ImageVerifierCode 换一换
格式:PDF , 页数:586 ,大小:12.50MB ,
资源ID:7034868      下载积分:20 文币
快捷下载
登录下载
邮箱/手机:
温馨提示:
快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。 如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝    微信支付   
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【https://www.wenkunet.com/d-7034868.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录   QQ登录   微博登录 

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(CISSP Practice Exams 最新官方习题集第四版(2016出版).pdf)为本站会员(nanchangxurui)主动上传,文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知文库网(发送邮件至13560552955@163.com或直接QQ联系客服),我们立即给予删除!

CISSP Practice Exams 最新官方习题集第四版(2016出版).pdf

1、ABOUTTHEAUTHORSShonHarris,CISSP,wasthefounderandCEOofShonHarrisSecurityLLCandLogicalSecurityLLC,asecurityconsultant,aformerengineerintheAirForcesInformationWarfareunit,aninstructor,andanauthor.Shonownedandranherowntrainingandconsultingcompaniesfor13yearspriortoherdeathin2014.SheconsultedwithFortune1

2、00corporationsandgovernmentagenciesonextensivesecurityissues.Sheauthoredthreebest-sellingCISSPbooks,wasacontributingauthortoGrayHatHacking:TheEthicalHackersHandbookandSecurityInformationandEventManagement(SIEM)Implementation,andatechnicaleditorforInformationSecurityMagazine.JonathanHam,CISSP,GSEC,GC

3、IA,GCIH,GMON,isanindependentconsultantwhospecializesinlarge-scaleenterprisesecurityissues,frompolicyandprocedure,throughteamselectionandtraining,toimplementingscalableprevention,detection,andresponsetechnologiesandtechniques.WithakeenunderstandingofROIandTCO(andanemphasisonreal-worldpracticeoverprod

4、ucts),hehashelpedhisclientsachievegreatersuccessforover20years,advisinginboththepublicandprivatesectors,fromsmallstartupstotheFortune50,andtheU.S.DepartmentofDefenseacrossmultipleengagedforces.Mr.HamhasbeencommissionedtoteachinvestigativetechniquestotheNSA,hastrainedNCISinvestigatorshowtouseintrusio

5、ndetectiontechnologies,hasperformedpacketanalysisfromafacilitymorethan2,000feetunderground,andhascharteredandtrainedtheCIRTforoneofthelargestU.S.civilianfederalagencies.Inadditiontohisprofessionalcertifications,Mr.HamisaCertifiedInstructorandAuthorwiththeSANSInstitute,andisamemberoftheGIACAdvisoryBo

6、ard.HehasalsoconsistentlybeenthehighestratedtraineratBlackHatevents,teachinghiscourseonNetworkForensics.Hisgroundbreakingtextbookonthetopicestablishedhimasapioneerinthefield.AformercombatmedicwiththeU.S.Navy/MarineCorps,Mr.Hamhasspentoveradecadepracticingadifferentkindofemergencyresponse,volunteerin

7、gandteachingforboththeNationalSkiPatrolandtheAmericanRedCross,asbothaSeniorPatrollerandInstructorandaProfessionalRescuer.ANotefromJonathanShonandInevermetinperson,thoughmycareerhasbeeninextricablylinkedtohersformorethanadecade.ThefirsttimeIwaseveraskedtoteachaclassfortheSANSInstitutewasbecauseShonwa

8、sscheduledandcouldntmakeit.IwentontoteachSANSextremelypopularCISSPprepcourse(Mgt414)dozensoftimes,andmystudentsroutinelybroughtherbookstomyclassroom.Asaresult,Ivegoneontoteachthousandsofstudentsatboththegraduateandpost-graduatelevel,acrosssixcontinentsandindozensofcountries,andinvolvingcontentrangin

9、gfromhackingtechniquestoforensicinvestigations.ThankstoShon,IamtrulylivingthedreamandgivingitbackineverywaythatIcan.IamalsoextremelyhonoredtohavebeenaskedbyMcGraw-HillEducationtocontinueherwork.WehadsoverymanyfriendsincommonthatnearlyeveryoneIknowprofessionallyencouragedmetodoit.Shewillberememberedw

10、iththerespectofthousandsofCISSPs.Andmine.AbouttheTechnicalEditorDanielCarter,CISSP,CCSP,CISM,CISA,has20yearsofexperienceintheITandsecurityworlds,workinginboththehighereducationandhealthcaresectors,onthestateandfederallevels.HeiscurrentlyaSystemsSecurityOfficerinU.S.FederalHealthcareforHPEnterprise.H

11、ehasworkedextensivelyonbothsecurityandarchitectureforpublicwebsystemsfortheCentersforMedicare&MedicaidServices(CMS),includingofficialwebsitesforMedicareandtheAffordableCareAct.PriortoworkatHPEandCMS,DanielworkedinEnterpriseInformationSystemsfortheUniversityofMarylandonsystemsrangingfromofficialunive

12、rsitywebsites,identityandauthenticationsystems,e-mailandcalendaring,andtheuniversitysPKIinfrastructure.Copyright2016byMcGraw-HillEducation.Allrightsreserved.ExceptaspermittedundertheUnitedStatesCopyrightActof1976,nopartofthispublicationmaybereproducedordistributedinanyformorbyanymeans,orstoredinadat

13、abaseorretrievalsystem,withoutthepriorwrittenpermissionofthepublisher.ISBN:978-1-25-958508-1MHID:1-25-958508-5ThematerialinthiseBookalsoappearsintheprintversionofthistitle:ISBN:978-1-25-958596-8,MHID:1-25-958596-4.eBookconversionbycodeMantraVersion1.0Alltrademarksaretrademarksoftheirrespectiveowners

14、.Ratherthanputatrademarksymbolaftereveryoccurrenceofatrademarkedname,weusenamesinaneditorialfashiononly,andtothebenefitofthetrademarkowner,withnointentionofinfringementofthetrademark.Wheresuchdesignationsappearinthisbook,theyhavebeenprintedwithinitialcaps.McGraw-HillEducationeBooksareavailableatspec

15、ialquantitydiscountstouseaspremiumsandsalespromotionsorforuseincorporatetrainingprograms.Tocontactarepresentative,pleasevisittheContactU.InformationhasbeenobtainedbyMcGraw-HillEducationfromsourcesbelievedtobereliable.However,becauseofthepossibilityofhumanormechanicalerrorbyoursources,McGraw-HillEduc

16、ation,orothers,McGraw-HillEducationdoesnotguaranteetheaccuracy,adequacy,orcompletenessofanyinformationandisnotresponsibleforanyerrorsoromissionsortheresultsobtainedfromtheuseofsuchinformation.TERMSOFUSEThisisacopyrightedworkandMcGraw-HillEducationanditslicensorsreserveallrightsinandtothework.Useofth

17、isworkissubjecttotheseterms.ExceptaspermittedundertheCopyrightActof1976andtherighttostoreandretrieveonecopyofthework,youmaynotdecompile,disassemble,reverseengineer,reproduce,modify,createderivativeworksbasedupon,transmit,distribute,disseminate,sell,publishorsublicensetheworkoranypartofitwithoutMcGra

18、w-HillEducationspriorconsent.Youmayusetheworkforyourownnoncommercialandpersonaluse;anyotheruseoftheworkisstrictlyprohibited.Yourrighttousetheworkmaybeterminatedifyoufailtocomplywiththeseterms.THEWORKISPROVIDED“ASIS.”McGRAW-HILLEDUCATIONANDITSLICENSORSMAKENOGUARANTEESORWARRANTIESASTOTHEACCURACY,ADEQU

19、ACYORCOMPLETENESSOFORRESULTSTOBEOBTAINEDFROMUSINGTHEWORK,INCLUDINGANYINFORMATIONTHATCANBEACCESSEDTHROUGHTHEWORKVIAHYPERLINKOROTHERWISE,ANDEXPRESSLYDISCLAIMANYWARRANTY,EXPRESSORIMPLIED,INCLUDINGBUTNOTLIMITEDTOIMPLIEDWARRANTIESOFMERCHANTABILITYORFITNESSFORAPARTICULARPURPOSE.McGraw-HillEducationanditsl

20、icensorsdonotwarrantorguaranteethatthefunctionscontainedintheworkwillmeetyourrequirementsorthatitsoperationwillbeuninterruptedorerrorfree.NeitherMcGraw-HillEducationnoritslicensorsshallbeliabletoyouoranyoneelseforanyinaccuracy,errororomission,regardlessofcause,intheworkorforanydamagesresultingtheref

21、rom.McGraw-HillEducationhasnoresponsibilityforthecontentofanyinformationaccessedthroughthework.UndernocircumstancesshallMcGraw-HillEducationand/oritslicensorsbeliableforanyindirect,incidental,special,punitive,consequentialorsimilardamagesthatresultfromtheuseoforinabilitytousethework,evenifanyofthemh

22、asbeenadvisedofthepossibilityofsuchdamages.Thislimitationofliabilityshallapplytoanyclaimorcausewhatsoeverwhethersuchclaimorcausearisesincontract,tortorotherwise.IthasbeenattheexpenseofmytribethatIhavemanagedtocontinueShonswork.Ihonorthembynamehere,aselsewhere:436861726C6965204D617269652048616D0D0A56

23、696F6C65742044616E67657220576573740D0A5468756E646572204772657920576573740D0A50616F6C6120436563696C696120476172636961204A756172657A0D0ATheyarebeautifulandbrillianteach,andlovedmorethantheymayeverknow.JonathanHam,April13,2016CONTENTSPrefaceIntroductionChapter1SecurityandRiskManagementChapter2AssetSecu

24、rityChapter3SecurityEngineeringChapter4CommunicationandNetworkSecurityChapter5IdentityandAccessManagementChapter6SecurityAssessmentandTestingChapter7SecurityOperationsChapter8SoftwareDevelopmentSecurityAppendixAbouttheDownloadIndexPREFACEComputer,information,andphysicalsecurityarebecomingmoreimporta

25、ntatanexponentialrate.Overthelastfewyears,thenecessityforcomputerandinformationsecurityhasgrownrapidlyascyberattackshaveincreased,financialinformationisbeingstolenatarapidpace,cyberwarfareisaffectingcountriesaroundtheworld,andtodaysmalwareisgrowingexponentiallyinitssophisticationanddominatingourthre

26、atlandscape.Theworldscontinuousdependencyupontechnologyandtherapidincreaseinthecomplexitiesofthesetechnologiesmakesecuringthemachallengingandimportanttask.Companieshavehadtospendmillionsofdollarstocleanuptheeffectsoftheseissuesandmillionsofdollarsmoretosecuretheirperimeterandinternalnetworkswithequi

27、pment,software,consultants,andeducation.Ournetworkedenvironmentsnolongerhavetrueboundaries;theintegrationofmobiledeviceshasintroducedmoreattacksurfaces;andtheattackersarecommonlywellfunded,organized,andfocusedontheirintendedvictims.Thenecessityandurgencyforsecurityhaveledtoanewparadigmemerging.Itiss

28、lowlybecomingapparentthatgovernments,nations,andsocietiesarevulnerabletomanydifferenttypesofattacksthatcanhappenoverthenetworkwireandairwaves.Societiesdependheavilyonalltypesofcomputingpowerandfunctionality,mostlyprovidedbythepublicandprivatesectors.Thismeansthatalthoughgovernmentsareresponsibleforp

29、rotectingtheircitizens,itisbecomingapparentthatthecitizensandtheirbusinessesmustbecomemoresecuretoprotectthenationasawhole.Thistypeofprotectioncanreallyonlybeginthroughpropereducationandunderstanding,andmustcontinuewiththededicatedexecutionofthisknowledge.Thisbookiswrittentoprovideafoundationinthema

30、nydifferentareasthatmakeupeffectivesecurity.Weneedtounderstandallofthethreatsanddangerswearevulnerabletoandthestepsthatmustbetakentomitigatethesevulnerabilities.INTRODUCTIONTheobjectiveofthisbookistoprepareyoufortheCISSPexambyfamiliarizingyouwiththemoredifficulttypesofquestionsthatmaycomeupontheexam

31、.ThequestionsinthisbookdelveintothemorecomplextopicsoftheCISSPCommonBodyofKnowledge(CBK)thatyoumaybefacedwithwhenyoutaketheexam.ThisbookhasbeendevelopedtobeusedintandemwiththeCISSPAll-in-OneExamGuide,SeventhEdition.Thebestapproachtopreparefortheexamusingallofthematerialavailabletoyouisoutlinedhere:1

32、.Reviewthequestionsandanswerexplanationsineachchapter.2.Iffurtherreviewisrequired,readthecorrespondingchapter(s)intheCISSPAll-in-OneExamGuide,SeventhEdition.3.Reviewalloftheadditionalquestionsthatareavailable.Seethe“AdditionalQuestionsAvailable”sectionattheendofthisintroduction.Becausetheprimaryfocu

33、softhisbookistohelpyoupasstheexam,thequestionsincludedcoveralleightCISSPexamdomains.Eachquestionfeaturesadetailedexplanationastowhyoneanswerchoiceisthecorrectanswerandwhyeachoftheotherchoicesisincorrect.Becauseofthis,webelievethisbookwillserveasavaluableprofessionalresourceafteryourexam.InThisBookTh

34、isbookhasbeenorganizedsothateachchapterconsistsofabatteryofpracticeexamquestionsrepresentingasingleCISSPexamdomain,appropriateforexperiencedinformationsecurityprofessionals.Eachpracticeexamquestionfeaturesanswerexplanationsthatprovidetheemphasisonthe“why”aswellasthe“how-to”ofworkingwithandsupporting

35、thetechnologyandconcepts.InEveryChapterIncludedineachchapterarefeaturesthatcallyourattentiontothekeystepsofthetestingandreviewprocessandthatprovidehelpfulexam-takinghints.Takealookatwhatyoullfindineverychapter:EverychapterincludespracticeexamquestionsfromoneCISSPCBKSecurityDomain.Drilldownonthequest

36、ionsfromeachdomainthatyouwillneedtoknowhowtoanswerinordertopasstheexam.ThePracticeExamQuestionsaresimilartothosefoundontheactualCISSPexamandaremeanttopresentyouwithsomeofthemostcommonandconfusingproblemsthatyoumayencounterwhentakingtheactualexam.Thesequestionsaredesignedtohelpyouanticipatewhattheexa

37、mwillemphasize.Gettinginsidetheexamwithgoodpracticequestionswillhelpensureyouknowwhatyouneedtoknowtopasstheexam.EachchapterincludesaQuickAnswerKey,whichprovidesthequestionnumberandthecorrespondingletterforthecorrectanswerchoice.Thisallowsyoutoscoreyouranswersquicklybeforeyoubeginyourreview.Eachquest

38、ionincludesanIn-DepthAnswerExplanationexplanationsareprovidedforboththecorrectandincorrectanswerchoicesandcanbefoundattheendofeachchapter.Byreadingtheanswerexplanations,youllreinforcewhatyouvelearnedfromansweringthequestionsinthatchapter,whilealsobecomingfamiliarwiththestructureoftheexamquestions.Ad

39、ditionalQuestionsAvailableInadditiontothequestionsineachchapter,therearemorethan1,000multiple-choicepracticeexamquestionsavailabletoyou.Alsoavailablearesimulatedhotspotanddrag-and-droptypequestions.Formoreinformationonthesequestiontypesandhowtoaccessthem,pleaserefertotheappendix.CHAPTER1SecurityandR

40、iskManagementThisdomainincludesquestionsfromthefollowingtopics:SecurityterminologyandprinciplesProtectioncontroltypesSecurityframeworks,models,standards,andbestpracticesComputerlawsandcrimesIntellectualpropertyDatabreachesRiskmanagementThreatmodelingBusinesscontinuityanddisasterrecoveryPersonnelsecu

41、ritySecuritygovernanceAsecurityprofessionalsresponsibilitiesextendwellbeyondreactingtothelatestnewsheadlinesofanewexploitorsecuritybreach.Theday-to-dayresponsibilitiesofsecurityprofessionalsarefarlessexcitingonthesurfacebutarevitaltokeepingorganizationsprotectedagainstintrusionssothattheydontbecomet

42、henextheadline.Theroleofsecuritywithinanorganizationisacomplexone,asittoucheseveryemployeeandmustbemanagedcompanywide.Itisimportantthatyouhaveanunderstandingofsecuritybeyondthetechnicaldetailstoincludemanagementandbusinessissues,bothfortheCISSPexamandforyourroleinthefield.QQUESTIONS1.Whichofthefollo

43、wingbestdescribestherelationshipbetweenCOBITandITIL?A.COBITisamodelforITgovernance,whereasITILisamodelforcorporategovernance.B.COBITprovidesacorporategovernanceroadmap,whereasITILisacustomizableframeworkforITservicemanagement.C.COBITdefinesITgoals,whereasITILprovidestheprocess-levelstepsonhowtoachie

44、vethem.D.COBITprovidesaframeworkforachievingbusinessgoals,whereasITILdefinesaframeworkforachievingITservice-levelgoals.2.Globalorganizationsthattransferdataacrossinternationalboundariesmustabidebyguidelinesandtransborderinformationflowrulesdevelopedbyaninternationalorganizationthathelpsdifferentgove

45、rnmentscometogetherandtackletheeconomic,social,andgovernancechallengesofaglobalizedeconomy.Whatorganizationisthis?A.CommitteeofSponsoringOrganizationsoftheTreadwayCommissionB.TheOrganisationforEconomicCo-operationandDevelopmentC.COBITD.InternationalOrganizationforStandardization3.Steve,adepartmentma

46、nager,hasbeenaskedtojoinacommitteethatisresponsiblefordefininganacceptablelevelofriskfortheorganization,reviewingriskassessmentandauditreports,andapprovingsignificantchangestosecuritypoliciesandprograms.Whatcommitteeishejoining?A.SecuritypolicycommitteeB.AuditcommitteeC.RiskmanagementcommitteeD.Secu

47、ritysteeringcommittee4.Whichofthefollowingisnotincludedinariskassessment?A.DiscontinuingactivitiesthatintroduceriskB.IdentifyingassetsC.IdentifyingthreatsD.Analyzingriskinorderofcostorcriticality5.Theintegrityofdataisnotrelatedtowhichofthefollowing?A.UnauthorizedmanipulationorchangestodataB.Themodif

48、icationofdatawithoutauthorizationC.TheintentionaloraccidentalsubstitutionofdataD.Theextractionofdatatosharewithunauthorizedentities6.AshiscompanysCISO,Georgeneedstodemonstratetotheboardofdirectorsthenecessityofastrongriskmanagementprogram.WhichofthefollowingshouldGeorgeusetocalculatethecompanysresid

49、ualrisk?A.threatsvulnerabilityassetvalue=residualriskB.SLEfrequency=ALE,whichisequaltoresidualriskC.(threatsvulnerabilityassetvalue)controlsgap=residualriskD.(totalriskassetvalue)countermeasures=residualrisk7.CapabilityMaturityModelIntegration(CMMI)camefromthesoftwareengineeringworldandisusedwithino

50、rganizationstohelplayoutapathwayofhowincrementalimprovementcantakeplace.Thismodelisusedbyorganizationsinself-assessmentandtodevelopstructuredstepsthatcanbefollowedsoanorganizationcanevolvefromoneleveltothenextandconstantlyimproveitsprocesses.IntheCMMImodelgraphicshown,whatisthepropersequenceofthelev

本站链接:文库   一言   我酷   合作


客服QQ:2549714901微博号:文库网官方知乎号:文库网

经营许可证编号: 粤ICP备2021046453号世界地图

文库网官网©版权所有2025营业执照举报