Dear customers, please be informed that our shopping cart will be unavailable between August 21 and September 1, 2014, as we will be making some changes to serve you better. To minimise any possible delivery disruption, we encourage you to make your purchases before August 21. We appreciate your understanding and apologise for any inconvenience.

Wiley
Wiley.com
Print this page Share

The CISSP Prep Guide, Gold Edition

ISBN: 978-0-471-26802-4
976 pages
October 2002
The CISSP Prep Guide, Gold Edition (047126802X) cover image
  • The Gold Edition has been updated to include CISSP bonus questions never before published and advanced question and answer tutorial.
  • The CD-ROM contains 660 questions of which 360 have never before been available electronically.
  • All questions have been designed with Boson, the premier interactive test engine for technical books in the industry.
  • Authors are experts in the security certification field and have particular expertise in the CISSP Exam.
See More
Acknowledgments

Foreword

Introduction

About the Authors

Chapter 1. Security Management Practices

Sample Questions

Bonus Questions

Advanced Sample Questions

Chapter 2. Access Control Systems

Rationale

Controls

Identification and Authentication

Some Access Control Issues

Sample Questions

Bonus Questions

Advanced Sample Questions

Chapter 3. Telecommunications and Network Security

Our Goals

Domain Definition

Management Concepts

Sample Questions

Bonus Questions

Advanced Sample Questions

Chapter 4. Cryptography

Introduction

Cryptographic Technologies

Secret Key Cryptography (Symmetric Key)

Public (Asymmetric) Key Cryptosystems

Approaches to Escrowed Encryption

Internet Security Applications

Sample Questions

Bonus Questions

Advanced Sample Questions

Chapter 5. Security Architecture and Models

Security Architecture

Assurance

Information Security Models

Sample Questions

Bonus Questions

Advanced Sample Questions

Chapter 6. Operations Security

Our Goals

Domain Definition

Controls and Protections

Monitoring and Auditing

Threats and Vulnerabilities

Sample Questions

Bonus Questions

Advanced Sample Questions

Chapter 7. Applications and Systems Development

The Software Life Cycle

Development Process

The Software Capability Maturity Model (CMM)

Object-Oriented Systems

Artificial Intelligence Systems

Database Systems

Application Controls

Sample Questions

Bonus Questions

Advanced Sample Questions

Chapter 8. Business Continuity Planning and Disaster Recovery Planning

Our Goals

Domain Definition

Business Continuity Planning

Disaster Recovery Planning

Sample Questions

Bonus Questions

Advanced Sample Questions

Chapter 9. Law, Investigation, and Ethics

Types of Computer Crime

Law

Investigation

Liability

Ethics

Sample Questions

Bonus Questions

Advanced Sample Questions

Chapter 10. Physical Security

Our Goals

Domain Definition

Threats to Physical Security

Controls for Physical Security

Sample Questions

Bonus Questions

Advanced Sample Questions

Appendix A: A Process Approach to HIPAA Compliance through a HIPAA-CMM

Background

HIPAA Security Requirements Mappings to PAs

HPAs

Defining and Using the HIPAA-CMM

Conclusion

References

Appendix A: HIPAA-CMM PA Overview

Appendix B: Glossary (SSE-CMM v2.0)

Appendix C: The Ideal Approach to Process Improvement

Appendix D: SSE-CMM MAPPINGS and General Considerations

Appendix B: The NSA InfoSec Assessment Methodology

History of the NIPC

About the ISSO

The InfoSec Assessment Methodology

PDD#63

Appendix C: The Case for Ethical Hacking

Rationale

Roles and Responsibilities

Implementation

Summary

Appendix D: The Common Criteria

Common Criteria: Launching the International Standard

Glossary

For More Information

Appendix E: BS7799

Appendix F: HIPAA Updates

Scope

Title II Administrative Simplification

Conclusion

Appendix G: References for Further Study

Web Sites

Appendix H: Answers to Sample and Bonus Questions

Chapter 1-Security Management Practices

Chapter 2-Access Control Systems and Methodology

Chapter 3-Telecommunications and Network Security

Chapter 4-Cryptography

Chapter 5-Security Architecture and Models

Chapter 6-Operations Security

Chapter 7-Applications and Systems Development

Chapter 8-Business Continuity Planning-Disaster Recovery Planning

Chapter 9-Law, Investigation, and Ethics

Chapter 10-Physical Security

Appendix I: Answers to Advanced Sample Questions

Chapter 1-Security Management Practices

Chapter 2-Access Control Systems and Methodology

Chapter 3-Telecommunications and Network Security

Chapter 4-Cryptography

Chapter 5-Security Architecture and Models

Chapter 6-Operations Security

Chapter 7-Applications and Systems Development

Chapter 8-Business Continuity Planning-Disaster Recovery Planning

Chapter 9-Law, Investigation, and Ethics

Chapter 10-Physical Security

Notes

Appendix J: What's on the CD-ROM

Glossary of Terms and Acronyms

Index.
See More
RONALD L. KRUTZ is the Senior Information Security Consultant for Corbett Technologies, specializing in information assurance appraisal methodologies. He is a lead instructor for the CISSP CBK review seminars and former faculty R&D Director at Carnegie Mellon University Research Institute. He holds a PhD in computer engineering, is a registered professional engineer, and is a CISSP. He is the author of four previous Wiley books, including The CISSP Prep Guide.

RUSSELL DEAN VINES is President of The RDV Group, a New York-based security services firm. Previously, he was consulting manager, Security Services, Realtech Systems. Vines has been involved in computer security for fifteen years and has helped create the security design and architecture for Fortune 1000 companies worldwide, and consults regularly for the U.S. Government and the Department of Defense. He is a certified CISSP and CCNA, MCSE, MCNE, and NSA/IAM professional.
See More

Do you think you've discovered an error in this book? Please check the list of errata below to see if we've already addressed the error. If not, please submit the error via our Errata Form. We will attempt to verify your error; if you're right, we will post a correction below.

ChapterPageDetailsDatePrint Run
CD ID#57 CD Question ID#57
Question: RAID refers to the:

Answer 1: Redundant Arrays of Intelligent Disks
Answer 2: Redundant And fault tolerant Internetworking Devices
Answer 3: Rapid And Inexpensive Digital tape backup
Answer 4: Remote Administration of Internet Domains

Explanation: Chapter 3: Telecommunications and Network Security. The correct answer is a, Redundant Arrays of Intelligent Disks. The other acronyms do not exist.

Errata: The correct answer is A, however, it should read "Redundant Arrays of Inexpensive Disks"
1/1/03
CD ID#61 CD Question ID#61
Question: Which is NOT a property of a packet-switched network?

Answer 1: Packets are assigned sequence numbers
Answer 2: Characterized by "bursty" traffic
Answer 3: Connection-oriented network
Answer 4: Connectionless network

Explanation: Chapter 3: Telecommunications and Network Security. The correct answer is c. Packet-switched networks are considered connectionless networks; circuit-switched networks are considered connection-oriented.

Errata: The correct answer should be D, not C.
6/25/03
CD ID#85 CD Question ID#85
Question: Which is NOT a property of or issue with tape backup?

Answer 1: Slow data transfer during backups and restores
Answer 2: Server disk space utilization expands
Answer 3: The possibility that some data re-entry might need to be performed after a crash
Answer 4: One large disk created by using several disks

Explanation: Chapter 3: Telecommunications and Network Security. The correct answer is d. RAID level 0 striping is the process of creating a large disk out of several smaller disks.

Errata: The explanation does not go with this question. Sorry for any confusion this may have caused.
11/23/02
CD ID#269 CD Question ID#269
Question: Put the following steps in the qualitative scenario procedure in order:

Answer 1: The team prepares its findings and presents them to management.
Answer 2: A scenario is written to address each identified threat.
Answer 3: Business unit managers review the scenario for a reality check.
Answer 4: The team works through each scenario by using a threat, asset, and safeguard.

Explanation: Chapter 1 Security Management Practices. , c, d, a

Errata: The Answer selections were presented incorrectly. The answer is b,c,d,a
12/13/02
CD ID#277 CD Question ID#277
Question: Which one of the following statements is TRUE concerning the Terminal Access Controller Access Control System (TACACS) and TACACS+?

Answer 1: TACACS supports prompting for a password change.
Answer 2: TACACS+ employs tokens for two-factor, dynamic password authentication.
Answer 3: TACACS+ employs a user ID and static password.
Answer 4: TACACS employs tokens for two-factor, dynamic password authentication.

Explanation: Chapter 2: Access Control Systems and Methodology. The correct answer is b. TACACS employs a user ID and static password and does not support prompting for password change or the use of dynamic password tokens.

Errata: The correct answer is C, not B, as the explanation indicates.
4/3/03
CD ID#287 CD Question ID#287
Question: Which statement below about the difference between analog and digital signals is incorrect?

Answer 1: An analog signal produces an infinite waveform.
Answer 2: Analog signals cannot be used for data communications.
Answer 3: An analog signal can be varied by amplification.
Answer 4: A digital signal produces a saw-tooth wave form.

Explanation: Chapter 3: Telecommunications and Network Security. The correct answer is b. The other answers are all properties of analog or digital signals.

Errata: The Answer choice D should have stated "A digital signal produces a square wave form." Answer B is still the correct response.
3/12/03
CD ID#350 CD Question ID#350
Question: If C represents the cost of instituting safeguards in an information system and L is the estimated loss resulting from exploitation of the corresponding vulnerability, a legal liability exists if the safeguards are not implemented when:

Answer 1: C/L = a constant
Answer 2: C>L
Answer 3: C Answer 4: C/L = a constant

Explanation: Chapter 9: Law, Investigation, and Ethics. The correct answer is c. If the cost to implement the safeguards is less than the estimated loss that would occur if the corresponding vulnerability were successfully exploited, then a legal liability exists. The other answers are distracters.

Errata: The correct answer is C, which should read "C<L".
11/6/02
See More
Back to Top