(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. Mike Chapple

Чтение книги онлайн.

СКАЧАТЬ 8.2.2 Libraries 20 8.2.3 Tool sets 20 8.2.4 Integrated Development Environment (IDE) 20 8.2.5 Runtime 20 8.2.6 Continuous Integration and Continuous Delivery (CI/CD) 20 8.2.7 Security Orchestration, Automation, and Response (SOAR) 17 8.2.8 Software Configuration Management (SCM) 20 8.2.9 Code repositories 20 8.2.10 Application security testing (e.g., Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST)) 15 8.3 Assess the effectiveness of software security 20 8.3.1 Auditing and logging of changes 20 8.3.2 Risk analysis and mitigation 20 8.4 Assess security impact of acquired software 16, 20 8.4.1 Commercial-off-the-shelf (COTS) 20 8.4.2 Open source 20 8.4.3 Third-party 20 8.4.4 Managed services (e.g., Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS)) 16 8.5 Define and apply secure coding guidelines and standards 20, 21 8.5.1 Security weaknesses and vulnerabilities at the source-code level 21 8.5.2 Security of Application Programming Interfaces (APIs) 20 8.5.3 Secure coding practices 20 8.5.4 Software-defined security 20

Reader Support for This Book

      How to Contact the Publisher

      If you believe you've found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.

      In order to submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line “Possible Book Errata Submission.”

Assessment Test

      1 Which of the following types of access control seeks to discover evidence of unwanted, unauthorized, or illicit behavior or activity?PreventiveDeterrentDetectiveCorrective

      2 Define and detail the aspects of password selection that distinguish good password choices from ultimately poor password choices.Is difficult to guess or unpredictableMeets minimum length requirementsMeets specific complexity requirementsAll of the above

      3 Some adversaries use DoS attacks as their primary weapon to harm targets, whereas others may use them as weapons of last resort when all other attempts to intrude on a target fail. Which of the following is most likely to detect DoS attacks?Host-based IDSNetwork-based IDSVulnerability scannerPenetration testing

      4 Unfortunately, attackers have many options of attacks to perform against their targets. Which of the following is considered a denial-of-service (DoS) attack?Pretending to be a technical manager over the phone and asking a receptionist to change their passwordWhile surfing the web, sending to a web server a malformed URL that causes the system to consume 100 percent of the CPUIntercepting network traffic by copying the packets as they pass through a specific subnetSending message packets to a recipient who did not request them, simply to be annoying

      5 Hardware networking devices operate within the protocol stack just like protocols themselves. Thus, hardware networking devices can be associated with an OSI model layer related to the protocols they manage or control. At which layer of the СКАЧАТЬ