Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide

Здесь есть возможность читать онлайн «Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide» — ознакомительный отрывок электронной книги совершенно бесплатно, а после прочтения отрывка купить полную версию. В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: unrecognised, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide: краткое содержание, описание и аннотация

Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.

CISSP Study Guide – fully updated for the 2021 CISSP Body of Knowledge  (ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you’ll need to successfully pass the CISSP exam. Combined, they’ve taught cybersecurity concepts to millions of students through their books, video courses, and live training programs. 
Along with the book, you also get access to Sybex's superior online interactive learning environment that includes: 
Over 900 new and improved practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam. More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam 
Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare. Coverage of all of the exam topics in the book means you'll be ready for: 
Security and Risk Management Asset Security Security Architecture and Engineering Communication and Network Security Identity and Access Management (IAM) Security Assessment and Testing Security Operations Software Development Security

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide — читать онлайн ознакомительный отрывок

Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.

Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

9 You have performed a risk assessment and determined the threats that represent the most significant concern to your organization. When evaluating safeguards, what is the rule that should be followed in most cases?The expected annual cost of asset loss should not exceed the annual costs of safeguards.The annual costs of safeguards should equal the value of the asset.The annual costs of safeguards should not exceed the expected annual cost of asset value loss.The annual costs of safeguards should not exceed 10 percent of the security budget.

10 During a risk management project, an evaluation of several controls determines that none are cost-effective in reducing the risk related to a specific important asset. What risk response is being exhibited by this situation?MitigationIgnoringAcceptanceAssignment

11 During the annual review of the company's deployed security infrastructure, you have been reevaluating each security control selection. How is the value of a safeguard to a company calculated?ALE before safeguard – ALE after implementing the safeguard – annual cost of safeguardALE before safeguard * ARO of safeguardALE after implementing safeguard + annual cost of safeguard – controls gapTotal risk – controls gap

12 Which of the following are valid definitions for risk? (Choose all that apply.)An assessment of probability, possibility, or chanceAnything that removes a vulnerability or protects against one or more specific threatsRisk = threat * vulnerabilityEvery instance of exposureThe presence of a vulnerability when a related threat exists

13 A new web application was installed onto the company's public web server last week. Over the weekend a malicious hacker was able to exploit the new code and gained access to data files hosted on the system. This is an example of what issue?Inherent riskRisk matrixQualitative assessmentResidual risk

14 Your organization is courting a new business partner. During the negotiations the other party defines several requirements of your organization's security that must be met prior to the signing of the SLA and business partners agreement (BPA). One of the requirements is that your organization demonstrate their level of achievement on the Risk Maturity Model (RMM). The requirement is specifically that a common or standardized risk framework is adopted organization-wide. Which of the five possible levels of RMM is being required of your organization?PreliminaryIntegratedDefinedOptimized

15 The Risk Management Framework (RMF) provides a disciplined, structured, and flexible process for managing security and privacy risk that includes information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring. The RMF has seven steps or phases. Which phase of the RMF focuses on determining whether system or common controls based on a determination that the risk to organizational operations and assets, individuals, other organizations, and the nation are reasonable?CategorizeAuthorizeAssessMonitor

16 Company proprietary data are discovered on a public social media posting by the CEO. While investigating, a significant number of similar emails were discovered to have been sent to employees, which included links to malicious sites. Some employees report that they had received similar messages to their personal email accounts as well. What improvements should the company implement to address this issue? (Choose two.)Deploy a web application firewall.Block access to personal email from the company network.Update the company email server.Implement multifactor authentication (MFA) on the company email server.Perform an access review of all company files.Prohibit access to social networks on company equipment.

17 What process or event is typically hosted by an organization and is targeted to groups of employees with similar job functions?EducationAwarenessTrainingTermination

18 Which of the following could be classified as a form of social engineering attack? (Choose all that apply.)A user logs in to their workstation and then decides to get a soda from the vending machine in the stairwell. As soon as the user walks away from their workstation, another person sits down at their desk and copies all the files from a local folder onto a network share.You receive an email warning about a dangerous new virus spreading across the internet. The message tells you to look for a specific file on your hard drive and delete it, since it indicates the presence of the virus.A website claims to offer free temporary access to their products and services but requires that you alter the configuration of your web browser and/or firewall in order to download the access software.A secretary receives a phone call from a person claiming to be a client who is running late to meet the CEO. The caller asks for the CEO's private cell phone number so that they can call them.

19 Often a _____________ is a member of a group who decides (or is assigned) to take charge of leading the adoption and integration of security concepts into the group's work activities. _____________ are often non-security employees who take up the mantle to encourage others to support and adopt more security practices and behaviors.CISO(s)Security champion(s)Security auditor(s)Custodian(s)

20 The CSO has expressed concern that after years of security training and awareness programs, the level of minor security violations has actually increased. A new security team member reviews the training materials and notices that it was crafted four years ago. They suggest that the materials be revised to be more engaging and to include elements that allow for the ability to earn recognition, team up with coworkers, and strive toward a common goal. They claim these efforts will improve security compliance and foster security behavior change. What is the approach that is being recommended?Program effectiveness evaluationOnboardingCompliance enforcementGamification

Chapter 3 Business Continuity Planning

THE CISSP EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:

Domain 1.0: Security and Risk Management1.8 Identify, analyze, and prioritize Business Continuity (BC) requirements1.8.1 Business Impact Analysis (BIA)1.8.2 Develop and document scope and plan

Domain 7.0: Security Operations7.13 Participate in Business Continuity (BC) planning and exercises

Despite our best intentions disasters of one form or another eventually strike - фото 33

Despite our best intentions, disasters of one form or another eventually strike every organization. Whether it's a natural disaster such as a hurricane, earthquake, or pandemic, or a person-made calamity such as a building fire, burst water pipe, or economic crisis, every organization will encounter events that threaten their operations or even their very existence.

Resilient organizations have plans and procedures in place to help mitigate the effects a disaster has on their continuing operations and to speed the return to normal operations. Recognizing the importance of planning for business continuity (BC) and disaster recovery (DR), the International Information System Security Certification Consortium (ISC) 2included these two processes in the objectives for the CISSP program. Knowledge of these fundamental topics will help you prepare for the exam and help you prepare your organization for the unexpected.

In this chapter, we'll explore the concepts behind business continuity planning (BCP). Chapter 18, “Disaster Recovery Planning,” will continue the discussion and delve into the specifics of the technical controls that organizations can put in place to restore operations as quickly as possible after disaster strikes.

Читать дальше
Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

Похожие книги на «(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide»

Представляем Вашему вниманию похожие книги на «(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.


Отзывы о книге «(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide»

Обсуждение, отзывы о книге «(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.

x