ebook img

The Total CISSP Exam Prep Book: Practice Questions, Answers, and Test Taking Tips and Techniques PDF

310 Pages·2002·3.27 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview The Total CISSP Exam Prep Book: Practice Questions, Answers, and Test Taking Tips and Techniques

The Total CISSP® Exam Prep Book Practice Questions, Answers, and Test Taking Tips and Techniques OTHER AUERBACH PUBLICATIONS ABCs of IP Addressing Information Security Risk Analysis Gilbert Held Thomas R. Peltier ISBN: 0-8493-1144-6 ISBN: 0-8493-0880-1 Application Servers for E-Business Information Technology Control Lisa M. Lindgren and Audit ISBN: 0-8493-0827-5 Frederick Gallegos, Sandra Allen-Senft, and Daniel P. Manson Architectures for E-Business Systems ISBN: 0-8493-9994-7 Sanjiv Purba, Editor ISBN: 0-8493-1161-6 New Directions in Internet Management A Technical Guide to IPSec Virtual Sanjiv Purba, Editor Private Networks ISBN: 0-8493-1160-8 James S. Tiller ISBN: 0-8493-0876-3 New Directions in Project Management Paul C. Tinnirello, Editor Building an Information Security ISBN: 0-8493-1190-X Awareness Program Mark B. Desman A Practical Guide to Security ISBN: 0-8493-0116-5 Engineering and Information Assurance Computer Telephony Integration Debra Herrmann William Yarberry, Jr. ISBN: 0-8493-1163-2 ISBN: 0-8493-9995-5 The Privacy Papers: Cyber Crime Investigator’s Managing Technology and Consumers, Field Guide Employee, and Legislative Action Bruce Middleton Rebecca Herold ISBN: 0-8493-1192-6 ISBN: 0-8493-1248-5 Cyber Forensics: Secure Internet Practices: A Field Manual for Collecting, Best Practices for Securing Systems Examining, and Preserving Evidence in the Internet and e-Business Age of Computer Crimes Patrick McBride, Joday Patilla, Albert J. Marcella and Robert S. Greenfield, Craig Robinson, Peter Thermos, Editors and Edward P. Moser ISBN: 0-8493-0955-7 ISBN: 0-8493-1239-6 Information Security Architecture Securing and Controlling Cisco Routers Jan Killmeyer Tudor Peter T. Davis ISBN: 0-8493-9988-2 ISBN: 0-8493-1290-6 Information Security Management Securing E-Business Applications and Handbook, 4th Edition, Volume 1 Communications Harold F. Tipton and Micki Krause, Editors Jonathan S. Held and John R. Bowers ISBN: 0-8493-9829-0 ISBN: 0-8493-0963-8 Information Security Management Securing Windows NT/2000: Handbook, 4th Edition, Volume 2 From Policies to Firewalls Harold F. Tipton and Micki Krause, Editors Michael A. Simonyi ISBN: 0-8493-0800-3 ISBN: 0-8493-1261-2 Information Security Management TCP/IP Professional Reference Guide Handbook, 4th Edition, Volume 3 Gilbert Held Harold F. Tipton and Micki Krause, Editors ISBN: 0-8493-0824-0 ISBN: 0-8493-1127-6 The Complete Book of Middleware Information Security Policies, Judith Myerson Procedures, and Standards: ISBN: 0-8493-1272-8 Guidelines for Effective Information Security Management Thomas R. Peltier ISBN: 0-8493-1137-3 AUERBACH PUBLICATIONS www.auerbach-publications.com To Order Call: 1-800-272-7737 • Fax: 1-800-374-3401 E-mail: [email protected] The Total CISSP Exam ® Prep Book Practice Questions, Answers, and Test Taking Tips and Techniques THOMAS R. PELTIER PATRICK D. HOWARD AUERBACH PUBLICATIONS A CRC Press Company Boca Raton London New York Washington, D.C. AU1350 FMFrame Page iv Thursday, May 9, 2002 3:48 PM Library of Congress Cataloging-in-Publication Data Peltier, Thomas R. The total CISSP exam prep book : practice questions, answers, and test taking tips and techniques / Thomas R. Peltier, Patrick D. Howard. p. cm. Includes bibliographical references and index. ISBN 0-8493-1350-3 1. Computer networks--Security measures--Examinations--Study guides. 2. Electronic data processing personnel--Certification. I. Howard, Patrick D. II. Title. TK5105.59 .P454 2002 005.8--dc21 2002066436 This book contains information obtained from authentic and highly regarded sources. Reprinted material is quoted with permission, and sources are indicated. A wide variety of references are listed. Reasonable efforts have been made to publish reliable data and information, but the author and the publisher cannot assume responsibility for the validity of all materials or for the consequences of their use. Neither this book nor any part may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, microfilming, and recording, or by any information storage or retrieval system, without prior permission in writing from the publisher. The consent of CRC Press LLC does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific permission must be obtained in writing from CRC Press LLC for such copying. Direct all inquiries to CRC Press LLC, 2000 N.W. Corporate Blvd., Boca Raton, Florida 33431. Trademark Notice: (ISC)2 is a service mark and (CISSP) is a registered certification mark of the International Information System Security Certification Consortium, Inc. Other product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation, without intent to infringe. Visit the Auerbach Publications Web site at www.auerbach-publications.com © 2002 by CRC Press LLC Auerbach is an imprint of CRC Press LLC No claim to original U.S. Government works International Standard Book Number 0-8493-1350-3 Library of Congress Card Number 2002066436 Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 Printed on acid-free paper AU1350 FMFrame Page v Thursday, May 9, 2002 3:48 PM Contributors John A. Blackley, CISSP, a native of Scotland, completed his Bachelor’s degree in electrical engineering at Glasgow University in 1974. Since moving to the United States in 1982, his career has included 18 years in information security. John took his first information security position with a financial services company in Louisville, Kentucky. Starting with security administration, he gained the experience and breadth of knowledge to become the Director of Information Security and Business Contingency Planning. During that time, John also became a member of the faculty at Eastern Kentucky University — advising on the loss prevention program. Moving to Texas in 1992, John filled a similar position for one of the nation’s Fortune 100 corporations. He developed that organization’s Business Contingency Planning program and organized and was responsible for the development of every aspect of its comprehensive information security program. In 1995, John became Senior Consultant for Europe’s largest dedicated information security consultancy and carried out engagements for national and multi-national organizations in such locations as Seoul, Mauritius, Brussels, London, Lisbon, and Dublin. Returning to Texas in 1998, John is now Principal Security Architect for ThruPoint’s information security practice. As such, John provides direction and support to the salesforce and the engineers in information protection and availability matters, as well as undertaking significant security-related projects in his own right. John has published a number of articles in the business press and has been a speaker at conferences and seminars around the world. He teaches elements of preparation courses for the CISSP certification exam and addresses organization and management issues relating to the practice of information security. Bob Cartwright, CISSP, is president of Enterprise Security Solutions. He has more than 15 years of information systems security experience and a com- prehensive investment of 22 years within information systems. He has refer- ential expertise in information security program development, management, and hands-on implementation. He holds a bachelor’s degree in business v AU1350 FMFrame Page vi Thursday, May 9, 2002 3:48 PM vi The Total CISSP Exam Prep Book administration, an MBA in information systems, and is a Certified Information Systems Security Professional (CISSP). His experience in and dedication to information security has resulted in a member seat of the Computer Security Institute (CSI) Advisory Board, an internationally recognized name in virus response, and a permanent speaking invitation for a number of security conferences. Before starting his own security consulting firm, Bob was recruited into the Netigy Corporation to assume responsibility for the entire security life cycle as the regional practice manager. He was responsible for developing client relationships, identifying roles and appropriate security solutions for each client, and negotiating the terms and obligations and providing the delivery oversight to ensure on-time/on-budget projects. This required him to utilize his skills as a trusted security advisor, facilitator, and educator. Bob’s success as the regional practice manager relied heavily on his ability to build the proper team utilizing client and consultant resources, to maintain a presence as mentor to the team, and to operate within the dynamics of a diverse group of information technology personnel. Information security is a matter of trust. Bob has demonstrated his ability to establish trust with clients by using his international reputation as a subject matter expert. He consistently provides superior projects and timely confidential responses to sensitive client issues. Bob has built this trust with leadership and personal reputation and continues to seek the opportunity to increase that trust and presence with new clients. Terri Curran, CISSP, of QinetiQ TIM, has more than 26 years of information security and systems operations experience. Terri has been involved with information security consulting during the past several years in practice man- agement and development capacities. In her consulting career, Terri has developed and deployed security solutions for manufacturing, consumer goods, financial, and other Fortune 200-level companies. She provides indus- try-leading expertise in information security policies and awareness programs. Terri has provided extensive knowledge transfer to international companies in the areas of ISO/IEC 17799 and other international codes and regulations; security training; security change control integration; business recovery; inci- dent management; emergency response capabilities; and investigation man- agement. She is an experienced facilitator in the areas of information security problem identification, scope clarification, project planning, executive man- agement briefings, and measured success workshops. Prior to her consulting career, Terri was the Corporate Information Security Officer for The Gillette Company in Boston. She developed and implemented the framework for international information security deployment during nearly 20 years with the Company. Prior to joining Gillette, she held systems operations positions of increasing responsibility at Stride-Rite, Call-Data Systems (Grumman Aircraft), and Boston University. Terri is a frequent speaker at industry conferences, briefings, and meetings, and has authored for, and been quoted in, industry- leading journals and publications. She assisted with the development of the original Computer Crime and Security Certificate program at Northeastern University and has lectured at the collegiate level on computer privacy and AU1350 FMFrame Page vii Thursday, May 9, 2002 3:48 PM Contributors vii security. Terri is CISSP (Certified Information Systems Security Professional)- certified (June 1992). She additionally holds membership in the HTCIA (High Tech Crime Investigation Association), CFE (Certified Fraud Examiners), CSI (Computer Security Institute, former charter member of the CSI Peer Group), ISSA (Information Systems Security Association), and ASIS (American Society for Industrial Security). Terri anticipates acquiring the ASIS CPP (Certified Protection Professional) designation in 2002. Rebecca Herold, CISSP, CISA, FLMI, of QinetiQ TIM, has more than 13 years of information security experience. Rebecca is currently a trusted advisor for HIPAA compliance and remediation for a large international organization. Rebecca was the Global Security Practice SME for the Central Region for Netigy Corporation for almost two years. Prior to joining Netigy, Rebecca was Senior Systems Security Consultant at Principal Financial Group (PFG) where she was instrumental in developing the corporate information protection department. Some of her accomplishments there included creating the company’s infor- mation protection awareness program; creating the corporate anti-virus strategy and heading the first virus SWAT team; creating and maintaining information protection policies and procedures; and creating and implementing a Computer Incident Response Team (CIRT). Rebecca’s program received the CSI Out- standing Information Protection Program of the Year award in 1997. Rebecca has performed numerous information security projects for large and multina- tional organizations. She has also published numerous information security journal, magazine, and newsletter articles and has written a book on privacy entitled The Privacy Papers, (Auerbach Publications, 2001). Rebecca has given many presentations at conferences and seminars. She has a B.S. in math and computer science and an M.A. in computer science and education. Rebecca is a Certified Information Systems Security Professional (CISSP), a Certified Information Systems Auditor (CISA), and a Fellow of the Life Management Institute (FLMI). Rebecca has been a member of the Information Systems Audit and Control Association (ISACA) since 1990 and has held all board positions throughout her membership in the Iowa chapter. Rebecca is a charter member of the Iowa Infragard chapter. Patrick D. Howard, CISSP, is a senior information security consultant with QinetiQ TIM. He has more than 20 years of experience in information security. A former military police officer, Pat successful served in military positions in law enforcement, operations, physical security, and security management, retiring from the U.S. Army in 1992. Since then he has served as an information security consultant with several government contracting firms in the Washing- ton, D.C., area, including Comis Corp., PRC, and Troy Systems, supporting the Nuclear Regulatory Commission, U.S. Coast Guard, House of Representa- tives, and Departments of Agriculture, Labor, and Defense among others. Pat was formerly employed as a senior manager for Ernst & Young where he developed E&Y security consulting methodologies and created policies and standards for BankBoston, John Hancock Insurance, Textron, and Sprint. Most recently, he was manager for Netigy Corporation, where he performed risk AU1350 FMFrame Page viii Thursday, May 9, 2002 3:48 PM viii The Total CISSP Exam Prep Book analysis and policy/procedure development engagements with eSylvan, Ara- mark, Black & Decker, and other firms and government agencies. At Netigy, he was also charged with developing an innovative corporate security con- sultant certification (QeSA) program; he developed and delivered CISSP pre- paratory training to consultant and client personnel, and created corporate security consulting methodologies. Pat currently serves as an instructor for the Computer Security Institute, where he leads a team of subject matter experts conducting CISSP Prep for Success Workshops across the United States. He has recently written articles on the security policy life cycles that have been published in Data Security and in the Handbook for Information Security Management. Pat has a B.A. degree from the University of Oklahoma and an M.A. from Boston University. Carl Jackson, CISSP, is a Certified Information Systems Security Professional (CISSP) and brings more than 25 years of experience in the areas of information security, continuity planning, and information technology internal control reviews and audits. As the Vice President–Business Continuity Planning for QinetiQ Trusted Information Management Corporation, he is responsible for the continued development and oversight of QinetiQ Trusted Information Management methodologies and tools in the enterprisewide business conti- nuity planning arena, including network and E-business availability and recov- ery as well as for continuity planning practice management and oversight. Before joining QinetiQ-TIM, Mr. Jackson was a partner with Ernst & Young LLP where he served as the firm’s BCP Service Line Leader. Mr. Jackson has extensive consulting experience with numerous major organizations in multiple industries, including manufacturing, financial services, transportation, health care, technology, pharmaceutical, retail, aerospace, insurance, and professional sports management. He also has extensive business continuity planning experience as an information security practitioner, manager in the field of information security and business continuity planning, and as a university-level professor. Mr. Jackson was a founding board member and past-president of the Information Systems Security Association (ISSA) and is currently serving as the chairman of the International ISSA Board of Directors. Mr. Jackson is a past member and past Emeritus member of the Computer Security Institute (CSI) Advisory Council and is the recipient of the 1997 CSI Lifetime Achieve- ment Award. He has also served on the editorial and advisory boards of both the Contingency Planning Management (CPM) magazine and Datapro Reports on Information Security and is a frequent public speaker on these topics. Cheryl Jackson, CISSP, CBCP, is an information systems security professional with more than 20 years of progressive experience in information services. She is a Certified Information Systems Security Professional (CISSP), and her career includes experience in operations, systems administration, analysis, design, and implementation of end-to-end information security solutions. These comprehensive information security programs effectively combine per- sonnel, management and technology to assure confidentiality, integrity and availability of mission-critical business information. She is also a Certified AU1350 FMFrame Page ix Thursday, May 9, 2002 3:48 PM Contributors ix Business Continuity Planner (CBCP), and in this role has been responsible for every aspect of business continuity planning, including risk analysis, business impact analysis, and the design, testing, and implementation of business continuity plans, disaster recovery procedures, and crisis management plans. She has extensive consulting experience with major organizations in multiple industries, including investment banking, oil and gas, manufacturing, energy, transportation, and communication. She recently joined the ThruPoint Security Practice as an information protection subject matter expert and principal consultant. Cheryl was formerly part of the Netigy Global Security Practice as a manager on the team respon- sible for the continued development of methodologies and tools in the security management process arena. Her career also includes Perot Systems, as part of the Information Security and Business Continuity Teams, where she led a number of engagements for major clients to develop information security solutions and business continuity/crisis management/disaster recovery plans. Prior to that, she worked for The MinuteMaid Company, a division of the Coca-Cola Company, for ten years as a member of the Information Security team, responsible for design, implementation, and management of information security controls on all of the company computing platforms. Among her accomplishments at MinuteMaid, Jackson designed and implemented the com- pany’s first corporatewide information security program. She is currently serving on the board of directors for the South Texas ISSA Chapter. She is a former chairperson and emeritus member of the Computer Security Institute Advisory Council, past-president of the Southwest CA-ACF2 Users Group, and a frequent speaker at professional conferences and meetings. She is currently one of the tag team of experts serving as an instructor for the CISSP Prep for Success class. David Lynas, CISSP, is recognized one of the world’s leading authorities on information security strategy and architecture. He is a globally respected information security professional with a proven record of success and more than 20 years of practical experience in delivering some of the world’s most high-profile security solutions across almost every aspect of that multidisci- plined profession. David was the first European ever to present a keynote address to the annual Computer Security Institute conference and he was among the first Europeans to be accredited as a Certified Information Systems Security Professional (CISSP) by the International Information Systems Security Certification Consortium (ISC)2. He now personally sponsors CISSP examina- tions each year in Ireland. He is also the founder and chairman of the highly prestigious COSAC Information Security Symposium (http://www.cosac.net), now in its ninth year of providing a highly participative and interactive thought- leadership forum for experienced InfoSec managers and professionals. David has owned and directed successful information security consulting businesses for more than ten years. Originally responsible for information security at one of Ireland’s largest clearing banks, he founded the consulting company AKA Associates in 1991. Through a process of international mergers and acquisi- tions, he became operations director at Sherwood Associates Limited and

Description:
Until now, those preparing to take the Certified Information Systems Security Professional (CISSP) examination were not afforded the luxury of studying a single, easy-to-use manual. Written by ten subject matter experts (SMEs) - all CISSPs - this test prep book allows CISSP candidates to test their
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.