-Time Pads 306
Steganography 307
Transposition Ciphers 307
Symmetric Algorithms 308
Stream-Based Ciphers 309
Block Ciphers 310
Initialization Vectors (IVs) 310
Asymmetric Algorithms 310
Hybrid Ciphers 311Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Julius Caesar and the Caesar Cipher 295
Vigenere Cipher 295
Kerckhoffs’s Principle 297
World War II Enigma 297
Lucifer by IBM 298
Cryptosystem Features 298
Authentication 298
Confidentiality 298
Integrity 298
Authorization 299
Non-repudiation 299
NIST SP 800-175A and B 299
Cryptographic Mathematics 300
Boolean 300
Logical Operations (And, Or, Not, Exclusive Or) 300
Modulo Function 302
One-Way Function 302
Nonce 302
Split Knowledge 302
Cryptographic Life Cycle 302
Key Management 303
Algorithm Selection 304
Cryptographic Types 304
Running Key and Concealment Ciphers 305
Substitution Ciphers 305
One-Time Pads 306
Steganography 307
Transposition Ciphers 307
Symmetric Algorithms 308
Stream-Based Ciphers 309
Block Ciphers 310
Initialization Vectors (IVs) 310
Asymmetric Algorithms 310
Hybrid Ciphers 311Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 20...
Contents xix
Elliptic Curves 312
Quantum Cryptography 312
Symmetric Algorithms 312
DES and 3DES 313
DES Modes 313
3DES and Modes 316
AES 316
IDEA 317
Skipjack 317
Blowfish 317
Twofish 318
RC4/RC5/RC6/RC7 318
CAST 318
Asymmetric Algorithms 319
Diffie-Hellman 320
RSA 320
El Gamal 321
ECC 321
Knapsack 322
Zero-Knowledge Proof 322
Public Key Infrastructure and Digital Certificates 322
Certificate Authority and Registration Authority 323
Certificates 323
Certificate Life Cycle 324
Enrollment 325
Verification 326
Revocation 326
Renewal and Modification 327
Certificate Revocation List 327
OCSP 327
PKI Steps 327
Cross-Certification 328
Key Management Practices 328
Message Integrity 332Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Elliptic Curves 312
Quantum Cryptography 312
Symmetric Algorithms 312
DES and 3DES 313
DES Modes 313
3DES and Modes 316
AES 316
IDEA 317
Skipjack 317
Blowfish 317
Twofish 318
RC4/RC5/RC6/RC7 318
CAST 318
Asymmetric Algorithms 319
Diffie-Hellman 320
RSA 320
El Gamal 321
ECC 321
Knapsack 322
Zero-Knowledge Proof 322
Public Key Infrastructure and Digital Certificates 322
Certificate Authority and Registration Authority 323
Certificates 323
Certificate Life Cycle 324
Enrollment 325
Verification 326
Revocation 326
Renewal and Modification 327
Certificate Revocation List 327
OCSP 327
PKI Steps 327
Cross-Certification 328
Key Management Practices 328
Message Integrity 332Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 21...
xx CISSP Cert Guide
Hashing 333
One-Way Hash 333
MD2/MD4/MD5/MD6 335
SHA/SHA-2/SHA-3 336
HAVAL 337
RIPEMD-160 337
Tiger 337
Message Authentication Code 337
HMAC 337
CBC-MAC 338
CMAC 338
Salting 339
Digital Signatures and Non-repudiation 339
DSS 340
Non-repudiation 340
Applied Cryptography 340
Link Encryption Versus End-to-End Encryption 340
Email Security 340
Internet Security 341
Cryptanalytic Attacks 341
Ciphertext-Only Attack 342
Known Plaintext Attack 342
Chosen Plaintext Attack 342
Chosen Ciphertext Attack 342
Social Engineering 342
Brute Force 343
Differential Cryptanalysis 343
Linear Cryptanalysis 343
Algebraic Attack 343
Frequency Analysis 343
Birthday Attack 344
Dictionary Attack 344
Replay Attack 344Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Hashing 333
One-Way Hash 333
MD2/MD4/MD5/MD6 335
SHA/SHA-2/SHA-3 336
HAVAL 337
RIPEMD-160 337
Tiger 337
Message Authentication Code 337
HMAC 337
CBC-MAC 338
CMAC 338
Salting 339
Digital Signatures and Non-repudiation 339
DSS 340
Non-repudiation 340
Applied Cryptography 340
Link Encryption Versus End-to-End Encryption 340
Email Security 340
Internet Security 341
Cryptanalytic Attacks 341
Ciphertext-Only Attack 342
Known Plaintext Attack 342
Chosen Plaintext Attack 342
Chosen Ciphertext Attack 342
Social Engineering 342
Brute Force 343
Differential Cryptanalysis 343
Linear Cryptanalysis 343
Algebraic Attack 343
Frequency Analysis 343
Birthday Attack 344
Dictionary Attack 344
Replay Attack 344Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 22...
Contents xxi
Analytic Attack 344
Statistical Attack 344
Factoring Attack 344
Reverse Engineering 344
Meet-in-the-Middle Attack 345
Ransomware Attack 345
Side-Channel Attack 345
Implementation Attack 345
Fault Injection 345
Timing Attack 346
Pass-the-Hash Attack 346
Digital Rights Management 346
Document DRM 347
Music DRM 347
Movie DRM 347
Video Game DRM 348
E-book DRM 348
Site and Facility Design 348
Layered Defense Model 348
CPTED 348
Natural Access Control 349
Natural Surveillance 349
Natural Territorials Reinforcement 349
Physical Security Plan 350
Deter Criminal Activity 350
Delay Intruders 350
Detect Intruders 350
Assess Situation 350
Respond to Intrusions and Disruptions 350
Facility Selection Issues 351
Visibility 351
Surrounding Area and External Entities 351
Accessibility 351
Construction 352Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Analytic Attack 344
Statistical Attack 344
Factoring Attack 344
Reverse Engineering 344
Meet-in-the-Middle Attack 345
Ransomware Attack 345
Side-Channel Attack 345
Implementation Attack 345
Fault Injection 345
Timing Attack 346
Pass-the-Hash Attack 346
Digital Rights Management 346
Document DRM 347
Music DRM 347
Movie DRM 347
Video Game DRM 348
E-book DRM 348
Site and Facility Design 348
Layered Defense Model 348
CPTED 348
Natural Access Control 349
Natural Surveillance 349
Natural Territorials Reinforcement 349
Physical Security Plan 350
Deter Criminal Activity 350
Delay Intruders 350
Detect Intruders 350
Assess Situation 350
Respond to Intrusions and Disruptions 350
Facility Selection Issues 351
Visibility 351
Surrounding Area and External Entities 351
Accessibility 351
Construction 352Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 23...
xxii CISSP Cert Guide
Internal Compartments 352
Computer and Equipment Rooms 353
Site and Facility Security Controls 353
Doors 353
Door Lock Types 354
Turnstiles and Mantraps 354
Locks 355
Biometrics 356
Type of Glass Used for Entrances 356
Visitor Control 357
Wiring Closets/Intermediate Distribution Facilities 357
Restricted and Work Areas 357
Secure Data Center 357
Restricted Work Area 358
Server Room 358
Media Storage Facilities 358
Evidence Storage 358
Environmental Security and Issues 358
Fire Protection 359
Power Supply 360
HVAC 361
Water Leakage and Flooding 362
Environmental Alarms 362
Equipment Physical Security 362
Corporate Procedures 362
Safes, Vaults, and Locking 364
Review All Key Topics 364
Complete the Tables and Lists from Memory 366
Define Key Terms 366
Answers and Explanations 372
Chapter 4 Communication and Network Security 377
Secure Network Design Principles 378
OSI Model 378
Application Layer 379Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Internal Compartments 352
Computer and Equipment Rooms 353
Site and Facility Security Controls 353
Doors 353
Door Lock Types 354
Turnstiles and Mantraps 354
Locks 355
Biometrics 356
Type of Glass Used for Entrances 356
Visitor Control 357
Wiring Closets/Intermediate Distribution Facilities 357
Restricted and Work Areas 357
Secure Data Center 357
Restricted Work Area 358
Server Room 358
Media Storage Facilities 358
Evidence Storage 358
Environmental Security and Issues 358
Fire Protection 359
Power Supply 360
HVAC 361
Water Leakage and Flooding 362
Environmental Alarms 362
Equipment Physical Security 362
Corporate Procedures 362
Safes, Vaults, and Locking 364
Review All Key Topics 364
Complete the Tables and Lists from Memory 366
Define Key Terms 366
Answers and Explanations 372
Chapter 4 Communication and Network Security 377
Secure Network Design Principles 378
OSI Model 378
Application Layer 379Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 24...
Contents xxiii
Presentation Layer 379
Session Layer 380
Transport Layer 380
Network Layer 380
Data Link Layer 381
Physical Layer 381
TCP/IP Model 383
Application Layer 383
Transport Layer 384
Internet Layer 386
Link Layer 388
Encapsulation and De-encapsulation 388
IP Networking 389
Common TCP/UDP Ports 389
Logical and Physical Addressing 391
IPv4 392
IP Classes 393
Public Versus Private IP Addresses 394
NAT 394
MAC Addressing 399
Network Transmission 399
Analog Versus Digital 399
Asynchronous Versus Synchronous 400
Broadband Versus Baseband 401
Unicast, Multicast, and Broadcast 402
Wired Versus Wireless 403
IPv6 403
NIST SP 800-119 404
IPv6 Major Features 406
IPv4 Versus IPv6 Threat Comparison 409
IPv6 Addressing 410
Shorthand for Writing IPv6 Addresses 412
IPv6 Address Types 414
IPv6 Address Scope 415Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Presentation Layer 379
Session Layer 380
Transport Layer 380
Network Layer 380
Data Link Layer 381
Physical Layer 381
TCP/IP Model 383
Application Layer 383
Transport Layer 384
Internet Layer 386
Link Layer 388
Encapsulation and De-encapsulation 388
IP Networking 389
Common TCP/UDP Ports 389
Logical and Physical Addressing 391
IPv4 392
IP Classes 393
Public Versus Private IP Addresses 394
NAT 394
MAC Addressing 399
Network Transmission 399
Analog Versus Digital 399
Asynchronous Versus Synchronous 400
Broadband Versus Baseband 401
Unicast, Multicast, and Broadcast 402
Wired Versus Wireless 403
IPv6 403
NIST SP 800-119 404
IPv6 Major Features 406
IPv4 Versus IPv6 Threat Comparison 409
IPv6 Addressing 410
Shorthand for Writing IPv6 Addresses 412
IPv6 Address Types 414
IPv6 Address Scope 415Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 25...
xxiv CISSP Cert Guide
Network Types 416
Local-Area Network (LAN) 417
Intranet 417
Extranet 418
MAN 418
WAN 419
WLAN 420
SAN 420
CAN 421
PAN 421
Protocols and Services 421
ARP/RARP 422
DHCP/BOOTP 423
DNS 424
FTP, FTPS, SFTP, and TFTP 424
HTTP, HTTPS, and S-HTTP 425
ICMP 425
IGMP 426
IMAP 426
LDAP 426
LDP 426
NAT 426
NetBIOS 426
NFS 427
PAT 427
POP 427
CIFS/SMB 427
SMTP 427
SNMP 427
SSL/TLS 428
Multilayer Protocols 428
Converged Protocols 429
FCoE 429
MPLS 430Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Network Types 416
Local-Area Network (LAN) 417
Intranet 417
Extranet 418
MAN 418
WAN 419
WLAN 420
SAN 420
CAN 421
PAN 421
Protocols and Services 421
ARP/RARP 422
DHCP/BOOTP 423
DNS 424
FTP, FTPS, SFTP, and TFTP 424
HTTP, HTTPS, and S-HTTP 425
ICMP 425
IGMP 426
IMAP 426
LDAP 426
LDP 426
NAT 426
NetBIOS 426
NFS 427
PAT 427
POP 427
CIFS/SMB 427
SMTP 427
SNMP 427
SSL/TLS 428
Multilayer Protocols 428
Converged Protocols 429
FCoE 429
MPLS 430Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 26...
Contents xxv
VoIP 431
iSCSI 431
Wireless Networks 431
FHSS, DSSS, OFDM, VOFDM, FDMA, TDMA, CDMA, OFDMA, and
GSM 432
802.11 Techniques 432
Cellular or Mobile Wireless Techniques 433
5G 434
Satellites 435
WLAN Structure 435
Access Point 435
Service Set Identifier (SSID) 436
Infrastructure Mode Versus Ad Hoc Mode 436
WLAN Standards 436
802.11 436
802.11a 436
802.11b 437
802.11g 437
802.11n (Wi-Fi 4) 437
802.11ac (Wi-Fi 5) 437
802.11ax (Wi-Fi 6) 438
802.11be (Wi-Fi 7) 438
Bluetooth 438
Infrared 439
Near Field Communication (NFC) 439
Zigbee 439
WLAN Security 439
Open System Authentication 440
Shared Key Authentication 440
WEP 440
WPA 440
WPA2 441
Personal Versus Enterprise 441
WPA3 441
802.1X 442Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
VoIP 431
iSCSI 431
Wireless Networks 431
FHSS, DSSS, OFDM, VOFDM, FDMA, TDMA, CDMA, OFDMA, and
GSM 432
802.11 Techniques 432
Cellular or Mobile Wireless Techniques 433
5G 434
Satellites 435
WLAN Structure 435
Access Point 435
Service Set Identifier (SSID) 436
Infrastructure Mode Versus Ad Hoc Mode 436
WLAN Standards 436
802.11 436
802.11a 436
802.11b 437
802.11g 437
802.11n (Wi-Fi 4) 437
802.11ac (Wi-Fi 5) 437
802.11ax (Wi-Fi 6) 438
802.11be (Wi-Fi 7) 438
Bluetooth 438
Infrared 439
Near Field Communication (NFC) 439
Zigbee 439
WLAN Security 439
Open System Authentication 440
Shared Key Authentication 440
WEP 440
WPA 440
WPA2 441
Personal Versus Enterprise 441
WPA3 441
802.1X 442Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 27...
xxvi CISSP Cert Guide
SSID Broadcast 443
MAC Filter 444
Wireless Site Surveys 444
Antenna Placement and Power Levels 444
Antenna Types 445
Communications Cryptography 445
Link Encryption 445
End-to-End Encryption 446
Email Security 446
PGP 446
MIME and S/MIME 447
Quantum Cryptography 448
Internet Security 448
Remote Access 448
HTTP, HTTPS, and S-HTTP 449
Secure Electronic Transaction (SET) 449
Cookies 449
SSH 450
IPsec 450
Secure Network Components 450
Hardware 450
Network Devices 450
Network Routing 468
Transmission Media 471
Cabling 471
Network Topologies 475
Network Technologies 479
WAN Technologies 486
Network Access Control Devices 491
Quarantine/Remediation 492
Firewalls/Proxies 493
Endpoint Security 493
Content-Distribution Networks 494Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
SSID Broadcast 443
MAC Filter 444
Wireless Site Surveys 444
Antenna Placement and Power Levels 444
Antenna Types 445
Communications Cryptography 445
Link Encryption 445
End-to-End Encryption 446
Email Security 446
PGP 446
MIME and S/MIME 447
Quantum Cryptography 448
Internet Security 448
Remote Access 448
HTTP, HTTPS, and S-HTTP 449
Secure Electronic Transaction (SET) 449
Cookies 449
SSH 450
IPsec 450
Secure Network Components 450
Hardware 450
Network Devices 450
Network Routing 468
Transmission Media 471
Cabling 471
Network Topologies 475
Network Technologies 479
WAN Technologies 486
Network Access Control Devices 491
Quarantine/Remediation 492
Firewalls/Proxies 493
Endpoint Security 493
Content-Distribution Networks 494Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 28...
Contents xxvii
Secure Communication Channels 495
Voice 495
Multimedia Collaboration 495
Remote Meeting Technology 496
Instant Messaging 496
Remote Access 497
Remote Connection Technologies 497
VPN Screen Scraper 506
Virtual Application/Desktop 506
Telecommuting/Teleworking 506
Data Communications 507
Virtualized Networks 507
SDN 507
Virtual SAN 508
Guest Operating Systems 508
Federated Identity with a Third-Party 508
Network Attacks 509
Cabling 509
Noise 509
Attenuation 509
Crosstalk 510
Eavesdropping 510
Network Component Attacks 510
Non-Blind Spoofing 510
Blind Spoofing 511
Man-in-the-Middle Attack 511
MAC Flooding Attack 511
802.1Q and Inter-Switch Link Protocol (ISL) Tagging Attack 511
Double-Encapsulated 802.1Q/Nested VLAN Attack 512
ARP Attack 512
ICMP Attacks 512
Ping of Death 512
Smurf 512
Fraggle 513
ICMP Redirect 513Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Secure Communication Channels 495
Voice 495
Multimedia Collaboration 495
Remote Meeting Technology 496
Instant Messaging 496
Remote Access 497
Remote Connection Technologies 497
VPN Screen Scraper 506
Virtual Application/Desktop 506
Telecommuting/Teleworking 506
Data Communications 507
Virtualized Networks 507
SDN 507
Virtual SAN 508
Guest Operating Systems 508
Federated Identity with a Third-Party 508
Network Attacks 509
Cabling 509
Noise 509
Attenuation 509
Crosstalk 510
Eavesdropping 510
Network Component Attacks 510
Non-Blind Spoofing 510
Blind Spoofing 511
Man-in-the-Middle Attack 511
MAC Flooding Attack 511
802.1Q and Inter-Switch Link Protocol (ISL) Tagging Attack 511
Double-Encapsulated 802.1Q/Nested VLAN Attack 512
ARP Attack 512
ICMP Attacks 512
Ping of Death 512
Smurf 512
Fraggle 513
ICMP Redirect 513Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 29...
xxviii CISSP Cert Guide
Ping Scanning 513
Traceroute Exploitation 513
DNS Attacks 514
DNS Cache Poisoning 514
DoS 514
DDoS 515
DNSSEC 515
URL Hiding 515
Domain Grabbing 516
Cybersquatting 516
Email Attacks 516
Email Spoofing 516
Spear Phishing 517
Whaling 518
Spam 518
Wireless Attacks 518
Wardriving 518
Warchalking 519
Remote Attacks 519
Other Attacks 519
SYN ACK Attacks 519
Session Hijacking 519
Port Scanning 520
Teardrop 520
IP Address Spoofing 520
Zero-Day 521
Ransomware 521
Review All Key Topics 521
Define Key Terms 522
Answers and Explanations 529
Chapter 5 Identity and Access Management (IAM) 535
Access Control Process 536
Identify Resources 536
Identify Users 536
Identify the Relationships Between Resources and Users 537Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Ping Scanning 513
Traceroute Exploitation 513
DNS Attacks 514
DNS Cache Poisoning 514
DoS 514
DDoS 515
DNSSEC 515
URL Hiding 515
Domain Grabbing 516
Cybersquatting 516
Email Attacks 516
Email Spoofing 516
Spear Phishing 517
Whaling 518
Spam 518
Wireless Attacks 518
Wardriving 518
Warchalking 519
Remote Attacks 519
Other Attacks 519
SYN ACK Attacks 519
Session Hijacking 519
Port Scanning 520
Teardrop 520
IP Address Spoofing 520
Zero-Day 521
Ransomware 521
Review All Key Topics 521
Define Key Terms 522
Answers and Explanations 529
Chapter 5 Identity and Access Management (IAM) 535
Access Control Process 536
Identify Resources 536
Identify Users 536
Identify the Relationships Between Resources and Users 537Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 30...
Contents xxix
Physical and Logical Access to Assets 537
Access Control Administration 538
Centralized 538
Decentralized 539
Information 539
Systems 539
Devices 540
Facilities 540
Applications 541
Identification and Authentication Concepts 541
NIST SP 800-63 542
Five Factors for Authentication 546
Knowledge Factors 546
Ownership Factors 550
Characteristic Factors 551
Location Factors 556
Time Factors 557
Single-Factor Versus Multifactor Authentication 557
Device Authentication 557
Identification and Authentication Implementation 558
Separation of Duties 558
Least Privilege/Need-to-Know 559
Default to No Access 560
Directory Services 560
Single Sign-on 561
Kerberos 562
SESAME 564
OpenID Connect (OIDC)/Open Authorization (Oauth) 564
Security Assertion Markup Language (SAML) 564
Federated Identity Management (IdM) 564
Security Domains 565
Session Management 566
Registration, Proof, and Establishment of Identity 566
Credential Management Systems 567Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Physical and Logical Access to Assets 537
Access Control Administration 538
Centralized 538
Decentralized 539
Information 539
Systems 539
Devices 540
Facilities 540
Applications 541
Identification and Authentication Concepts 541
NIST SP 800-63 542
Five Factors for Authentication 546
Knowledge Factors 546
Ownership Factors 550
Characteristic Factors 551
Location Factors 556
Time Factors 557
Single-Factor Versus Multifactor Authentication 557
Device Authentication 557
Identification and Authentication Implementation 558
Separation of Duties 558
Least Privilege/Need-to-Know 559
Default to No Access 560
Directory Services 560
Single Sign-on 561
Kerberos 562
SESAME 564
OpenID Connect (OIDC)/Open Authorization (Oauth) 564
Security Assertion Markup Language (SAML) 564
Federated Identity Management (IdM) 564
Security Domains 565
Session Management 566
Registration, Proof, and Establishment of Identity 566
Credential Management Systems 567Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Loading page 31...
30 more pages available. Scroll down to load them.
Preview Mode
Sign in to access the full document!
100%
Study Now!
XY-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
AI Assistant
Document Details
Subject
Certified Information Systems Security Professional