Nicht aus der Schweiz? Besuchen Sie lehmanns.de
CISSP Study Guide -  Eric Conrad,  Joshua Feldman,  Seth Misenar

CISSP Study Guide (eBook)

eBook Download: PDF | EPUB
2012 | 2. Auflage
600 Seiten
Elsevier Science (Verlag)
978-1-59749-968-2 (ISBN)
Systemvoraussetzungen
Systemvoraussetzungen
45,95 inkl. MwSt
(CHF 44,85)
Der eBook-Verkauf erfolgt durch die Lehmanns Media GmbH (Berlin) zum Preis in Euro inkl. MwSt.
  • Download sofort lieferbar
  • Zahlungsarten anzeigen
The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. The newest edition of this acclaimed study guide is aligned to cover all of the material included in the newest version of the exam's Common Body of Knowledge. The ten domains are covered completely and as concisely as possible with an eye to acing the exam. Each of the ten domains has its own chapter that includes specially designed pedagogy to aid the test-taker in passing the exam, including: Clearly stated exam objectives; Unique terms/Definitions; Exam Warnings; Learning by Example; Hands-On Exercises; Chapter ending questions. Furthermore, special features include: Two practice exams; Tiered chapter ending questions that allow for a gradual learning curve; and a self-test appendix - Provides the most complete and effective study guide to prepare you for passing the CISSP exam-contains only what you need to pass the test, with no fluff! - Eric Conrad has prepared hundreds of professionals for passing the CISSP exam through SANS, a popular and well-known organization for information security professionals - Covers all of the new information in the Common Body of Knowledge updated in January 2012, and also provides two practice exams, tiered end-of-chapter questions for a gradual learning curve, and a complete self-test appendix

Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC, GMON, GISP), is a SANS fellow and Chief Technology Officer of Backshore Communications, which provides threat hunting, penetration testing, incident handling, and intrusion detection consulting services. Eric started his professional career in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and healthcare, in positions ranging from systems programmer to security engineer to HIPAA security officer and ISSO. He is coauthor of MGT414: SANS Training Program for the CISSP Certification, SEC511: Continuous Monitoring and Security Operations, and SEC542: Web App Penetration Testing and Ethical Hacking. Eric graduated from the SANS Technology Institute with a Master of Science degree in Information Security Engineering.
The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. The newest edition of this acclaimed study guide is aligned to cover all of the material included in the newest version of the exam's Common Body of Knowledge. The ten domains are covered completely and as concisely as possible with an eye to acing the exam. Each of the ten domains has its own chapter that includes specially designed pedagogy to aid the test-taker in passing the exam, including: Clearly stated exam objectives; Unique terms/Definitions; Exam Warnings; Learning by Example; Hands-On Exercises; Chapter ending questions. Furthermore, special features include: Two practice exams; Tiered chapter ending questions that allow for a gradual learning curve; and a self-test appendix- Provides the most complete and effective study guide to prepare you for passing the CISSP exam contains only what you need to pass the test, with no fluff!- Eric Conrad has prepared hundreds of professionals for passing the CISSP exam through SANS, a popular and well-known organization for information security professionals- Covers all of the new information in the Common Body of Knowledge updated in January 2012, and also provides two practice exams, tiered end-of-chapter questions for a gradual learning curve, and a complete self-test appendix

Chapter 1


Introduction


Exam objectives in this chapter


• How to Prepare for the Exam

• How to Take the Exam

• Good Luck!

This book is born out of real-world information security industry experience. The authors of this book have held the titles of systems administrator, systems programmer, network engineer/security engineer, security director, HIPAA security officer, ISSO, security consultant, instructor, and others.

This book is also born out of real-world instruction. We have logged countless road miles teaching information security classes to professionals around the world. We have taught thousands of students in hundreds of classes, both physically on most of the continents as well as online. Classes include CISSP®, of course, but also penetration testing, security essentials, hacker techniques, and information assurance boot camps, among others.

Good instructors know that students have spent time and money to be with them, and time can be the most precious. We respect our students and their time; we do not waste it. We teach our students what they need to know, and we do so as efficiently as possible.

This book is also a reaction to other books on the same subject. As the years have passed, the page counts of other books have grown, often exceeding 1000 pages. As Larry Wall once said, “There is more than one way to do it.”[1] Our experience tells us that there is another way. If we can teach someone with the proper experience how to pass the CISSP exam in a 6-day boot camp, is a 1000-page CISSP book really necessary?

We asked ourselves: What can we do that has not been done before? What can we do better or differently? Can we write a shorter book that gets to the point, respects our students’ time, and allows them to pass the exam?

We believe the answer is yes, and you are reading the result. We know what is important, and we will not waste your time. We have taken William Strunk’s advice to “omit needless words”[2] to heart. It is our mantra.

This book teaches you what you need to know and does so as concisely as possible.

How to Prepare for the Exam


Read this book, and understand it: all of it. If we cover a subject in this book, we are doing so because it is testable (unless noted otherwise). The exam is designed to test your understanding of the Common Body of Knowledge (CBK), which may be thought of as the universal language of information security professionals. It is said to be “a mile wide and two inches deep.” Formal terminology is critical: Pay attention to it.

The Common Body of Knowledge is updated occasionally, most recently in January 2012. This book has been updated to fully reflect the 2012 CBK. The (ISC)2® Candidate Information Bulletin (CIB) describes the current version of the exam; downloading and reading the CIB is a great exam preparation step. You may download it from https://www.isc2.org/cib/Default.aspx.

Learn the acronyms in this book and the words they represent, backward and forward. Both the glossary and index of this book are highly detailed and map from acronym to name. We did this because it is logical for a technical book and also to get you into the habit of understanding acronyms forward and backward.

Much of the exam question language can appear unclear at times. Formal terms from the Common Body of Knowledge can act as beacons to lead you through the more difficult questions, highlighting the words in the questions that really matter.

The CISSP exam is a management exam


Never forget that the CISSP exam is a management exam. Answer all questions as an information security manager would. Many questions are fuzzy and provide limited background; when asked for the best answer, you may think, “It depends.”

Think and answer like a manager. Suppose the exam states that you are concerned with network exploitation. If you are a professional penetration tester, you may wonder whether you are trying to launch an exploit or mitigate one. What does “concerned” mean? Your CSO is probably trying to mitigate network exploitation, and that is how you should answer on the exam.

The notes card approach


As you are studying, keep a “notes card” file for highly specific information that does not lend itself to immediate retention. A notes card is simply a text file (you can create it with a simple editor such as WordPad) that contains a condensed list of detailed information.

Populate your notes card file with any detailed information (which you do not already know from previous experience) that is important for the exam, such as the five levels of the Software Capability Maturity Model (CMM; covered in Chapter 5, Domain 4: Software Development Security), or the ITSEC and Common Criteria levels (covered in Chapter 7, Domain 6: Security Architecture and Design).

The goal of the notes card file is to avoid getting lost in the “weeds,” drowning in specific information that is difficult to retain on first sight. Keep your studies focused on core concepts, and copy specific details to the notes card file. When you are done, print the file. As your exam date nears, study your notes card file more closely. In the days before your exam, really focus on those details.

Practice tests


Quizzing can be the best way to gauge your understanding of this material and your readiness to take the exam. A wrong answer on a test question acts as a laser beam showing you what you know and, more importantly, what you do not know. Each chapter in this book has 15 practice test questions at the end, ranging from easy to medium to hard. The Self Test Appendix includes explanations for all correct and incorrect answers; these explanations are designed to help you understand why the answers you chose were marked correct or incorrect. This book’s companion website is located at http://booksite.syngress.com/companion/Conrad. It contains 500 questions written specifically for this book—two full practice exams. Use them. The companion site also contains 10 podcasts, each providing an overview of one of the ten domains of knowledge.

You should aim for at least 80% correct answers on any practice test. The real exam requires 700 out of 1000 points, but achieving over 80% correct on practice tests will give you some margin for error. Take these quizzes closed book, just as you will take the real exam. Pay careful attention to any wrong answers, and be sure to reread the relevant sections of this book. Identify any weaker domains (we all have them)—those domains where you consistently get more wrong answers than in others—and then focus your studies on those weak areas.

Time yourself while taking any practice exam. Aim to answer at a rate of at least one question per minute. You need to move faster than true exam pace because the actual exam questions may be more difficult and therefore take more time. If you are taking longer than that, practice more to improve your speed. Time management is critical on the exam, and running out of time usually equals failure.

Read the glossary


As you wrap up your studies, quickly read through the glossary toward the back of this book. It has over 1000 entries and is highly detailed by design. The glossary definitions should all be familiar concepts to you at this point.

If you see a glossary definition that is not clear or obvious to you, go back to the chapter it is based on and reread that material. Ask yourself, “Do I understand this concept enough to answer a question about it?”

Readiness checklist


These steps will serve as a readiness checklist as you near the exam day. If you remember to think like a manager, are consistently scoring over 80% on practice tests, are answering practice questions quickly, understand all glossary terms, and perform a final thorough read-through of your notes card, you are ready to go.

Taking the Exam


The CISSP exam was traditionally taken via paper-based testing: old-school paper and pencil. This has now changed to computer-based testing (CBT), which we will discuss shortly.

The exam has 250 questions and a 6-hour time limit. Six hours sounds like a long time, until you do the math: 250 questions in 360 minutes leaves less than a minute and a half to answer each question. The exam is long and can be grueling; it is also a race against time. Preparation is the key to success.

Steps to becoming a CISSP


Becoming a CISSP requires four steps:

1. Proper professional information security experience

2. Agreeing to the (ISC)2 code of ethics

3. Passing the CISSP exam

4. Endorsement by another CISSP

Additional details are available on the examination registration form available at www.isc2.org.

The exam currently requires 5 years of professional experience in 2 or more of the 10 domains of knowledge. Those domains are covered in Chapters 2 to 11 of this book. You may waive 1 year with a college degree or approved certification; see the examination registration form for more information.

You may pass the exam before you have enough professional experience and become an Associate of (ISC)2. Once you meet the experience requirement, you can then complete the process and become a CISSP.

The (ISC)2 code of ethics is discussed in Chapter 10, Domain 9: Legal, Regulations, Investigations, and...

Erscheint lt. Verlag 1.9.2012
Sprache englisch
Themenwelt Schulbuch / Wörterbuch Unterrichtsvorbereitung Unterrichts-Handreichungen
Informatik Netzwerke Sicherheit / Firewall
Informatik Weitere Themen Zertifizierung
Sozialwissenschaften Pädagogik
Wirtschaft Betriebswirtschaft / Management
ISBN-10 1-59749-968-4 / 1597499684
ISBN-13 978-1-59749-968-2 / 9781597499682
Haben Sie eine Frage zum Produkt?
PDFPDF (Adobe DRM)
Größe: 16,8 MB

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seiten­layout eignet sich die PDF besonders für Fach­bücher mit Spalten, Tabellen und Abbild­ungen. Eine PDF kann auf fast allen Geräten ange­zeigt werden, ist aber für kleine Displays (Smart­phone, eReader) nur einge­schränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

EPUBEPUB (Adobe DRM)
Größe: 15,2 MB

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belle­tristik und Sach­büchern. Der Fließ­text wird dynamisch an die Display- und Schrift­größe ange­passt. Auch für mobile Lese­geräte ist EPUB daher gut geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Mehr entdecken
aus dem Bereich
Das Praxishandbuch zu Krisenmanagement und Krisenkommunikation

von Holger Kaschner

eBook Download (2024)
Springer Fachmedien Wiesbaden (Verlag)
CHF 34,15
Methodische Kombination von IT-Strategie und IT-Reifegradmodell

von Markus Mangiapane; Roman P. Büchler

eBook Download (2024)
Springer Vieweg (Verlag)
CHF 41,95