Skip to main content

CIW Security Professional Certification Bible

CIW Security Professional Certification Bible

Mandy Andress, Phil Cox, Ed Tittel

ISBN: 978-0-764-54822-2

Oct 2001

638 pages

Select type: Hardcover

Product not available for purchase

Description

CIW Security Professional Certification Bible follows Prosoft Training's curriculum and objectives for the CIW Security exam, while providing information to help security professionals on the job. It details areas such as encryption technologies, types of incidents and attacks, system and network security, TCP/IP, managing the network boundary, implementing firewalls, intrusion detection and prevention. This book also covers securing the operating system, securing user accounts and file resources, assessing risk, auditing, scanning and discovery, defeating network penetration, creating security control procedures.

Covers: Exam 1D0 470
Preface.

Acknowledgments.

PART I: Introducing Computer Security Concepts.

Chapter 1: A Security Primer.

Chapter 2: Basic Principles of System and Network Security.

Chapter 3: Using Encryption Technologies.

Chapter 4: Securing TCP/IP.

PART II: Network Security.

Chapter 5: Security Incidents and Attacks.

Chapter 6: Understanding Boundary Devices.

Chapter 7: Implementing Firewalls.

PART III: Operating System Security.

Chapter 8: Operating System Security Risks.

Chapter 9: Principles of Operating System Security.

Chapter 10: Operating System Hardening.

Chapter 11: Securing File Systems and Resources.

Chapter 12: Securing User Accounts.

PART IV: Intrusion Detection and Response.

Chapter 13: Defeating Network and Server Attacks and Penetration.

Chapter 14: Intrusion Detection and Prevention.

Chapter 15: intrusion Detection Systems.

Chapter 16: Handling Security Incidents.

PART V: Security Auditing, Analysis, and Intrusion Detection.

Chapter 17: Principle of Security Auditing.

Chapter 18: System Security Scanning and Discovery.

Chapter 19: Creating and Managing Security Control Procedures.

Chapter 20: Auditing System and Security Logs.

Chapter 21: Acting on Audit Results.

Appendix A: What's on the CD-ROM.

Appendix B: Objective Map.

Appendix C: Sample Exam.

Appendix D: Exam Tips.

Appendix E: Well-Known Ports.

Appendix F: Web Resources for Security Professionals.

Index.

End-User License Agreement.

CD-ROM Installation Instructions.
ChapterPageDetailsDatePrint Run
CD ID#49CD Question ID#49
Question: In implementing a security policy for the company, Dean is dividing resources into three categories: Level 1 - critical, Level 2 - significant, and Level 3 - routinely essential. Which of the following can be considered a Level 3 resource?

Answer 1: Developer desktop computers
Answer 2: E-mail server
Answer 3: WINS server
Answer 4: HR file server

Explanation: The systems that are not needed by the company on a daily basis are considered Level 3 resources. A desktop system is an example of a Level 3 resource. If the desktop goes down, a developer can use another system in the company.

Errata: A, Developer desktop computers is the correct answer, but the test says C is correct.
7/27/02

CD ID#50CD Question ID#50
Question: Brian wants to hide internal network addresses and pay for only one public IP address. He wants to use internal network numbers that will not be accessible on the Internet. What address range should work?

Answer 1: 172.16.0.0 - 172.31.255.255
Answer 2: 10.0.0.0 - 10.255.255.255
Answer 3: 192.168.0.0 - 192.168.255.255
Answer 4: 100.0.0.0 - 100.255.255.255

Explanation: 10.0.0.0 - 10.255.255.255 is a private network range set aside for internal networks and is not supposed to be advertised to the public Internet.

Errata: Since 172.16.0.0 - 172.31.255.255 and 192.168.0.0 - 192.168.255.255 are private IP ranges as well, answers A, B, and C are all correct. The test says only B is correct.
8/24/02