ISC2

CISSP - Certified Information Systems Security Professional 2015 (Course & Labs)

(CISSP-2015-complete)/ISBN:978-1-61691-719-7

This course includes
Lessons
TestPrep
Lab
CISSP - Certified Information Systems Security Professional 2015 (Course & Labs)

<

p dir="ltr">

Here's what you will get

The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks.

Lessons

20+ Lessons | 309+ Exercises | 234+ Quizzes | 636+ Flashcards | 132+ Glossary of terms

TestPrep

109+ Pre Assessment Questions | 3+ Full Length Tests | 100+ Post Assessment Questions | 300+ Practice Test Questions

Hands-On Labs

113+ LiveLab | 27+ Video tutorials | 33+ Minutes

Need guidance and support? Click here to check our Instructor Led Course.

Here's what you will learn

Download Course Outline

Lessons 1: Access Control

  • Access Control Overview
  • Identification and Authentication Techniques
  • Access Control Techniques
  • Authorization Mechanisms
  • Identity and Access Provisioning Life Cycle
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 2: Access Control Attacks and Monitoring

  • Understanding Access Control Attacks
  • Preventing Access Control Attacks
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 3: Secure Network Architecture and Securing Network Components

  • OSI Model
  • Secure Network Components
  • Cabling, Wireless, Topology, and Communications Technology
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 4: Secure Communications and Network Attacks

  • Network and Protocol Security Mechanisms
  • Virtual Private Network
  • Remote Access Security Management
  • Network Address Translation
  • Switching Technologies
  • WAN Technologies
  • Virtualization
  • Miscellaneous Security Control Characteristics
  • Manage Email Security
  • Secure Voice Communications
  • Security Boundaries
  • Network Attacks and Countermeasures
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 5: Security Governance Concepts, Principles, and Policies

  • Security Management Planning
  • Security Governance
  • Security Roles and Responsibilities
  • Protection Mechanisms
  • Privacy Requirements Compliance
  • Control Frameworks: Planning to Plan
  • Security Management Concepts and Principles
  • Develop and Implement Security Policy
  • Change Control/Management
  • Data Classification
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 6: Risk and Personnel Management

  • Manage Third-Party Governance
  • Risk Management
  • Manage Personnel Security
  • Develop and Manage Security Education, Training, and Awareness
  • Manage the Security Function
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 7: Software Development Security

  • Application Issues
  • Databases and Data Warehousing
  • Data/Information Storage
  • Knowledge-Based Systems
  • Systems Development Controls
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 8: Malicious Code and Application Attacks

  • Malicious Code
  • Password Attacks
  • Application Attacks
  • Web Application Security
  • Reconnaissance Attacks
  • Masquerading Attacks
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 9: Cryptography and Symmetric Key Algorithms

  • Historical Milestones in Cryptography
  • Cryptographic Basics
  • Modern Cryptography
  • Symmetric Cryptography
  • Cryptographic Life Cycle
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 10: PKI and Cryptographic Applications

  • Asymmetric Cryptography
  • Hash Functions
  • Digital Signatures
  • Public Key Infrastructure
  • Asymmetric Key Management
  • Applied Cryptography
  • Cryptographic Attacks
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 11: Principles of Security Models, Design, and Capabilities

  • Understand the Fundamental Concepts of Security Models
  • Objects and Subjects
  • Understand the Components of Information Systems Security Evaluation Models
  • Understand Security Capabilities Of Information Systems
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 12: Security Architecture Vulnerabilities, Threats, and Countermeasures

  • Computer Architecture
  • Avoiding Single Points of Failure
  • Distributed Architecture
  • Security Protection Mechanisms
  • Common Flaws and Security Issues
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 13: Security Operations

  • Security Operations Concepts
  • Resource Protection
  • Patch and Vulnerability Management
  • Change and Configuration Management
  • Security Audits and Reviews
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 14: Incident Management

  • Managing Incident Response
  • Implement Preventive Measures Against Attacks
  • Understand System Resilience and Fault Tolerance
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 15: Business Continuity Planning

  • Planning for Business Continuity
  • Project Scope and Planning
  • Business Impact Assessment
  • Continuity Planning
  • BCP Documentation
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 16: Disaster Recovery Planning

  • The Nature of Disaster
  • Recovery Strategy
  • Recovery Plan Development
  • Training and Documentation
  • Testing and Maintenance
  • Categories of Laws
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 17: Laws, Regulations, and Compliance

  • Laws
  • Compliance
  • Contracting and Procurement
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 18: Incidents and Ethics

  • Investigations
  • Major Categories of Computer Crime
  • Incident Handling
  • Ethics
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Lessons 19: Physical Security Requirements

  • Site and Facility Design Considerations
  • Forms of Physical Access Controls
  • Technical Controls
  • Environment and Life Safety
  • Equipment Failure
  • Privacy Responsibilities and Legal Requirements
  • Summary
  • Exam Essentials
  • Review All the Key Topics

Appendix A

Hands-on LAB Activities (Performance Labs)

Access Control

  • Identifying access control types
  • Disabling a service
  • Identifying drawbacks of Kerberos authentication
  • Identifying components of the Kerberos authentication protocol
  • Identifying authentication services
  • Creating a password for account
  • Configuring password policies
  • Enabling and disabling password expiration
  • Configuring NPS to provide RADIUS authentication
  • Configuring NPS network policy
  • Configuring the server
  • Creating and configuring a network
  • Identifying authorization mechanisms
  • Identifying responsibilities

Access Control Attacks and Monitoring

  • Identifying types of system attack
  • Identifying attacks
  • Identifying social engineering attacks
  • Filtering entries in Event Viewer
  • Viewing password hashes
  • Configuring audit policies
  • Viewing different event details
  • Identifying log types

Secure Network Architecture and Securing Network Components

  • Identifying OSI layer functions
  • Identifying OSI layers
  • Identifying connectionless communication
  • Identifying abbreviations for various Internet layer protocols
  • Identifying TCP/IP protocol layers
  • Identifying TCP/IP layers
  • Configuring IPv4 address
  • Identifying application layer protocols
  • Identifying steps in the encapsulation/decapsulation process
  • Identifying flag bit designator
  • Identifying gateway firewalls
  • Identifying hardware devices
  • Connecting Systems to the Internet Through a Firewall Router
  • Identifying firewall techniques
  • Identifying types of cable
  • Identifying components of a coaxial cable
  • Configuring Windows 7 wireless settings
  • Configuring SSID
  • Identifying network topologies
  • Identifying UTP categories
  • Identifying steps in CSMA technology
  • Identifying LAN sub technologies

Secure Communications and Network Attacks

  • Identifying secure communication protocols
  • Identifying authentication protocols
  • Creating a remote access VPN connection
  • Identifying VPN protocols
  • Connecting to a server using Remote Desktop Connection
  • Creating a dial-up connection
  • Understanding NAT
  • Identifying switching technology properties
  • Installing Windows Virtual PC
  • Identifying specialized protocols
  • Creating a virtual PC machine
  • Understanding transparency
  • Identifying security solutions
  • Identifying phreaker tools
  • Understanding security boundaries
  • Identifying types of Denial of Service attacks

Security Governance Concepts, Principles, and Policies

  • Identifying security management plans
  • Identifying protection mechanisms
  • Identifying steps in a classification scheme

Risk and Personnel Management

  • Identifying risk actions
  • Understanding elements of risk
  • Identifying steps in quantitative risk analysis

Software Development Security

  • Identifying types of malware
  • Understanding agents
  • Identifying keys in a database
  • Identifying storage types
  • Identifying stages in a waterfall lifecycle model
  • Identifying generations of languages
  • Understanding object-oriented programming terms
  • Identifying levels in Software Capability Maturity Model
  • Identifying testing methods
  • Identifying primary phases of SDLC

Malicious Code and Application Attacks

  • Identifying types of viruses
  • Understanding application attacks
  • Identifying types of viruses
  • Installing the AVG antivirus and scanning a drive

Cryptography and Symmetric Key Algorithms

  • Checking the integrity of messages through MAC values
  • Identifying asymmetric algorithms
  • Identifying cryptographic attacks

PKI and Cryptographic Applications

  • Identifying sequence of sender's process in digital signature system
  • Backing up an encryption certificate and key
  • Understanding PKCS standards

Principles of Security Models, Design, and Capabilities

  • Identifying Information models
  • Identifying TCSEC categories

Security Architecture Vulnerabilities, Threats, and Countermeasures

  • Identifying computer activities
  • Disabling the COM and parallel ports
  • Installing SDRAM and DDR memory modules
  • Connecting speakers to a computer
  • Connecting a keyboard, mouse, and monitor to a computer
  • Understanding process scheduler
  • Identifying RAID levels
  • Identifying service associated with cloud computing

Security Operations

  • Identifying terms associated with data destruction
  • Identifying steps within an effective patch management program
  • Identifying security reviews

Incident Management

  • Identifying steps in incident response management
  • Identifying sequence in which the IDS instructs the TCP to reset connections
  • Working with a host-based IDS
  • Identifying malicious attacks
  • Identifying RAID level characteristics

Business Continuity Planning

  • Identifying phases in BCP process
  • Identifying man-made threats

Disaster Recovery Planning

  • Identifying processing sites in disaster recovery plan
  • Identifying disaster recovery plan tests

Laws, Regulations, and Compliance

  • Identifying CFAA provisions

Incidents and Ethics

  • Identifying computer crime types

Physical Security Requirements

  • Identifying physical access control mechanisms
  • Identifying terms associated with power issues
  • Identifying primary stages of fire

Exam FAQs

USD 599

The exam contains 250 questions.

6 minutes

700

Test takers who do not pass the exam the first time will be able to retest after 30 days.  Test takers that fail a second time will need to wait 90 days prior to sitting for the exam again.  In the unfortunate event that a candidate fails a third time, the next available time to sit for the exam will be 180 days after the most recent exam attempt.  Candidates are eligible to sit for (ISC)² exams a maximum of 3 times within a calendar year.