(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests (eBook)
496 Seiten
Wiley (Verlag)
978-1-119-78764-8 (ISBN)
Full-length practice tests covering all CISSP domains for the ultimate exam prep
The (ISC)2 CISSP Official Practice Tests is a major resource for (ISC)2 Certified Information Systems Security Professional (CISSP) candidates, providing 1300 unique practice questions. The first part of the book provides 100 questions per domain. You also have access to four unique 125-question practice exams to help you master the material. As the only official practice tests endorsed by (ISC)2, this book gives you the advantage of full and complete preparation. These practice tests align with the 2021 version of the exam to ensure up-to-date preparation, and are designed to cover what you will see on exam day. Coverage includes: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security.
The CISSP credential signifies a body of knowledge and a set of guaranteed skills that put you in demand in the marketplace. This book is your ticket to achieving this prestigious certification, by helping you test what you know against what you need to know.
- Test your knowledge of the 2021 exam domains
- Identify areas in need of further study
- Gauge your progress throughout your exam preparation
- Practice test taking with Sybex's online test environment containing the questions from the book
The CISSP exam is refreshed every few years to ensure that candidates are up-to-date on the latest security topics and trends. Currently-aligned preparation resources are critical, and periodic practice tests are one of the best ways to truly measure your level of understanding.
ABOUT THE AUTHORS
Mike Chapple, PhD, CISSP, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame's Mendoza College of Business and serves as the Academic Director of the University's Master of Science in Business Analytics program. He holds multiple additional certifications, including the CIPP/US, CySA+, CISM, PenTest+, and Security+. He is a bestselling author of more than 25 books including (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide,7th, 8th, and 9th Editions.
David Seidl, CISSP, is Vice President for Information Technology and CIO at Miami University. During his IT career, he has served in a variety of technical and information security roles including serving at the Senior Director for Campus Technology Services at the University of Notre Dame where he co-led Notre Dame's move to the cloud. He holds multiple additional technical certifications including CySA+, Pentest+, GPEN, and GCIH. David has written books on security certification and cyberwarfare, including co-authoring the previous editions of CISSP (ISC)2 Official Practice Tests as well as multiple cybersecurity Sybex Study Guides and Practice Tests for other certifications.
Full-length practice tests covering all CISSP domains for the ultimate exam prep The (ISC)2 CISSP Official Practice Tests is a major resource for (ISC)2 Certified Information Systems Security Professional (CISSP) candidates, providing 1300 unique practice questions. The first part of the book provides 100 questions per domain. You also have access to four unique 125-question practice exams to help you master the material. As the only official practice tests endorsed by (ISC)2, this book gives you the advantage of full and complete preparation. These practice tests align with the 2021 version of the exam to ensure up-to-date preparation, and are designed to cover what you will see on exam day. Coverage includes: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security. The CISSP credential signifies a body of knowledge and a set of guaranteed skills that put you in demand in the marketplace. This book is your ticket to achieving this prestigious certification, by helping you test what you know against what you need to know. Test your knowledge of the 2021 exam domains Identify areas in need of further study Gauge your progress throughout your exam preparation Practice test taking with Sybex s online test environment containing the questions from the book, which is supported by Wiley's support agents who are available 24x7 via email or live chat to assist with access and login questions The CISSP exam is refreshed every few years to ensure that candidates are up-to-date on the latest security topics and trends. Currently-aligned preparation resources are critical, and periodic practice tests are one of the best ways to truly measure your level of understanding.
ABOUT THE AUTHORS Mike Chapple, PhD, CISSP, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame's Mendoza College of Business and serves as the Academic Director of the University's Master of Science in Business Analytics program. He holds multiple additional certifications, including the CIPP/US, CySA+, CISM, PenTest+, and Security+. He is a bestselling author of more than 25 books including (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide,7th, 8th, and 9th Editions. David Seidl, CISSP, is Vice President for Information Technology and CIO at Miami University. During his IT career, he has served in a variety of technical and information security roles including serving at the Senior Director for Campus Technology Services at the University of Notre Dame where he co-led Notre Dame's move to the cloud. He holds multiple additional technical certifications including CySA+, Pentest+, GPEN, and GCIH. David has written books on security certification and cyberwarfare, including co-authoring the previous editions of CISSP (ISC)2 Official Practice Tests as well as multiple cybersecurity Sybex Study Guides and Practice Tests for other certifications.
Introduction xv
Chapter 1 Security and Risk Management (Domain 1) 1
Chapter 2 Asset Security (Domain 2) 25
Chapter 3 Security Architecture and Engineering (Domain 3) 49
Chapter 4 Communication and Network Security (Domain 4) 73
Chapter 5 Identity and Access Management (Domain 5) 97
Chapter 6 Security Assessment and Testing (Domain 6) 121
Chapter 7 Security Operations (Domain 7) 145
Chapter 8 Software Development Security (Domain 8) 169
Chapter 9 Practice Test 1 195
Chapter 10 Practice Test 2 225
Chapter 11 Practice Test 3 253
Chapter 12 Practice Test 4 283
Appendix Answers 311
Chapter 1: Security and Risk Management (Domain 1) 312
Chapter 2: Asset Security (Domain 2) 321
Chapter 3: Security Architecture and Engineering (Domain 3) 333
Chapter 4: Communication and Network Security (Domain 4) 342
Chapter 5: Identity and Access Management (Domain 5) 353
Chapter 6: Security Assessment and Testing (Domain 6) 365
Chapter 7: Security Operations (Domain 7) 377
Chapter 8: Software Development Security (Domain 8) 389
Chapter 9: Practice Test 1 400
Chapter 10: Practice Test 2 414
Chapter 11: Practice Test 3 428
Chapter 12: Practice Test 4 441
Index 457
Chapter 1
Security and Risk Management (Domain 1)
SUBDOMAINS
- 1.1 Understand, adhere to, and promote professional ethics
- 1.2 Understand and apply security concepts
- 1.3 Evaluate and apply security governance principles
- 1.4 Determine compliance and other requirements
- 1.5 Understand legal and regulatory issues that pertain to information security in a holistic context
- 1.6 Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)
- 1.7 Develop, document, and implement security policy, standards, procedures, and guidelines
- 1.8 Identify, analyze, and prioritize Business Continuity (BC) requirements
- 1.9 Contribute to and enforce personnel security policies and procedures
- 1.10 Understand and apply risk management concepts
- 1.11 Understand and apply threat modeling concepts and methodologies
- 1.12 Apply Supply Chain Risk Management (SCRM) concepts
- 1.13 Establish and maintain a security awareness, education, and training program
- Alyssa is responsible for her organization's security awareness program. She is concerned that changes in technology may make the content outdated. What control can she put in place to protect against this risk?
- Gamification
- Computer-based training
- Content reviews
- Live training
- Gavin is creating a report to management on the results of his most recent risk assessment. In his report, he would like to identify the remaining level of risk to the organization after adopting security controls. What term best describes this current level of risk?
- Inherent risk
- Residual risk
- Control risk
- Mitigated risk
- Francine is a security specialist for an online service provider in the United States. She recently received a claim from a copyright holder that a user is storing information on her service that violates the third party's copyright. What law governs the actions that Francine must take?
- Copyright Act
- Lanham Act
- Digital Millennium Copyright Act
- Gramm Leach Bliley Act
- FlyAway Travel has offices in both the European Union (EU) and the United States and transfers personal information between those offices regularly. They have recently received a request from an EU customer requesting that their account be terminated. Under the General Data Protection Regulation (GDPR), which requirement for processing personal information states that individuals may request that their data no longer be disseminated or processed?
- The right to access
- Privacy by design
- The right to be forgotten
- The right of data portability
- After conducting a qualitative risk assessment of her organization, Sally recommends purchasing cybersecurity breach insurance. What type of risk response behavior is she recommending?
- Accept
- Transfer
- Reduce
- Reject
- Which one of the following elements of information is not considered personally identifiable information that would trigger most United States (U.S.) state data breach laws?
- Student identification number
- Social Security number
- Driver's license number
- Credit card number
- Renee is speaking to her board of directors about their responsibilities to review cybersecurity controls. What rule requires that senior executives take personal responsibility for information security matters?
- Due diligence rule
- Personal liability rule
- Prudent man rule
- Due process rule
- Henry recently assisted one of his co-workers in preparing for the CISSP exam. During this process, Henry disclosed confidential information about the content of the exam, in violation of Canon IV of the Code of Ethics: “Advance and protect the profession.” Who may bring ethics charges against Henry for this violation?
- Anyone may bring charges.
- Any certified or licensed professional may bring charges.
- Only Henry's employer may bring charges.
- Only the affected employee may bring charges.
- Wanda is working with one of her organization's European Union business partners to facilitate the exchange of customer information. Wanda's organization is located in the United States. What would be the best method for Wanda to use to ensure GDPR compliance?
- Binding corporate rules
- Privacy Shield
- Standard contractual clauses
- Safe harbor
- Yolanda is the chief privacy officer for a financial institution and is researching privacy requirements related to customer checking accounts. Which one of the following laws is most likely to apply to this situation?
- GLBA
- SOX
- HIPAA
- FERPA
- Tim's organization recently received a contract to conduct sponsored research as a government contractor. What law now likely applies to the information systems involved in this contract?
- FISMA
- PCI DSS
- HIPAA
- GISRA
- Chris is advising travelers from his organization who will be visiting many different countries overseas. He is concerned about compliance with export control laws. Which of the following technologies is most likely to trigger these regulations?
- Memory chips
- Office productivity applications
- Hard drives
- Encryption software
- Bobbi is investigating a security incident and discovers that an attacker began with a normal user account but managed to exploit a system vulnerability to provide that account with administrative rights. What type of attack took place under the STRIDE threat model?
- Spoofing
- Repudiation
- Tampering
- Elevation of privilege
- You are completing your business continuity planning effort and have decided that you want to accept one of the risks. What should you do next?
- Implement new security controls to reduce the risk level.
- Design a disaster recovery plan.
- Repeat the business impact assessment.
- Document your decision-making process.
- You are completing a review of the controls used to protect a media storage facility in your organization and would like to properly categorize each control that is currently in place. Which of the following control categories accurately describe a fence around a facility? (Select all that apply.)
- Physical
- Detective
- Deterrent
- Preventive
- Tony is developing a business continuity plan and is having difficulty prioritizing resources because of the difficulty of combining information about tangible and intangible assets. What would be the most effective risk assessment approach for him to use?
- Quantitative risk assessment
- Qualitative risk assessment
- Neither quantitative nor qualitative risk assessment
- Combination of quantitative and qualitative risk assessment
- Vincent believes that a former employee took trade secret information from his firm and brought it with him to a competitor. He wants to pursue legal action. Under what law could he pursue charges?
- Copyright law
- Lanham Act
- Glass-Steagall Act
- Economic Espionage Act
- Which one of the following principles imposes a standard of care upon an individual that is broad and equivalent to what one would expect from a reasonable person under the circumstances?
- Due diligence
- Separation of duties
- Due care
- Least privilege
- Brenda's organization recently completed the acquisition of a competitor firm. Which one of the following tasks would be LEAST likely to be part of the organizational processes addressed during the acquisition?
- Consolidation of security functions
- Integration of security tools
- Protection of intellectual property
- Documentation of security policies
- Kelly believes that an employee engaged in the unauthorized use of computing resources for a side business. After consulting with management, she decides to launch an administrative investigation. What is the burden of proof that she must meet in this investigation?
- Preponderance of the evidence
- Beyond a reasonable doubt
- Beyond the shadow of a doubt
- There is no standard
- Keenan Systems recently developed a new manufacturing process for microprocessors. The company wants to license the technology to other companies for use but wants to prevent unauthorized use of the technology. What type of intellectual property protection is best suited for this situation?
- Patent
- Trade secret
- Copyright
- Trademark
- Which one of the following actions might be taken as part of a business continuity plan?
- Restoring from backup tapes
- Implementing RAID
- Relocating to a cold site
- Restarting business operations
- When developing a business impact analysis, the team should first create a list of assets. What should happen next?
- Identify vulnerabilities in each asset.
- Determine the risks facing the asset.
- Develop a value for...
Erscheint lt. Verlag | 16.6.2021 |
---|---|
Sprache | englisch |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
Informatik ► Weitere Themen ► Zertifizierung | |
Sozialwissenschaften ► Pädagogik | |
Schlagworte | Certification (MSCE, Novell, etc.) • CISSP • Prüfungsvorbereitung • Test Prep • Zertifizierung • Zertifizierung f. MSCE u. Novell |
ISBN-10 | 1-119-78764-5 / 1119787645 |
ISBN-13 | 978-1-119-78764-8 / 9781119787648 |
Haben Sie eine Frage zum Produkt? |
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich