買這商品的人也買了...
-
$1,330$1,260 -
$1,792Understanding PKI: Concepts, Standards, and Deployment Considerations, 2/e (Hardcover)
-
$690$587 -
$780CMMI: Guidelines for Process Integration and Product Improvement (Harcover)
-
$590$466 -
$800$720 -
$2,060$1,957 -
$490$382 -
$990$782 -
$650$507 -
$550$468 -
$880$695 -
$680$537 -
$750$585 -
$490$417 -
$580$493 -
$390$332 -
$580$458 -
$890$757 -
$780$663 -
$580$493 -
$390$332 -
$650$507 -
$450$356 -
$720$569
商品描述
Description:
Learn what you need to know to master the CISSP security technology and the certification exam with the CISSP Exam Cram 2. A perfect compliment to larger study guides, the CISSP Exam Cram 2 is a great way to find out exactly what will be expected of you during the real exam. The book includes:
- Exam topic-focused chapters.
- Practice questions at the end of each chapter.
- Exam Alerts that highlight key terms and areas.
- Two full-length practice exams.
- An electronic test engine provided by MeasureUp on CD-ROM with additional practice exams.
- The "Cram Sheet" tearcard for last minute exam review.
Prepare for the CISSP certification exam with the proven Exam Cram 2 learning tools provided in the CISSP Exam Cram 2.
Table of Contents:
1. The CISSP Certification Exam.
Introduction.
Assessing Exam Readiness.
Taking the Exam.
Multiple-Choice Question Format.
Exam Strategy.
Question-Handling Strategies.
Mastering the Inner Game.
Need to Know More?
2. Physical Security.
Introduction.
Physical Security Risks.
Natural Disasters.
Man-Made Threats.
Emergency Situations.
Requirements for New Site Locations.
Location.
Construction.
Doors, Walls, Windows, and Ceilings.
Building Defense in Depth.
Perimeter Controls.
Server Placement.
Intrusion Detection.
Environmental Controls.
Electrical Power.
Uninterruptible Power Supply (UPS).
Equipment Life Cycle.
Fire Prevention, Detection, and Suppression.
Fire-Detection Equipment.
Fire Suppression.
Exam Prep Questions.
Answers to Exam Prep Questions.
Need to Know More?
3. Security-Management Practices.
Introduction.
The Risk of Poor Security Management.
The Role of CIA.
Risk Assessment.
Risk Management.
Policies, Procedures, Standards, Baselines, and Guidelines.
Security Policy.
Standards.
Baselines.
Guidelines.
Procedures.
Implementation.
Data Classification.
Roles and Responsibility.
Security Controls.
Training and Education.
Security Awareness.
Auditing Your Security Infrastructure.
Exam Prep Questions.
Answers to Exam Prep Questions.
Need to Know More?
4. Access-Control Systems and Methodology.
Introduction.
Threats Against Access Control.
Password Attacks.
Emanation Security.
Denial of Service/Distributed Denial of Service (DoS/DDoS).
Access-Control Types.
Administrative Controls.
Technical Controls.
Physical Controls.
Identification, Authentication, and Authorization.
Authentication.
Single Sign-On.
Kerberos.
SESAME.
Access-Control Models.
Data Access Controls.
Discretionary Access Control (DAC).
Mandatory Access Control (MAC).
Role-Based Access Control (RBAC).
Other Types of Access Controls.
Intrusion-Detection Systems (IDS).
Network-Based Intrusion-Detection Systems (NIDS).
Host-Based Intrusion-Detection Systems (HIDS).
Signature-Based and Behavior-Based IDS Systems.
Penetration Testing.
Honeypots.
Exam Prep Questions.
Answers to Exam Prep Questions.
Need to Know More?
5. System Architecture and Models.
Introduction.
Common Flaws in the Security Architecture.
Buffer Overflow.
Back Doors.
Asynchronous Attacks.
Covert Channels.
Incremental Attacks.
Computer System Architecture.
Central Processing Unit (CPU).
Storage Media.
Security Mechanisms.
Process Isolation.
Operation States.
Protection Rings.
Trusted Computer Base.
Security Models of Control.
Integrity.
Confidentiality.
Other Models.
Open and Closed Systems.
Documents and Guidelines.
The Rainbow Series.
The Red Book: Trusted Network Interpretation.
Information Technology Security Evaluation Criteria (ITSEC).
Common Criteria.
British Standard 7799.
System Validation.
Certification and Accreditation.
Exam Prep Questions.
Answers to Exam Prep Questions.
Need to Know More?
6. Telecommunications and Network Security.
Introduction.
Threats to Network Security.
DoS Attacks.
Disclosure Attacks.
Destruction, Alteration, or Theft.
LANs and Their Components.
LAN Communication Protocols.
Network Topologies.
LAN Cabling.
802.11 Wireless Networking.
Bluetooth.
WANS and Their Components.
Packet Switching.
Circuit Switching.
Network Models and Standards.
OSI Model.
TCP/IP.
Network Equipment.
Hubs.
Bridges.
Switches.
Routers.
Access Methods and Remote Connectivity.
Point-to-Point Protocol (PPP).
Password Authentication Protocol (PAP).
Virtual Private Networks (VPNs).
Remote Authentication Dial-in User Service (RADIUS).
Terminal Access Controller Access Control System (TACACS).
IPSec.
Message Privacy.
PGP.
S/MIME.
Privacy Enhanced Mail (PEM).
Network Access Controls.
Firewalls.
Demilitarized Zone (DMZ).
Exam Prep Questions.
Answers to Exam Prep Questions.
Need to Know More?
7. Applications and Systems-Development Security.
Introduction.
Malicious Code.
Viruses and Worms.
Buffer Overflow.
Denial of Service (DoS).
Distributed Denial of Service (DDoS).
Malformed Input (SQL Injection).
Spyware.
Back Doors and Trapdoors.
Change Detection.
Failure States.
The System Development Life Cycle.
Project Initiation.
Development and Acquisition.
Acceptance Testing/Implementation.
Operations/Maintenance.
Disposal.
Software-Development Methods.
The Waterfall Model.
The Spiral Model.
Joint Application Development (JAD).
Rapid Application Development (RAD).
Computer-Aided Software Engineering (CASE).
Change Management.
Programming Languages.
Object-Oriented Programming.
CORBA.
Database Management.
Transaction Processing.
Database Terms.
Data Warehousing.
Data Mining.
Knowledge Management.
Exam Prep Questions.
Answers to Exam Prep Questions.
Need to Know More?
8. Operations Security.
Introduction.
Hack Attacks.
Common Attack Methodologies.
Phreakers and Their Targets.
Operational Security.
New-Hire Orientation.
Separation of Duties.
Job Rotation.
Least Privilege.
Mandatory Vacations.
Termination.
Auditing and Monitoring.
Auditing.
Clipping Levels.
Intrusion Detection.
Keystroke Monitoring.
Facility Access Control.
Categories of Control.
Fax Control.
Ethical Hacking.
Penetration Testing.
Contingency Planning, Backup, and Recovery.
RAID.
Backups.
Exam Prep Questions.
Answers to Exam Prep Questions.
Need to Know More?
9. Business Continuity Planning.
Introduction.
The Risks of Poor Business Planning.
Business Continuity Management.
Business Continuity Plan (BCP).
Project Management and Initiation.
Business Impact Analysis (BIA).
Recovery Strategy.
Plan Design and Development.
Testing, Maintenance, Awareness, and Training.
Disaster Recovery Planning (DRP).
Alternative Sites and Hardware Backup.
Software Backups.
Exam Prep Questions.
Answers to Exam Prep Questions.
Need to Know More?
10. Law, Investigations, and Ethics.
Introduction.
Computer Crimes.
Software Piracy.
Terrorism.
Pornography.
Common Attacks.
Keystroke Logging.
Wiretapping.
Spoofing Attacks.
Manipulation Attacks.
Social Engineering.
Dumpster Diving.
Ethics.
ISC2 Code of Ethics.
Computer Ethics Institute.
Internet Activities Board.
International Property Laws.
Privacy Laws.
Parameters of Investigation.
Computer Crime Investigation.
Incident-Response Procedures.
Incident-Response Team.
Forensics.
Handling Evidence.
Drive Wiping.
Standardization of Forensic Procedures.
Major Legal Systems.
Evidence Types.
Trial.
Exam Prep Questions.
Answers to Exam Prep Questions.
Need to Know More?
11. Cryptography.
Introduction.
Cryptographic Basics.
History of Encryption.
Symmetric Encryption.
Data Encryption Standard (DES).
Triple-DES (3DES).
Advanced Encryption Standard (AES).
International Data Encryption Algorithm (IDEA).
Other Symmetric Algorithms.
Asymmetric Encryption.
RSA.
Diffie-Hellman.
El Gamal.
Elliptical Curve Cryptosystem (ECC).
Merkle-Hellman Knapsack.
Integrity and Authentication.
Message Digests.
MD Series.
Digital Signatures.
Steganography.
Public Key Infrastructure (PKI).
Certificate Authority (CA).
Registration Authority (RA).
Certificate Revocation List (CRL).
Digital Certificates.
The Client’s Role in PKI.
Cryptographic Services.
Secure Email.
Secure TCP/IP Protocols.
Cryptographic Attacks.
Exam Prep Questions.
Answers to Exam Prep Questions.
Need to Know More?
12. Practice Exam 1.
Practice Exam Questions.
13. Answers to Practice Exam 1.
Answer Key.
Answers to Practice Exam Questions.
14. Practice Exam 2.
Practice Exam Questions.
15. Answers to Practice Exam 2.
Answer Key.
Answers to Practice Exam Questions.
Appendix A: What’s on the CD.
Multiple Test Modes.
Study Mode.
Certification Mode.
Custom Mode.
Adaptive Mode.
Missed Question Mode.
Non-Duplicate Mode.
Question Types.
Random Questions and Order of Answers.
Detailed Explanations of Correct and Incorrect Answers.
Attention to Exam Objectives.
Installing the CD.
Creating a Shortcut to the MeasureUp Practice Tests.
Technical Support.
Glossary.
Index.
商品描述(中文翻譯)
**描述:**
學習掌握 CISSP 安全技術及認證考試所需的知識,使用《CISSP Exam Cram 2》。這本書是大型學習指南的完美補充,是了解在真正考試中對你期望的絕佳方式。書中包括:
- 專注於考試主題的章節。
- 每章結尾的練習題。
- 突顯關鍵術語和領域的考試警示。
- 兩套完整的練習考試。
- 由 MeasureUp 提供的電子測試引擎,包含額外的練習考試,隨附 CD-ROM。
- 用於考試前最後檢查的「Cram Sheet」撕卡。
使用《CISSP Exam Cram 2》中提供的經驗豐富的學習工具,為 CISSP 認證考試做好準備。
**目錄:**
1. CISSP 認證考試。
- 介紹。
- 評估考試準備情況。
- 參加考試。
- 多選題格式。
- 考試策略。
- 問題處理策略。
- 精通內心遊戲。
- 需要了解更多嗎?
2. 物理安全。
- 介紹。
- 物理安全風險。
- 自然災害。
- 人為威脅。
- 緊急情況。
- 新地點的要求。
- 地點。
- 建設。
- 門、牆、窗和天花板。
- 建築深度防禦。
- 周邊控制。
- 伺服器放置。
- 入侵檢測。
- 環境控制。
- 電力供應。
- 不間斷電源 (UPS)。
- 設備生命週期。
- 火災預防、檢測和撲滅。
- 火災檢測設備。
- 火災撲滅。
- 考試準備問題。
- 考試準備問題的答案。
- 需要了解更多嗎?
3. 安全管理實踐。
- 介紹。
- 不良安全管理的風險。
- CIA 的角色。
- 風險評估。
- 風險管理。
- 政策、程序、標準、基準和指導方針。
- 安全政策。
- 標準。
- 基準。
- 指導方針。
- 程序。
- 實施。
- 數據分類。
- 角色與責任。
- 安全控制。
- 培訓與教育。
- 安全意識。
- 審計你的安全基礎設施。
- 考試準備問題。
- 考試準備問題的答案。
- 需要了解更多嗎?
4. 存取控制系統與方法論。
- 介紹。
- 對存取控制的威脅。
- 密碼攻擊。
- 輻射安全。
- 拒絕服務/分散式拒絕服務 (DoS/DDoS)。
- 存取控制類型。
- 行政控制。
- 技術控制。
- 物理控制。
- 身份識別、認證和授權。
- 認證。
- 單一登入。
- Kerberos。
- SESAME。
- 存取控制模型。
- 數據存取控制。
- 自由存取控制 (DAC)。
- 強制存取控制 (MAC)。
- 基於角色的存取控制 (RBAC)。
- 其他類型的存取控制。
- 入侵檢測系統 (IDS)。
- 基於網路的入侵檢測系統 (NIDS)。
- 基於主機的入侵檢測系統 (HIDS)。
- 基於簽名和行為的 IDS 系統。
- 滲透測試。
- 蜜罐。
- 考試準備問題。
- 考試準備問題的答案。
- 需要了解更多嗎?
5.