【按需印刷】-CISSP通行证

CISSP通行证（英文版）目录1 Security Management PracticesObjective 1.01 Management ResponsibilitiesObjective 1.02 Risk ManagementRisk AnalysisObjective 1.03 Possible ThreatsObjective 1.04 Security Control TypesObjective 1.05 Calculating RiskQuantitative Versus Qualitative ApproachesDealing with RiskCountermeasure SelectionObjective 1.06 Security Policies and their SupportingCounterpartsSecurity PolicyStandardsBaselinesProceduresGuidelinesObjective 1.07 Roles and ResponsibilitiesData OwnerData CustodianUserSecurity AuditorObjective 1.08 Information ClassificationMilitary Versus Commercial ClassificationsObjective 1.09 Employee ManagementOperational Administrative ControlsCHECKPOINTReview QuestionsReview Answers2 Access ControlObjective 2.01 Identification and AuthenticationDefinitionsThree Steps to Access ControlAuthenticationBiometricsPasswordsCognitive PasswordOne-Time PasswordCryptographic keysPassphraseMemory CardsSmart CardsAuthorizationObjective 2.02 Single Sign-On TechnologiesDirectory ServicesKerberosSESAMEThin ClientsObjective 2.03 Access Control Models and TechniquesDACMACRBACAccess Control TechniquesRestricted InterfacesCapability Table and ACLsContent-Dependent Access ControlOther Access TechniquesObjective 2.04 Access Control AdministrationCentralized Access Control AdministrationRADIUSTACACSDiameterDecentralized Access Control AdministrationObjective 2.05 Intrusion Detection SystemNetwork-Based and Host-BasedSignature-Based and Behavior-BasedDownfalls of IDSObjective 2.06 Unauthorized Access Control and AttacksUnatuthorized Disclosure of InformationEmanation SecurityAttack TypesPenetration TestingCHECKPOINTReview QuestionsReview Answers3 Security Models and ArchitectureObjective 3.01 System ComponentsCentral Processing UnitStorage and Memory TypesVirtual MemoryData Access StorageProcessing InstructionsOperating StatesObjective 3.02 Operation System Security MechanismsProcess IsolationProtection Ringsvirtual MachineTrusted Computing BaseReference Monitor and Security KernelObjective 3.03 Security ModelsThe Different ModelsState Machine ModelsBell-LaPadula ModelBibaClark-Wilson ModelNon-Interference ModelAccess Control Matrix ModelInformation Flow ModelBrewer and nash modelGraham-Denning and Harrison-Ruzzo-Ullman MModleObjective 3.04 Security Evaluation CriteriaSecurity EvaluationsTrusted Computer System Evaluation CriteriaRainbow SeriesInformation Technology Security Evaluation ClriteraCommon CritecriaCertification Versus AccreditationCHECKPOINTReview QuestionRview Answers4 Physical SecurityObjective 4.01 Controls Pertaining to Physical SecurityFacility LocationFacility ConstructionComputing AreaHardware BackupsObjective 4.02 Electrical Power and Environmental IssuesUPSPower InterferenceEnvironmental ConsiderationsVentilationWaterSteamand GasObjective 4.03 Fire Detection and SuppressionFire PreventionFire DetectionFire TypesFire SuppressionHalonFire Extinguishing IssuesWater SprinklersEmergency ResponseObjective 4.04 Perimeter SecurityLock TypesFacility AccessEntrance ProtectionFencingLightingSurveillance DevicesIntrusion Detection SystemsCHECKPOINTReview QuestionReview Answers5 Telecommunications and Networking SecurityObjective 5.01 TCP/IP SuiteInternet Protocol(IP)NetworksIntranets and ExtranetsObjective 5.02 Cabling and Data Transmission TypesCoaxial CableTwisted-Pair CableFiberCable IssuesFire RatingsBroadband and BasebandSignalsAsynchronous and SynchronousTransmission MethodsObjective 5.03 LAN TechnoogiesNetwork TopologiesMedia Access TechnologiesEthernetToken PassingPollingProtocolsAddress Resolution Protocol(ARP)Reverse Address Resolution Protocol(RARP)Boot ProtocolInternet Control Message Protocol(ICMP)Other TCP/IP ProtocolsObjective 5.04 Networking Devices and ServicesRepeaterBridgeSwitchesVLANRouterBroutersGatewaySummary of DevicesFirewallsPacket FilteringProxy FirewallsStateful FirewallsFirewall ArchitectureFirewall AdministrationRemote ConnectivityPPPSLIPPAPCHAPEAPVPNPPTPL2TPIPSecNetwork ServicesDNSNATObjective 5.05 Telecommunications Protocols and DevicesFDDISONETDedicated LinkCSU/DSUS/WANISDNDSLCable ModemsWAN SwitchingFrame RelayX.25ATMQuality of ServiceSMDSSDLCHDLCMultiservice Access TechnologiesObjective 5.06 Remote Access Methods and TechnologiesRemote AccessWireless TechnologySpread SpectrumWAPAccess PointsSSIDOSA and SKACell Phone CloningPBX ThreatsObjective 5.07 Fault Tolerance MechanismsRAIDClusteringBacking UpCHECKPOINTReview QuestionsReview Answers6 CryptographyObjective 6.01 Cryptography DefinitionsDefinitionsKeys and TextKeyspaceStrength of CryptosystemAttacksSpy-Like CiphersSteganographyObjective 6.02 Cipher TypesKerckhoff's PrincipleKey EscrowSubstitution CipherTransposition CipherBlock CipherStream CipherSymmetric CryptographyAsymmetric CryptographyObjective 6.03 Hybrid ApproachKey ManagementData EncryptionSecurity GoalsTypes of Symmetric AlgorithmsDESTriple-DES(3DES)Advanced Encryption Standard(AES)Other Symmetric AlgorithmsAsymmetrical AlgorithmsDiffie-Hellman Key ExchangeEI GamalElliptic Curve Cryptosystems(ECC)Objective 6.04 Message Integrity and Digital SignaturesMessage IntegrityOne-Way HashAttacks on Hashing FunctionsHashing AlgorithmsMessage Authentication CodeElectronic SigningDSSObjective 6.05 Cryptography ApplicationsPublic Key InfrastructureCertificate Authority(CA)Registration AuthorityCertificate Revocation List(CRL)Components of PKIPKI StepsOne-Time PadEncryption at Different LayersObjective 6.06 Cryptographic ProtocolsPrivacy-Enhanced Mail(PEM)Message Security Protocol(MSP)Pretty Good Privacy(PGP)Internet SecuritySecure Hypertext Transfer Protocol(S-HTTP)HTTPSSecure Sockets Layer(SSL)S/MIMESSH2SETIPSecOther Security TechnologiesObjective 6.07 AttacksCiphertext-Only AttackKnown-plaintext AttackChosen-plaintext AttackAdaptive Chosen-plaintext AttackChosen-Ciphertext AttackAdaptive Chosen-Ciphertext AttackMan-in-the-Middle AttackAlgebraic AttackAnalytic AttackCHECKPOINTReview QuestionsReview Answers7 Disaster Recovery and Business ComtinuityObjective 7.01 Disaster Recovery versusBusiness ContinuityObjective 7.02 Project Initiation PhaseObjective 7.03 Business Impact AnalysisObjective 7.04 Possible ThreatsObjective 7.05 Backups and Off-Site FacilitiesEmployees and the Working EnvironmentChoosing a Software Backup Storage FacilityBackup Facility AlternativesObjective 7.06 DRP and Off-Site FacilitiesEmergency ResponseRecovery and RestorationDocumentationTesting and DrillsMaintenancePhase BreakdownPreventionCHECKPOINTReview QuestionsReview Answers8 LawInvestigation.and EthicsObjective 8.01 Ethics(ISC)平方Computer Ethics InstituteInternet Activities BoardObjective 8.02 Hacking MethodsCharacteristics of an AttackerProblems with Prosecuting AttackersTypes of AttacksSalamiData DiddlingExessive PrivilegesPassword SniffingIP SpoofingDumpster DivingWiretappingSocial EngineeringMore Attack TypesAttack CategoriesPhone FraudObjective 8.03 Organization Liabilities and RamificationsSecurity PrinciplesLegal LiabilityPrivacy IssuesPrivacy Act of 1974electronic Communications Privacy Act of 1986Health Insurance Portability and Accountability Act(HIPAA)Gramm Leach Bliley Act of 1999Employee MonitoringTransborder Information FlowInternational IssuesObjective 8.04 Types of LawCivil LawCriminal LawAdministrative LawFederal PoliciesComputer Fraud and Abuse Act of 1986Economic Espionage Act of 1996Federal Sentencing Guidelines of 1991Intellectual Property LawsTrade SecretCopyrightTrademarkPatentSoftware PiracyObjective 8.05 Computer Crime InvestigationWho Should Investigate?Incident Response PlanIncident response TeamIncident HandlingCollecting EvidenceSearch and SeizureForensicsAdmissibility of EvidenceEvidence TypesBest EvidenceSecondary EvidenceHearsay EvidenceEnticement and EntrapmentTrialCHECKPOINTReview QuestionsReview Answers9 Applications and Systems DevelopmentObjective 9.01 Applications and Systems DevelopmentSoftware LifecycleSoftware Development ModelsProject InitiationFunctional Design Analysis and PlanningSystem Design SpecificationsSoftware DevelopmentAcceptance Testing/ImplementationOperations/MaintenanceDisposalSoftware Development MethodsChange ControlAdministrative ControlsProgram Language EvolutionObjective 9.02 Object-Oriented ProgrammingClasses and ObjectsAbstractionPolymorphismPolyinstantiationApplication ThreatsObjective 9.03 Distributed ComputingORB and CORBACOM and DCOMEnterprise Java BeanOLEActiveXJava AppletsCGICookiesObjective 9.04 DatabasesRelational Data ModelData DictionaryDatabase JargonStructured query LanguageHierarchical database ModelNetwork Database Management SystemDistributed Data ModelObject-Oriented DatabaseDatabase Interface LanguagesConcurrency IssuesAggregation and InferenceData WarehousingData MiningObjective 9.05 Artificial IntelligenceExpert SystemsArtificial Neural NetworkObjective 9.06 MalwareVirusWormsLogic BombTrojan HorseDenial of ServiceDDoSSmurf AttacksTiming AttacksCHECKPOINTReview QuestionsReview Answers10 Operations SecurityObjective 10.01 Operations ControlsDue CareAdministrative ControlSeparation of DutiesJob RotationLeast Privilege and Need-to-KnowMandatory VacationsClipping LevelsControl CategoriesObjective 10.02 Configuration Management and Media ControlMedia ControlsInput/Output Data ControlsObjective 10.03 Reacting to Failures and RecoveringTrusted RecoveryFacsimile SecurityOperational ResponsibilitiesUnusual or Unexplained OccurrencesDeviations from StandardsUnscheduled Initial Program LoadsPersonnel OperatorsObjective 10.04 Software BackupsNetwork AvailabilityRAIDBackupsContingency ManagementCHECKPOINTReview QuestionsReview AnswersA About the Free Online Practice ExamMike Meyers' Certification Passport FREE Online Practice Exam InstructionsSystem RequirementsTechnical SupportB Career Flight PathCareer Paths in SecurityIndex