CISSP - .e-bookshelf.de
CISSP Practice
CISSP Practice2,250 QUESTIONS, ANSWERS,AND EXPLANATIONS FOR PASSING THE TESTS. Rao Vallabhaneni
CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the TestPublished byJohn Wiley & Sons, Inc.10475 Crosspoint BoulevardIndianapolis, IN 46256www.wiley.comCopyright 2011 by S. Rao VallabhaneniPublished simultaneously in CanadaISBN: 978-1-118-10594-8ISBN: 978-1-118-17612-2 (ebk)ISBN: 978-1-118-17613-9 (ebk)ISBN: 978-1-118-17614-6 (ebk)Manufactured in the United States of America10 9 8 7 6 5 4 3 2 1No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means,electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorizationthrough payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers,MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to thePermissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 7486008, or online at http://www.wiley.com/go/permissions.Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties withrespect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, includingwithout limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is soldwith the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services.If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred toin this work as a citation and/or a potential source of further information does not mean that the author or the publisherendorses the information the organization or website may provide or recommendations it may make. Further, readersshould be aware that Internet websites listed in this work may have changed or disappeared between when this work waswritten and when it is read.For general information on our other products and services please contact our Customer Care Department within theUnited States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be availablein electronic books.Library of Congress Control Number: 2011936911Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or itsaffiliates, in the United States and other countries, and may not be used without written permission. CISSP is a registeredtrademark of International Information Systems Security Certification Consortium, Inc. All other trademarks are theproperty of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned inthis book.
This book is dedicated to my parents who taught mefrom the beginning that education is the only thingthat endures.
ABOUT THE AUTHORS. RAO VALLABHANENI is an educator, author, publisher, consultant, and practitioner in the businessfield, with more than 30 years of management and teaching experience in manufacturing, finance,accounting, auditing, and information technology. He has authored more than 60 books, mostlystudy guides to help students prepare for for several professional certification exams, in various business functions. He earned four master’s degrees in management, accounting, industrial engineering,and chemical engineering, and holds 24 professional certifications in various business disciplines.He is a graduate of the Advanced Management Development Program at the University of Chicago’sGraduate School of Business.He is the recipient of the 2004 Joseph J. Wasserman Memorial Award for the distinguished contribution to the Information Systems Audit field, conferred by the New York Chapter of the InformationSystems Audit and Control Association (ISACA). He is the first independent author and publisher inthe CISSP Exam market to develop a comprehensive two-volume (Practice and Theory) reviewingproducts to help students prepare for the CISSP Exam in 2000. In addition to teaching undergraduateand graduate courses in business schools, he taught the Certified Information Systems Auditor (CISA)Exam and the Certified Internal Auditor (CIA) Exam review courses to prepare for these exams.
ABOUT THE TECHNICAL EDITORRONALD L. KRUTZ is a senior information system security consultant. He has over 30 years of expe-rience in distributed computing systems, computer architectures, real-time systems, informationassurance methodologies, and information security training. He holds B.S., M.S., and Ph.D. degreesin Electrical and Computer Engineering and is the author of best-selling texts in the area of information system security. Dr. Krutz is a Certified Information Systems Security Professional (CISSP)and Information Systems Security Engineering Professional (ISSEP).He coauthored the CISSP Prep Guide for John Wiley & Sons and is coauthor of the WileyAdvanced CISSP Prep Guide; CISSP Prep Guide, Gold Edition; Security Certification Guide;CISM Prep Guide; CISSP Prep Guide, 2nd Edition: Mastering CISSP and ISSEP; NetworkSecurity Bible, CISSP and CAP Prep Guide, Platinum Edition: Mastering CISSP and CAP;Certified Ethical Hacker (CEH) Prep Guide; Certified Secure Software Lifecycle Prep Guide,Cloud Security, and Web Commerce Security.He is also the author of Securing SCADA Systems and of three textbooks in the areas of microcomputer system design, computer interfacing, and computer architecture. Dr. Krutz has seven patentsin the area of digital systems and has published over 40 technical papers. Dr. Krutz is a RegisteredProfessional Engineer in Pennsylvania.
CREDITSEXECUTIVE EDITORCarol LongVICE PRESIDENT ANDEXECUTIVE PUBLISHERNeil EddePROJECT EDITORMaureen SpearsASSOCIATE PUBLISHERJim MinatelTECHNICAL EDITORRonald KrutzPROJECT COORDINATOR, COVERKatie CrockerSENIOR PRODUCTION EDITORDebra BanningerCOMPOSITORCOPY EDITORJoAnn Kolonick,Happenstance Type-O-RamaApostrophe Editing ServicesPROOFREADERMary Beth WakefieldKristy Eldredge,Word OneFREELANCER EDITORIAL MANAGERINDEXERRosemarie GrahamRobert SwansonMARKETING MANAGERCOVER IMAGEAshley Zurcher Peter Nguyen / iStockPhotoPRODUCTION MANAGERCOVER DESIGNERTim TateRyan SneedEDITORIAL MANAGERVICE PRESIDENT ANDEXECUTIVE GROUP PUBLISHERRichard Swadley
ACKNOWLEDGMENTSI WANT TO THANK the following organizations and institutions for enabling me to use their publications and reports. They were valuable and authoritative resources for developing the practice questions, answers, and explanations. ISC2, Inc., for the use of its Common Body of Knowledge described in the “CISSP CandidateInformation Bulletin,” January 1, 2012. National Institute of Standards and Technology (NIST), U.S. Department of Commerce,Gaithersburg, Maryland, for the use of various IT-related publications (FIPS, NISTIR, SP 500series, SP 800 series). National Communications System (NCS) and the U.S. Department of Defense (DOD) fortheir selected IT-related publications. U.S. Government Accountability Office (GAO), formerly known as General AccountingOffice, Washington, DC, for various IT-related reports and staff studies. Office of Technology Assessment (OTA), U.S. Congress, Washington, DC, for variouspublications in IT security and privacy in network technology. Office of Management and Budget (OMB), Washington, DC, for selected publications in ITsecurity and privacy. Federal Trade Commission (FTC), Washington, DC, at www.ftc.gov. Chief Information Officer (CIO) council, Washington, DC at www.cio.gov. Information Assurance Technical Framework (IATF), Release 3.1, National Security Agency(NSA), Fort Meade, Maryland, September 2002. Security Technical Implementation Guides (STIGs) by Defense Information Systems Agency(DISA) developed for the U.S. Department of Defense (DOD).I want to thank the following individuals for helping me to improve the content, quality, and completeness of this book: Dean Bushmiller, of Austin, Texas, for grouping the author’s questions and making theminto scenario-based questions and answers. Dean teaches the CISSP Exam and CISM Examreview classes to prepare for the exams. Carol A. Long, executive acquisitions editor at Wiley Publishing, Inc., for publishingthis book. Ronald Krutz (technical editor), Apostrophe Editing Services (copy editor) and all the peopleat Wiley who made this book possible.
CISSP PRACTICEPREFACEDomain 1: ACCESS CONTROLxvii1Scenario-Based Questions, Answers, and Explanations. . . . . . . . . . . . . . . . . . . . . 124Sources and References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128Domain 2: TELECOMMUNICATIONS AND NETWORK SECURITY129Traditional Questions, Answers, and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . 129Scenario-Based Questions, Answers, and Explanations. . . . . . . . . . . . . . . . . . . . . 263Sources and References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266Domain 3: INFORMATION SECURITY GOVERNANCE ANDRISK MANAGEMENT269Traditional Questions, Answers, and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . 269Scenario-Based Questions, Answers, and Explanations. . . . . . . . . . . . . . . . . . . . . 346Sources and References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350Domain 4: SOFTWARE DEVELOPMENT SECURITY351Traditional Questions, Answers, and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . 351Scenario-Based Questions, Answers, and Explanations. . . . . . . . . . . . . . . . . . . . 434Sources and References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437Domain 5: CRYPTOGRAPHY439Traditional Questions, Answers, and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . 439Scenario-Based Questions, Answers, and Explanations. . . . . . . . . . . . . . . . . . . . . 523Sources and References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525Domain 6: SECURITY ARCHITECTURE AND DESIGN527Traditional Questions, Answers, and Explanations . . . . . . . . . . . . . . . . . . . . . . . . 527Scenario-Based Questions, Answers, and Explanations. . . . . . . . . . . . . . . . . . . . . 607Sources and References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612
CONTENTSDomain 7: SECURITY OPERATIONS613Traditional Questions, Answers, and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . 613Scenario-Based Questions, Answers, and Explanations. . . . . . . . . . . . . . . . . . . . . 694Sources and References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 698Domain 8: BUSINESS CONTINUITY AND DISASTERRECOVERY PLANNING699Traditional Questions, Answers, and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . 699Scenario-Based Questions, Answers, and Explanations . . . . . . . . . . . . . . . . . . . . 740Sources and References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 742Domain 9: LEGAL, REGULATIONS, INVESTIGATIONS, ANDCOMPLIANCE743Traditional Questions, Answers, and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . 743Scenario-Based Questions, Answers, and Explanations. . . . . . . . . . . . . . . . . . . . . 823Sources and References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 825Domain 10: PHYSICAL AND ENVIRONMENTAL SECURITY827Traditional Questions, Answers, and Explanations . . . . . . . . . . . . . . . . . . . . . . . . 827Scenario-Based Questions, Answers, and Explanations. . . . . . . . . . . . . . . . . . . . . 863Sources and References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 866Appendix A: CISSP GLOSSARY 2012xvi867Appendix B: CISSP ACRONYMS AND ABBREVIATIONS 20121057INDEX1083
PREFACEThe purpose of CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test is tohelp the Certified Information Systems Security Professional (CISSP) examination candidates preparefor the exam by studying and practicing the sample test questions with the goal to succeed on the exam.A total of 2,250 traditional multiple-choice (M/C) questions, answers, and explanations are presented in this book. In addition, a total of 82 scenario-based M/C questions, answers, and explanations are taken from the traditional 2,250 questions and grouped into the scenario-based format togive a flavor to the scenario questions. Traditional questions contain one stem followed by one question set with four choices of a., b., c., and d., and scenario questions contain one stem followed byseveral question sets with four choices of a., b., c., and d. The scenario-based questions can focus onmore than one domain to test the comprehensive application of the subject matter in an integratedmanner whereas the traditional questions focus on a single domain.These 2,250 sample test practice questions are not duplicate questions and are not taken fromthe ISC2 or from anywhere else. The author developed these unique M/C questions for eachdomain based on the current CISSP Exam content specifications (see the “Description of the CISSPExamination” later in this preface). Each unique and insightful question focuses on a specific andnecessary depth and breadth of the subject matter covered in the CISSP Exam.The author sincerely believes that the more questions you practice, the better prepared you are totake the CISSP Exam with greater confidence because the real exam includes 250 questions. Thetotal number of 2,250 questions represents nine times the number of questions tested on the exam,thus providing a great value to the CISSP Exam candidate. This value is in the form of increasingthe chances to pass the CISSP Exam.Because ISC2 did not publish the percentage-weights for ten domains, the author has assigned thefollowing percentage-weights for each domain (for example, Domain 1 15%) based on what hethinks is important to the CISSP Exam candidate. These assigned weights are based on the author’sassumption that all the ten domains cannot receive equal weight in the exam due to the differencesin relative importance of these domains. These weights are assigned as a systematic way to distributethe 2,250 questions among the ten domains, as follows: Domain 1: Access Control (15%) Domain 2: Telecommunications and Network Security (15%) Domain 3: Information Security Governance and Risk Management (10%) Domain 4: Software Development Security (10%) Domain 5: Cryptography (10%) Domain 6: Security Architecture and Design (10%) Domain 7: Security Operations (10%)
PREFACE Domain 8: Business Continuity and Disaster Recovery Planning (5%) Domain 9: Legal, Regulations, Investigations, and Compliance (10%) Domain 10: Physical and Environmental Security (5%)The following table presents the number of traditional questions and scenario questions for each ofthe ten domains.DOMAINTRADITIONAL QUESTIONSSCENARIO QUESTIONS1338 (2,250 x 127Totals2,25082The real CISSP Exam consists of 250 M/C questions with four choices of a., b., c., and d. for eachquestion. There can be some scenario-based questions in addition to most of traditional questions.Regardless of the type of questions on the exam, there is only one correct answer (choice). You mustcomplete the entire CISSP Exam in one six-hour session. The scope of the CISSP Exam consists of thesubject matter covered in ten domains of this book, which is in accordance with the description of theCISSP Exam (content specifications) as defined in the ISC2’s “CISSP Candidate Information Bulletin”with an effective date of January 1, 2012. Note that these practice questions are also good for theCISSP Exam with an effective date of January 1, 2009 because we accommodated both effective dates(January 2009 and January 2012) due to their minor differences in the content specifications.With no bias intended and for the sake of simplicity, the pronoun “he” has been used throughoutthe book rather than “he/she” or “she.”—S. Rao VallabhaneniChicago, IllinoisAugust 2011xviii
PREFACEHOW TO STUDY FOR THE CISSP EXAMTo study for the CISSP Exam, follow these guidelines: Read the official description of the CISSP Exam at the end of this section. Read the glossary terms and acronyms found in Appendixes A and B at the back of this bookto become familiar with the technical terms and acronyms. Take the sample practice tests for each of the ten domains. If you score less than 75 percent for each domain, study the glossary terms again until youmaster the subject matter or score higher than 75 percent. Complete the scenario-based practice questions to integrate your learning and thought processes.The types of questions a candidate can expect to see on the CISSP Exam are mostly objective andtraditional multiple-choice questions and some scenario-based multiple-choice questions with onlyone choice as the correct answer. Answering these multiple-choice questions requires a significantamount of practice and effort.The following tips and techniques are helpful for answering the multiple-choice questions: Stay with your first impression of the correct choice. Know the subject area or topic. Don’t read too much into the question. Remember that all questions are independent of specific countries, products, practices, vendors, hardware, software, or industries. Read the last sentence of the question first, followed by all the choicesthen read the body ofthe question. Underline or circle the key words. Read the question twice (or read the underlined or circled key words twice) and watch fortip-off words such as not, except, all, every, always, never, least, or most that denote absoluteconditions. Don’t project the question into your own organizational environment, practices, policies,procedures, standards, and guidelines. Try to eliminate wrong choices quickly by striking or drawing a line through the choices orby using other ways convenient to you. When you are left with two probable choices after the process of elimination, take a bigpicture approach. For example, if choices a. and d. remain and choice d. could
The purpose of CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test is to help the Certified Information Systems Security Professional (CISSP) examination candidates prepare for the exam by studying and practicing the sample test questions with the goal to succeed on the exam.
Latest ISC exams,latest CISSP dumps,CISSP pdf,CISSP vce,CISSP dumps,CISSP exam questions,CISSP new questions,CISSP actual tests,CISSP practice tests,CISSP real exam questions Created Date: 2/12/2021 7:18:02 PM
Cissp cheat sheet all domains. Cissp cheat sheet 2022 pdf. Cissp cheat sheet 2022. Cissp cheat sheet domain 4. Cissp cheat sheet pdf. Cissp cheat sheet 2021. Cissp cheat sheet domain 1. Cissp cheat sheet reddit. We use cookies to offer you a better browsing experience, analyze site traffic, personalize content, and serve targeted advertisements.
CISSP Exam Questions ISC2 CISSP Certification Practice Exam 2 Know Your CISSP Certification Well: The CISSP is best suitable for candidates who want to gain knowledge in the ISC2 Cybersecurity. Before you start your CISSP preparation you may struggle to get all the crucial CISSP materials like syllabus, sample questions, study guide.
CISSP Practice Exam Features: * CISSP Questions and Answers Updated Frequently * CISSP Practice Questions Verified by Expert Senior Certified Staff * CISSP Most Realistic Questions that Guarantee you a Pass on Your FirstTry * CISSP Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year Powered by TCPDF (www.tcpdf.org)
CISSP Study Notes from CISSP Prep Guide These notes were prepared from the The CISSP Prep Guide: Mastering the Ten Domains of Computer Security by Ronald L. Krutz, Russell Dean Vines, Edward M. Stroz and are not intended to be a replacement to the book. In addition to the CISSP Prep Guide I used the following resources to prepare for the exam:
CISSP Study Notes from CISSP Prep Guide These notes were prepared from the The CISSP Prep Guide: Mastering the Ten Domains of Computer Security by Ronald L. Krutz, Russell Dean Vines, Edward M. Stroz and are not intended to be a replacement to the book. In addition to the CISSP Prep Guide I used the following resources to prepare for the exam:
CISSP Dumps, CISSP Braindumps, CISSP Real Exam Questions, CISSP Practice Test Created Date: 5/21/2019 12:41:58 AM .
the enterprise. Furthermore, a CISSP can hone their expertise in the specialized areas of Architecture, Engineering and/or Management by obtaining a CISSP Concentration. To earn the CISSP credential you must have five years of experience in two or more of the CISSP CBK domains, however, the SSCP provides a one year waiver for the CISSP.
