Readers can get access to the following tools by visiting sybextestbanks.wiley.com.
The Sybex Test Preparation Software
The test preparation software, made by experts at Sybex, prepares you for the CISSP exam. In this test engine, you will find all the review and assessment questions from the book plus additional bonus practice exams that are included with the study tools. You can take the assessment test, test yourself by chapter, take the practice exams, or take a randomly generated exam comprising all the questions.
Electronic Flashcards
Sybex’s electronic flashcards include hundreds of questions designed to challenge you further for the CISSP exam. Between the review questions, practice exams, and flashcards, you’ll have more than enough practice for the exam!
Glossary of Terms in PDF
Sybex offers a robust glossary of terms in PDF format. This comprehensive glossary includes all of the key terms you should understand for the CISSP, in a searchable format.
Bonus Practice Exams
Sybex includes bonus practice exams, each comprising questions meant to survey your understanding of key elements in the CISSP CBK. This book has four bonus exams, each comprising 250 full-length questions. These exams are available digitally at http://sybextestbanks.wiley.com.
This book has a number of features designed to guide your study efforts for the CISSP certification exam. It assists you by listing at the beginning of each chapter the CISSP Common Body of Knowledge domain topics covered in the chapter and by ensuring that each topic is fully discussed within the chapter. The review questions at the end of each chapter and the practice exams are designed to test your retention of the material you’ve read to make sure you are aware of areas in which you should spend additional study time. Here are some suggestions for using this book and study tools (found at sybextestbanks.wiley.com):
■ Take the assessment test before you start reading the material. This will give you an idea of the areas in which you need to spend additional study time as well as those areas in which you may just need a brief refresher.
■ Answer the review questions after you’ve read each chapter; if you answer any incorrectly, go back to the chapter and review the topic, or utilize one of the additional resources if you need more information.
■ Download the flashcards to your mobile device, and review them when you have a few minutes during the day.
■ Take every opportunity to test yourself. In addition to the assessment test and review questions, there are bonus practice exams included with the additional study tools. Take these exams without referring to the chapters and see how well you’ve done – go back and review any topics you’ve missed until you fully understand and can apply the concepts.
Finally, find a study partner if possible. Studying for, and taking, the exam with someone else will make the process more enjoyable, and you’ll have someone to help you understand topics that are difficult for you. You’ll also be able to reinforce your own knowledge by helping your study partner in areas where they are weak.
Assessment Test
1. Which of the following types of access control seeks to discover evidence of unwanted, unauthorized, or illicit behavior or activity?
A. Preventive
B. Deterrent
C. Detective
D. Corrective
2. Define and detail the aspects of password selection that distinguish good password choices from ultimately poor password choices.
A. Difficult to guess or unpredictable
B. Meet minimum length requirements
C. Meet specific complexity requirements
D. All of the above
3. Which of the following is most likely to detect DoS attacks?
A. Host-based IDS
B. Network-based IDS
C. Vulnerability scanner
D. Penetration testing
4. Which of the following is considered a denial of service attack?
A. Pretending to be a technical manager over the phone and asking a receptionist to change their password
B. While surfing the Web, sending to a web server a malformed URL that causes the system to consume 100 percent of the CPU
C. Intercepting network traffic by copying the packets as they pass through a specific subnet
D. Sending message packets to a recipient who did not request them simply to be annoying
5. At which layer of the OSI model does a router operate?
A. Network layer
B. Layer 1
C. Transport layer
D. Layer 5
6. Which type of firewall automatically adjusts its filtering rules based on the content of the traffic of existing sessions?
A. Static packet filtering
B. Application-level gateway
C. Circuit level gateway
D. Dynamic packet filtering
7. A VPN can be established over which of the following?
A. Wireless LAN connection
B. Remote access dial-up connection
C. WAN link
D. All of the above
8. What type of malware uses social engineering to trick a victim into installing it?
A. Viruses
B. Worms
C. Trojan horse
D. Logic bomb
9. The CIA Triad comprises what elements?
A. Contiguousness, interoperable, arranged
B. Authentication, authorization, accountability
C. Capable, available, integral
D. Availability, confidentiality, integrity
10. Which of the following is not a required component in the support of accountability?
A. Auditing
B. Privacy
C. Authentication
D. Authorization
11. Which of the following is not a defense against collusion?
A. Separation of duties
B. Restricted job responsibilities
C. Group user accounts
D. Job rotation
12. A data custodian is responsible for securing resources after ________________________ has assigned the resource a security label.
A. Senior management
B. Data owner
C. Auditor
D. Security staff
13. In what phase of the Capability Maturity Model for Software (SW-CMM) are quantitative measures utilized to gain a detailed understanding of the software development process?
A. Repeatable
B. Defined
C. Managed
D. Optimizing
14. Which