Professional Documents
Culture Documents
Domain 1:
Security and Risk Management
Organizations are subject to a wide variety of legal and Security controls may be preventive, detective, or
detective, or
regulatory compliance obligations from: corrective..
corrective
laws that may involve prison or �ines.
Criminal laws that
Civil laws that regulate non-criminal disputes. continuity planning conducts a business
Business continuity planning
Administrative laws set by government agencies.
laws set assessment and then implements controls
impact assessment and
from industry bodies.
Regulations from
Regulations designed to keep the business running during adverse
circumstances.
© 2018 CertMike.com 1
CISSP Last Minute Review
Domain 2:
Asset Security
Data at Rest Data stored on a system or media device Data Owner Senior-level executive who establishes rules
Data in Motion Data in transit over a network and determines controls
Data in Use Data being actively processed in memory System Owner Individual responsible for overseeing secure
operation of systems
T Y
P
N T
I
R
SECRET I V SENSITIVE
E V
I
M Security baselines, such as NIST SP 800�53,
800�53, provide a
T A
I
N S
T
R N
E
E E S standardized set of controls that an organization may
V S E
CONFIDENTIAL O G
C
T INTERNAL use as a benchmark.
G N
I
S
O
R
A
E
R
C
Typically, organization’s don’t adopt a baseline standard
N
UNCLASSIFIED I PUBLIC wholesale, but instead tailor a baseline to meet their
speci�ic security requirements
requirements..
INFORMATION CLASSIFICATION
© 2018 CertMike.com 2
CISSP Last Minute Review
Domain 3:
Security Architecture
Architecture and Engineering
The two basic cryptographic operations are CPUs support two modes of operation: user mode
which modi�ies characters and
substitution which
substitution for standard applications and privileged mode for
mode for
transposition,, which moves them around.
transposition processes that require direct access to core resources.
Anything encrypted with one key from a pair may only Users must be cleared
be decrypted with the other key from that same pair. for highest level of info Yes Yes Yes No
processed by system.
© 2018 CertMike.com 3
CISSP Last Minute Review
Domain 4:
Communication and Network Security
© 2018 CertMike.com 4
CISSP Last Minute Review
Domain 5:
Identity and Access Management
The core activities of identity and access management are: Organizations often use centralized access control
where a user makes a claim of
Identi�ication where
Identi�ication systems to streamline authentication and authorization
identity. and to provide users with a single sign on (SSO)
where the user proves the claim of
Authentication where
Authentication experience. These solutions often leverage Kerberos
identity. which uses a multi step logon process:
where the system con�irms that the
Authorization where
Authorization
user is permitted to perform the requested action. 1. User authenticates to a client on his or her device.
2. Client sends
sends the authentication
authentication credentials to the
In access control systems, we seek to limit the access Key Distribution Center (KDC).
that subjects (e.g. users, applications, processes) have
subjects (e.g. 3. KDC veri�ies
veri�ies the credentials
credentials and creates a ticket
to objects (e.g. information resources, systems)
objects (e.g. granting ticket (TGT) and sends it to the user.
4. Client makes
makes a service access request to the KDC
Access controls work in three different fashions: using the TGT
TGT..
controls use hardware
Technical (or logical) controls use 5. KDC veri�ies the TGT
TGT, creates a service ticket (ST)
and software mechanisms, such as �irewalls and for the user to use with the service, and sends the
intrusion prevention systems, to limit access. ST to the user.
controls, such as locks and keys, limit
Physical controls, 6. User sends the ST ST to the service.
service.
physical access to controlled spaces. 7. Service veri�ies the ST
ST with the KDC and grants
Administrative
Administrativ controls,, such as account reviews,
e controls access.
provide management of personnel and business
practices.
© 2018 CertMike.com 5
CISSP Last Minute Review
Domain 5:
Identity and Access Management
The implicit deny principle
The implicit deny principle says that any action that is
not explicitly authorized for a subject should be denied.
control assigns permissions to
Role-based access control assigns
individual users based upon their assigned role(s) in
the organization. For example,
example, backup administrators
administrators
might have one set of permissions while sales
representatives
representativ es have an entirely different set.
attacks intercept a client’
Man-in-the-middle attacks intercept client’ss initial
request for a connection to a server and proxy that
connection to the real service.
service. The client is unaware
unaware
that they are communicating through a proxy and the
attacker can eavesdrop on the communication and
inject commands.
© 2018 CertMike.com 6
CISSP Last Minute Review
Domain 6:
Security Assessment and Testing
Common Vulnerabili
Vulnerabilities
ties and Exposures (CVE) Exploitation
Vulnerability
Scanning
Common Vulnerabilit
Vulnerabilityy Scoring System (CVSS)
Common Con�iguration Enumeration (CCE)
© 2018 CertMike.com 7
CISSP Last Minute Review
Domain 6:
Security Assessment and Testing
There are three different types of penetration tests: testing evaluates software code without
Static testing evaluates
executing it, while dynamic testing executes
testing executes the code
During white box penetration
box penetration tests, testers have during the test. Fuzz testing supplies
testing supplies invalid input to
full access to information about the target systems. applications in an attempt to trigger an error state.
During black box penetration
box penetration tests, testers conduct
their work without any knowledge of the target testing evaluates the connections between
Interface testing evaluates
environment. different system components.
box tests reside in the middle, providing
Gray box tests
testers with partial knowledge about the testing evaluates known avenues of
Misuse case testing evaluates
environment. attack in an application.
Preparation
Inspection
Rework
Follow UP
© 2018 CertMike.com 8
CISSP Last Minute Review
Domain 7:
Security Operations
Security professionals
professionals are often called upon to Cybersecurity incident response efforts follow this
participate in a variety of investigations: process:
Criminal investiga tions look into the violation of
investigations
a criminal law and use the beyond a
Detection
reasonable
reasonabl e doubt standard of proof.
Civil investiga
investigations examine potential violations of
tions examine
civil law and use the preponderance of the
evidence standard. Lessons
investigations examine the violation of
Regulatory investigations examine Response
Learned
a private or public regulatory standard.
Administrative investigations are internal to an
organization, supporting administrative activities.
Remediation Mitigation
Investigations may use several different types of
evidence:
evidence consists of tangible objects that
Real evidence consists
may be brought into court. Recovery Reporting
evidence consists of records and
Documentary evidence consists
other written items and must be authenticated
by testimo
testimony.
ny.
Testimonial evidence is evidence given by a
evidence is
witness, either verbally or in writing. Tool Description
they do not accidentally tamper with evidence and Application Limits applications to those on an approved list.
that they preserve the chain of custody documenting
custody documenting Whitelisting
evidence handling from collection until use in court. Application Blocks applications on an unapproved list.
Blacklisting
The disaster recovery process begins when operations Sandbox Provides a safe space to run potentially malicious code.
are disrupted at the primary site and shifted to an Honeypot System that serves as a decoy to attract attackers.
alternate capability.
capability. The process only concludes when
normal operations are restored. Honeynet Unused network designed to capture probing tra�ic
© 2018 CertMike.com 9
CISSP Last Minute Review
Domain 7:
Security Operations
Backups provide an important disaster recovery When managing the physical environment, you should
control. Remember that there are three major be familiar with common power issues:
categories of backup:
Full Backup Copies all �iles on a system. Loss of power Fault Blackout
Incremental Backup Copies all �iles on a system that have Disturbance Transient Noise
changed since the most recent full or
incremental backup.
Fires require the combination of heat, oxygen, and
oxygen, and
fuel.. They may be fought with �ire
fuel �ire extinguishers:
extinguishers:
Disaster recovery sites �it into three major categories: Class A: common combustible �ires
Class B: liquid �ires
Site Type Support Systems Con�igured Servers Real-time Data
Class C: electrical �ires
Cold Site Yess
Ye No No Class D: metal �ires
Warn Site Ye
Yess Yes No
© 2018 CertMike.com 10
CISSP Last Minute Review
Domain 8:
Software Development Security
Testing
Software testers can have varying degrees of
knowledge about the software they are are testing. In
Operations
a white box test,
test, they have full knowledge of the
and software. In a black box test,
test , they have no knowledge,
Maintenance
while grey box tests reside
tests reside in the middle, providing
providing
The spiral model uses
model uses a more iterative approach: testers with partial knowledge.
© 2018 CertMike.com 11