CISSP Certification Study Guide
The six-hour CISSP certification exam is challenging, and it requires full comprehension of all the learning modules presented in the CISSP course curriculum. After completing our CISSP training course, you might feel that you’re ready to take on the CISSP exam, but in order to be as successful as possible we encourage you to complement your training with our free CISSP study guide. Explore and study topics in all 8 CISSP domains below so you can confidently tackle the exam.
Domain 1: Security and Risk Management
- Defining Security Management
- Threats, Vulnerabilities, and Attacks
- Risk Assessment & Management
- Risk Analysis Process
- Security Policies and Procedures
- The Objectives of a Security Policy
- Security Policy Implementation
- Information Classification in Security
- Computer Crimes and the Common Law System
- Computer Security, Privacy and Crime Laws
- Important Computer Privacy Laws
- Intellectual Property Law
- Liability Laws
- The Internet Activities Board (IAB) Ethics and the Internet
- The Computer Ethics Institute's Ten Commandments of Computer Ethics
- The U.S. Department of Health, Education and Welfare Code of Fair Information Practices
- The Organization for Economic Cooperation and Development (OECD)
- The (ISC)2 Code of Ethics
Domain 2: Asset Security
- Information Classification in Security
- Information Privacy and Privacy Laws
- Organizational Privacy Policies
- Privacy-Related Legislation and Guidelines
- Media Resource Protection and Security Controls
- Media Viability and Physical Access Controls
- Desktop Vulnerabilities and Safeguards
Domain 3: Security Architecture and Engineering
- Security Policy and Computer Architecture
- Using Security Mechanisms to Enhance Security
- Information Security Models
- Orange Book Controls
- Data Warehousing
- The Data Mining Process
- What is a Data Dictionary?
- Encryption in Cryptography
- Advanced Encryption Standard (Rinjndael)
- Digital Certificates: PKI
- Key Pair Usage
- Components of Public Key Infrastructure
- Private Key Protection
- Key Management Lifecycle
- Certification Expiration and Revocation List
- Software and Hardware Storage of Keys
- The M of N Control Policy
Domain 4: Communications and Network Security
- All About the Central Processing Unit (CPU)
- Types of Computer Memory
- All About Database Management
- Communication and Network Security
- Types of Networks
- Types of Network Topologies
- OSI Reference Model: Network Security
- Inter-OSI Layer Interaction
- TCP/IP Layers
- TCP/IP Protocols
- Transfer and Application Layer Protocols
- Point-to-Point Protocol (PPP)
- Point-to-Point Tunneling Protocol (PPTP)
- Layer 2 Tunneling Protocol (L2TP)
- IP Security Protocol (IPSec)
- Voice Communications in Network Security
- Using Coaxial Cables to Build Network
- Twisted Pair Cables Used to Build Networks
- Fiber Optic Cables
- Wireless Networks
- Use of Bluetooth in Networking
- Using IrDA in Networking
- Primary Networking Devices
- Types of Ethernet
- Tokens and Token Rings
- Areas of the Network
- Common Data Network Services
- Types of Data Networks
- WAN Technologies
- Network Address Translation
- Connecting Systems to a Remote Location
- All About VPNs: Applications and Remote Access
- Email Security
Domain 5: Identity and Access Management
- Access Control and Accountability
- Identification and Authentication
- Access Control Types
- Authentication Protocols
- Single Sign-On (SSO)
- Centralized Access Control
- Methods Used to Bypass Access Control
- Exploits and Attacks to Gain Control
- Covert Channel Analysis
- Access Control Methodologies and Remote Access Authentication Systems
- Remote Authentication Dial-In User Service (RADIUS) and DIAMETER
- Terminal Access Controller Access Control System
- About Physical Security
- Technical Physical Security Controls
- Administrative Physical Security Controls
- Security of Data Storage Devices
- Physical Access Controls
Domain 6: Security Assessment and Training
- Penetration Testing
- Alternative Methods for Testing Security
- Employees and Operational Security
- Security Education, Training and Awareness (SETA)
- Environmental and Personnel Safety
- Trusted Facility Management
- Trusted Recovery, Failure Preparation, and System Recovery
- Electromagnetic Interference (EMI) and Radio Frequency Interference (RFI)
- Database Recovery Definitions
- HVAC, Water and Fire Detection in Electronic-Heavy Environments
- Using Fire Suppression Systems to Protect Electronics
- Business Continuity Planning and Disaster Recovery Planning
- Business Continuity Planning: Project Scope and Planning
- Business Continuity Planning: The Continuity Planning Process
- Business Continuity Planning: Plan Approval and Implementation
- Business Continuity Planning: BCP Documentation
- Business Continuity Planning: Business Impact Assessment (BIA)
- Disaster Recovery: Disaster Categories
- Disaster Recovery: Recovery Strategies
- Disaster Recovery: Hot, Cold and Warm Sites
- Mutual Assistance Agreements (MAAs)
Domain 7: Security Operations
- Controls for Operational Security
- About Operations Controls
- Auditing, Monitoring, and Intrusion Detection
- Monitoring and Intrusion Detection
- Knowledge-Based and Behavior-Based IDS
- The Knowledge Management Tool
- Malicious Code, Viruses, and Worms
- Logic Bombs, Trojan Horses, and Active Content
- Computer Forensics
- The Computer Crime Investigation Process
Domain 8: Software Development Security
Basic Network Components
Which of the following is a component that provides resources over a network?
- Client
- LAN
- Router
- Server
Show answer and Breakdown
Answer: The correct answer is 4.
Breakdown: A server provides or “serves” up resources to a network. Examples of resources are access to email, pages on a web server, or files on a file server.
Answer: The correct answer is 4
Breakdown: A server provides or “serves” up resources to a network. Examples of resources are access to email, pages on a web server, or files on a file server.