CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide. Gibson Darril

Чтение книги онлайн.

СКАЧАТЬ Development Security

      Each chapter includes elements to help you focus your studies and test your knowledge, detailed in the following sections. Note: please see the table of contents and chapter introductions for a detailed list of domain topics covered in each chapter.

The Elements of This Study Guide

      You’ll see many recurring elements as you read through this study guide. Here are descriptions of some of those elements:

      Summaries The summary is a brief review of the chapter to sum up what was covered.

      Exam Essentials The Exam Essentials highlight topics that could appear on the exam in some form. While we obviously do not know exactly what will be included in a particular exam, this section reinforces significant concepts that are key to understanding the Common Body of Knowledge (CBK) area and the test specs for the CISSP exam.

      Chapter Review Questions Each chapter includes practice questions that have been designed to measure your knowledge of key ideas that were discussed in the chapter. After you finish each chapter, answer the questions; if some of your answers are incorrect, it’s an indication that you need to spend some more time studying the corresponding topics. The answers to the practice questions can be found at the end of each chapter.

      Written Labs Each chapter includes written labs that synthesize various concepts and topics that appear in the chapter. These raise questions that are designed to help you put together various pieces you’ve encountered individually in the chapter and assemble them to propose or describe potential security strategies or solutions.

      Real-World Scenarios As you work through each chapter, you’ll find descriptions of typical and plausible workplace situations where an understanding of the security strategies and approaches relevant to the chapter content could play a role in fixing problems or in fending off potential difficulties. This gives readers a chance to see how specific security policies, guidelines, or practices should or may be applied to the workplace.

What’s Included with the Additional Study Tools

      Readers of this book can get access to a number of additional study tools. We worked really hard to provide some essential tools to help you with your certification process. All of the following gear should be loaded on your workstation when studying for the test.

      Readers can get access to the following tools by visiting sybextestbanks.wiley.com.

      The Sybex Test Preparation Software

      The test preparation software, made by experts at Sybex, prepares you for the CISSP exam. In this test engine, you will find all the review and assessment questions from the book plus additional bonus practice exams that are included with the study tools. You can take the assessment test, test yourself by chapter, take the practice exams, or take a randomly generated exam comprising all the questions.

      Electronic Flashcards

      Sybex’s electronic flashcards include hundreds of questions designed to challenge you further for the CISSP exam. Between the review questions, practice exams, and flashcards, you’ll have more than enough practice for the exam!

      Glossary of Terms in PDF

      Sybex offers a robust glossary of terms in PDF format. This comprehensive glossary includes all of the key terms you should understand for the CISSP, in a searchable format.

      Bonus Practice Exams

      Sybex includes bonus practice exams, each comprising questions meant to survey your understanding of key elements in the CISSP CBK. This book has four bonus exams, each comprising 250 full-length questions. These exams are available digitally at http://sybextestbanks.wiley.com.

How to Use This Book’s Study Tools

      This book has a number of features designed to guide your study efforts for the CISSP certification exam. It assists you by listing at the beginning of each chapter the CISSP Common Body of Knowledge domain topics covered in the chapter and by ensuring that each topic is fully discussed within the chapter. The review questions at the end of each chapter and the practice exams are designed to test your retention of the material you’ve read to make sure you are aware of areas in which you should spend additional study time. Here are some suggestions for using this book and study tools (found at sybextestbanks.wiley.com):

      ■ Take the assessment test before you start reading the material. This will give you an idea of the areas in which you need to spend additional study time as well as those areas in which you may just need a brief refresher.

      ■ Answer the review questions after you’ve read each chapter; if you answer any incorrectly, go back to the chapter and review the topic, or utilize one of the additional resources if you need more information.

      ■ Download the flashcards to your mobile device, and review them when you have a few minutes during the day.

      ■ Take every opportunity to test yourself. In addition to the assessment test and review questions, there are bonus practice exams included with the additional study tools. Take these exams without referring to the chapters and see how well you’ve done – go back and review any topics you’ve missed until you fully understand and can apply the concepts.

      Finally, find a study partner if possible. Studying for, and taking, the exam with someone else will make the process more enjoyable, and you’ll have someone to help you understand topics that are difficult for you. You’ll also be able to reinforce your own knowledge by helping your study partner in areas where they are weak.

      Assessment Test

      1. Which of the following types of access control seeks to discover evidence of unwanted, unauthorized, or illicit behavior or activity?

      A. Preventive

      B. Deterrent

      C. Detective

      D. Corrective

      2. Define and detail the aspects of password selection that distinguish good password choices from ultimately poor password choices.

      A. Difficult to guess or unpredictable

      B. Meet minimum length requirements

      C. Meet specific complexity requirements

      D. All of the above

      3. Which of the following is most likely to detect DoS attacks?

      A. Host-based IDS

      B. Network-based IDS

      C. Vulnerability scanner

      D. Penetration testing

      4. Which of the following is considered a denial of service attack?

      A. Pretending to be a technical manager over the phone and asking a receptionist to change their password

      B. While surfing the Web, sending to a web server a malformed URL that causes the system to consume 100 percent of the CPU

      C. СКАЧАТЬ