CISSP: Certified Information Systems Security Professional Course Outline | Certstaffix® Training

Cyber Security


CISSP: Certified Information Systems Security Professional Course


Attend Our Classes From Home - No Software Needed - Learn More...

CISSP: Certified Information Systems Security Professional

by Certstaffix® Training

CISSP Training

Length: 5 day(s)      Public Class Price: $3100/person (USD)      Group Class Price: Request Quote      Course Category: CISSP Certification


CISSP Training
Security professionals consider the Certified Information Systems Security Professional (CISSP) to be the most desired certification to achieve. More than 200,000 have taken the exam, and there are more than 70,000 CISSPs worldwide.

This course is updated for the latest 2021 CISSP Body of Knowledge. This course covers 100% of all exam objectives. You'll prepare for the exam smarter and faster thanks to expert content, real-world examples, advice on passing each section of the exam, access to an online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions.

Coverage of all of the exam topics in the book means you'll be ready for:
 - Security and Risk Management
 - Asset Security
 - Security Architecture and Engineering
 - Communication and Network Security
 - Identity and Access Management (IAM)
 - Security Assessment and Testing
 - Security Operations
 - Software Development Security

Certification exams are administered by third party testing companies such as Pearson Vue or Prometric. Our courses prepare you for the certification exam, which is an additional fee paid to the testing provider. You must contact Prometric, Pearson Vue or the corresponding testing provider to take a certification exam.
In This Course, Learn About These Topics:
Business Continuity Planning Controlling and Monitoring Access Cryptography and Symmetric Key Algorithms Disaster Recovery Planning Incidents and Ethics Laws, Regulations, and Compliance Malicious Code and Application Attacks Managing Identity and Authentication Managing Security Operations Personnel Security and Risk Management Concepts Physical Security Requirements PKI and Cryptographic Applications Preventing and Responding to Incidents Principles of Security Models, Design, and Capabilities Protecting Security of Assets Secure Communications and Network Attacks Secure Network Architecture and Securing Network Components Security Assessment and Testing Security Governance Through Principles and Policies Security Vulnerabilities, Threats, and Countermeasures Software Development Security
Course Description: Print It | Download PDF | Email It

Certstaffix® Training public classes are instructor-led, live online training you attend from your location or our training labs. Our live online instructors teach you from a remote location while being able to interact with students as in a traditional classroom setting.

  • A real, live instructor teaching you from another location
  • Hands-on learning with the software/skills you are being taught
  • Interaction with all students in the class at other locations
  • Any needed software for class provided in online lab environment
  • Easy assistance from the instructor
  • Attend from your location or our training labs

Group Onsite Training
At Your Organization

OR

Private Online Training
Live Online Instruction

Have a group of several students needing the same training? Then onsite or private online group training is a perfect option for you. We'll either come onsite to your office or deliver a private live online class so you don't have to travel. You'll be able to fully customize a course to your needs. Lastly, you can save per student versus our public classes.


  • An expert Instructor will either come to your office or deliver a private live online class to your students
  • Course can be fully customized to your training needs
  • Course is scheduled based on dates you provide (Subject to instructor availability)

CISSP Certification Training Reviews by Certstaffix® Training

Certstaffix® Training collects detailed class reviews via a formal post-class evaluation in all our instructor-led courses. Below are a sample of abbreviated reviews from real students from our past classes. If you would like more reviews or ones with even further detail, please contact us and we would be happy to show you the high quality of our training services.


Certstaffix® Class Reviews

Student Average:
4.85 out of 5 from 1 students

4.85 out of 5

- attended our CISSP: Certified Information Systems Security Professional class


Q: How Can a Training Course Help Me Get a CISSP Certification?


A: Earning a Certified Information Systems Security Professional (CISSP) credential can advance careers and allow individuals to apply for high-level information technology jobs. Some employers consider a CISSP certification to be the best of the best, and for good reason: The certification process, including verifying five years of work experience, passing the exam, and winning an endorsement from a respected professional, is rigorous. CISSP certification can be challenging, and preparation for the exam can take up to a year, but enrolling in a CISSP certification prep course can reduce the time necessary to earn this highly prized credential.


More Information on How a Training Course Can Help You Get a CISSP Certification


Q: What Do I Need to Know to Get CISSP Certification?


A: The Certified Information Systems Security Professional (CISSP) certification isn’t easy to obtain, but earning this highly regarded credential can pay dividends for an IT professional. Typically, you’ll need at least five years of experience working within the eight CISSP Common Body of Knowledge (CBK) domains and another professional to vouch for your skills. The CISSP exam is extremely challenging, and you’ll have to prepare by saving up hundreds of dollars for the testing fee, gathering documents to prove your identity, and potentially planning around retakes, which can be spaced out over several months.


More Information on What You Need to Know to Get CISSP Certification


CISSP Blogs

CISSP User Groups

CISSP Online Forums

  Detailed Course Topics

Course Description: Print It | Download PDF | Email It

Related Certifications

CISSP Certified Information Systems Security Professional Certification


Course Topics

Introduction xxxvii
Assessment Test lix

Chapter 1 Security Governance Through Principles and Policies 1
Security 101 3
Understand and Apply Security Concepts 4
Confidentiality 5
Integrity 6
Availability 7
DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services 7
Protection Mechanisms 11
Security Boundaries 13
Evaluate and Apply Security Governance Principles 14
Third-Party Governance 15
Documentation Review 15
Manage the Security Function 16
Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives 17
Organizational Processes 19
Organizational Roles and Responsibilities 21
Security Control Frameworks 22
Due Diligence and Due Care 23
Security Policy, Standards, Procedures, and Guidelines 23
Security Policies 24
Security Standards, Baselines, and Guidelines 24
Security Procedures 25
Threat Modeling 26
Identifying Threats 26
Determining and Diagramming Potential Attacks 28
Performing Reduction Analysis 28
Prioritization and Response 30
Supply Chain Risk Management 31
Summary 33
Exam Essentials 33
Written Lab 36
Review Questions 37

Chapter 2 Personnel Security and Risk Management Concepts 43
Personnel Security Policies and Procedures 45
Job Descriptions and Responsibilities 45
Candidate Screening and Hiring 46
Onboarding: Employment Agreements and Policies 47
Employee Oversight 48
Offboarding, Transfers, and Termination Processes 49
Vendor, Consultant, and Contractor Agreements and Controls 52
Compliance Policy Requirements 53
Privacy Policy Requirements 54
Understand and Apply Risk Management Concepts 55
Risk Terminology and Concepts 56
Asset Valuation 58
Identify Threats and Vulnerabilities 60
Risk Assessment/Analysis 60
Risk Responses 66
Cost vs. Benefit of Security Controls 69
Countermeasure Selection and Implementation 72
Applicable Types of Controls 74
Security Control Assessment 76
Monitoring and Measurement 76
Risk Reporting and Documentation 77
Continuous Improvement 77
Risk Frameworks 79
Social Engineering 81
Social Engineering Principles 83
Eliciting Information 85
Prepending 85
Phishing 85
Spear Phishing 87
Whaling 87
Smishing 88
Vishing 88
Spam 89
Shoulder Surfing 90
Invoice Scams 90
Hoax 90
Impersonation and Masquerading 91
Tailgating and Piggybacking 91
Dumpster Diving 92
Identity Fraud 93
Typo Squatting 94
Influence Campaigns 94
Establish and Maintain a Security Awareness, Education, and Training Program 96
Awareness 97
Training 97
Education 98
Improvements 98
Effectiveness Evaluation 99
Summary 100
Exam Essentials 101
Written Lab 106
Review Questions 107

Chapter 3 Business Continuity Planning 113
Planning for Business Continuity 114
Project Scope and Planning 115
Organizational Review 116
BCP Team Selection 117
Resource Requirements 119
Legal and Regulatory Requirements 120
Business Impact Analysis 121
Identifying Priorities 122
Risk Identification 123
Likelihood Assessment 125
Impact Analysis 126
Resource Prioritization 128
Continuity Planning 128
Strategy Development 129
Provisions and Processes 129
Plan Approval and Implementation 131
Plan Approval 131
Plan Implementation 132
Training and Education 132
BCP Documentation 132
Summary 136
Exam Essentials 137
Written Lab 138
Review Questions 139

Chapter 4 Laws, Regulations, and Compliance 143
Categories of Laws 144
Criminal Law 144
Civil Law 146
Administrative Law 146
Laws 147
Computer Crime 147
Intellectual Property (IP) 152
Licensing 158
Import/Export 158
Privacy 160
State Privacy Laws 168
Compliance 169
Contracting and Procurement 171
Summary 171
Exam Essentials 172
Written Lab 173
Review Questions 174

Chapter 5 Protecting Security of Assets 179
Identifying and Classifying Information and Assets 180
Defining Sensitive Data 180
Defining Data Classifications 182
Defining Asset Classifications 185
Understanding Data States 185
Determining Compliance Requirements 186
Determining Data Security Controls 186
Establishing Information and Asset Handling Requirements 188
Data Maintenance 189
Data Loss Prevention 189
Marking Sensitive Data and Assets 190
Handling Sensitive Information and Assets 192
Data Collection Limitation 192
Data Location 193
Storing Sensitive Data 193
Data Destruction 194
Ensuring Appropriate Data and Asset Retention 197
Data Protection Methods 199
Digital Rights Management 199
Cloud Access Security Broker 200
Pseudonymization 200
Tokenization 201
Anonymization 202
Understanding Data Roles 204
Data Owners 204
Asset Owners 205
Business/Mission Owners 206
Data Processors and Data Controllers 206
Data Custodians 207
Administrators 207
Users and Subjects 208
Using Security Baselines 208
Comparing Tailoring and Scoping 209
Standards Selection 210
Summary 211
Exam Essentials 211
Written Lab 213
Review Questions 214

Chapter 6 Cryptography and Symmetric Key Algorithms 219
Cryptographic Foundations 220
Goals of Cryptography 220
Cryptography Concepts 223
Cryptographic Mathematics 224
Ciphers 230
Modern Cryptography 238
Cryptographic Keys 238
Symmetric Key Algorithms 239
Asymmetric Key Algorithms 241
Hashing Algorithms 244
Symmetric Cryptography 244
Cryptographic Modes of Operation 245
Data Encryption Standard 247
Triple DES 247
International Data Encryption Algorithm 248
Blowfish 249
Skipjack 249
Rivest Ciphers 249
Advanced Encryption Standard 250
CAST 250
Comparison of Symmetric Encryption Algorithms 251
Symmetric Key Management 252
Cryptographic Lifecycle 255
Summary 255
Exam Essentials 256
Written Lab 257
Review Questions 258

Chapter 7 PKI and Cryptographic Applications 263
Asymmetric Cryptography 264
Public and Private Keys 264
RSA 265
ElGamal 267
Elliptic Curve 268
Diffie–Hellman Key Exchange 269
Quantum Cryptography 270
Hash Functions 271
SHA 272
MD5 273
RIPEMD 273
Comparison of Hash Algorithm Value Lengths 274
Digital Signatures 275
HMAC 276
Digital Signature Standard 277
Public Key Infrastructure 277
Certificates 278
Certificate Authorities 279
Certificate Lifecycle 280
Certificate Formats 283
Asymmetric Key Management 284
Hybrid Cryptography 285
Applied Cryptography 285
Portable Devices 285
Email 286
Web Applications 290
Steganography and Watermarking 292
Networking 294
Emerging Applications 295
Cryptographic Attacks 297
Summary 301
Exam Essentials 302
Written Lab 303
Review Questions 304

Chapter 8 Principles of Security Models, Design, and Capabilities 309
Secure Design Principles 310
Objects and Subjects 311
Closed and Open Systems 312
Secure Defaults 314
Fail Securely 314
Keep It Simple 316
Zero Trust 317
Privacy by Design 319
Trust but Verify 319
Techniques for Ensuring CIA 320
Confinement 320
Bounds 320
Isolation 321
Access Controls 321
Trust and Assurance 321
Understand the Fundamental Concepts of Security Models 322
Trusted Computing Base 323
State Machine Model 325
Information Flow Model 325
Noninterference Model 326
Take-Grant Model 326
Access Control Matrix 327
Bell–LaPadula Model 328
Biba Model 330
Clark–Wilson Model 333
Brewer and Nash Model 334
Goguen–Meseguer Model 335
Sutherland Model 335
Graham–Denning Model 335
Harrison–Ruzzo–Ullman Model 336
Select Controls Based on Systems Security Requirements 337
Common Criteria 337
Authorization to Operate 340
Understand Security Capabilities of Information Systems 341
Memory Protection 341
Virtualization 342
Trusted Platform Module 342
Interfaces 343
Fault Tolerance 343
Encryption/Decryption 343
Summary 343
Exam Essentials 344
Written Lab 347
Review Questions 348

Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 353
Shared Responsibility 354
Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 355
Hardware 356
Firmware 370
Client-Based Systems 372
Mobile Code 372
Local Caches 375
Server-Based Systems 375
Large-Scale Parallel Data Systems 376
Grid Computing 377
Peer to Peer 378
Industrial Control Systems 378
Distributed Systems 380
High-Performance Computing (HPC) Systems 382
Internet of Things 383
Edge and Fog Computing 385
Embedded Devices and Cyber-Physical Systems 386
Static Systems 387
Network-Enabled Devices 388
Cyber-Physical Systems 389
Elements Related to Embedded and Static Systems 389
Security Concerns of Embedded and Static Systems 390
Specialized Devices 393
Microservices 394
Infrastructure as Code 395
Virtualized Systems 397
Virtual Software 399
Virtualized Networking 400
Software-Defined Everything 400
Virtualization Security Management 403
Containerization 405
Serverless Architecture 406
Mobile Devices 406
Mobile Device Security Features 408
Mobile Device Deployment Policies 420
Essential Security Protection Mechanisms 426
Process Isolation 426
Hardware Segmentation 427
System Security Policy 427
Common Security Architecture Flaws and Issues 428
Covert Channels 428
Attacks Based on Design or Coding Flaws 430
Rootkits 431
Incremental Attacks 431
Summary 432
Exam Essentials 433
Written Lab 440
Review Questions 441

Chapter 10 Physical Security Requirements 447
Apply Security Principles to Site and Facility Design 448
Secure Facility Plan 448
Site Selection 449
Facility Design 450
Implement Site and Facility Security Controls 452
Equipment Failure 453
Wiring Closets 454
Server Rooms/Data Centers 455
Intrusion Detection Systems 458
Cameras 460
Access Abuses 462
Media Storage Facilities 462
Evidence Storage 463
Restricted and Work Area Security 464
Utility Considerations 465
Fire Prevention, Detection, and Suppression 470
Implement and Manage Physical Security 476
Perimeter Security Controls 477
Internal Security Controls 481
Key Performance Indicators of Physical Security 483
Summary 484
Exam Essentials 485
Written Lab 488
Review Questions 489

Chapter 11 Secure Network Architecture and Components 495
OSI Model 497
History of the OSI Model 497
OSI Functionality 498
Encapsulation/Deencapsulation 498
OSI Layers 500
TCP/IP Model 504
Analyzing Network Traffic 505
Common Application Layer Protocols 506
Transport Layer Protocols 508
Domain Name System 509
DNS Poisoning 511
Domain Hijacking 514
Internet Protocol (IP) Networking 516
IPv4 vs. IPv6 516
IP Classes 517
ICMP 519
IGMP 519
ARP Concerns 519
Secure Communication Protocols 521
Implications of Multilayer Protocols 522
Converged Protocols 523
Voice over Internet Protocol (VoIP) 524
Software-Defined Networking 525
Microsegmentation 526
Wireless Networks 527
Securing the SSID 529
Wireless Channels 529
Conducting a Site Survey 530
Wireless Security 531
Wi-Fi Protected Setup (WPS) 533
Wireless MAC Filter 534
Wireless Antenna Management 534
Using Captive Portals 535
General Wi-Fi Security Procedure 535
Wireless Communications 536
Wireless Attacks 539
Other Communication Protocols 543
Cellular Networks 544
Content Distribution Networks (CDNs) 545
Secure Network Components 545
Secure Operation of Hardware 546
Common Network Equipment 547
Network Access Control 549
Firewalls 550
Endpoint Security 556
Cabling, Topology, and Transmission Media Technology 559
Transmission Media 559
Network Topologies 563
Ethernet 565
Sub-Technologies 566
Summary 569
Exam Essentials 570
Written Lab 574
Review Questions 575

Chapter 12 Secure Communications and Network Attacks 581
Protocol Security Mechanisms 582
Authentication Protocols 582
Port Security 585
Quality of Service (QoS) 585
Secure Voice Communications 586
Public Switched Telephone Network 586
Voice over Internet Protocol (VoIP) 586
Vishing and Phreaking 588
PBX Fraud and Abuse 589
Remote Access Security Management 590
Remote Access and Telecommuting Techniques 591
Remote Connection Security 591
Plan a Remote Access Security Policy 592
Multimedia Collaboration 593
Remote Meeting 593
Instant Messaging and Chat 594
Load Balancing 595
Virtual IPs and Load Persistence 596
Active-Active vs. Active-Passive 596
Manage Email Security 596
Email Security Goals 597
Understand Email Security Issues 599
Email Security Solutions 599
Virtual Private Network 602
Tunneling 603
How VPNs Work 604
Always-On 606
Split Tunnel vs. Full Tunnel 607
Common VPN Protocols 607
Switching and Virtual LANs 610
Network Address Translation 614
Private IP Addresses 616
Stateful NAT 617
Automatic Private IP Addressing 617
Third-Party Connectivity 618
Switching Technologies 620
Circuit Switching 620
Packet Switching 620
Virtual Circuits 621
WAN Technologies 622
Fiber-Optic Links 624
Security Control Characteristics 624
Transparency 625
Transmission Management Mechanisms 625
Prevent or Mitigate Network Attacks 625
Eavesdropping 626
Modification Attacks 626
Summary 626
Exam Essentials 628
Written Lab 630
Review Questions 631

Chapter 13 Managing Identity and Authentication 637
Controlling Access to Assets 639
Controlling Physical and Logical Access 640
The CIA Triad and Access Controls 640
Managing Identification and Authentication 641
Comparing Subjects and Objects 642
Registration, Proofing, and Establishment of Identity 643
Authorization and Accountability 644
Authentication Factors Overview 645
Something You Know 647
Something You Have 650
Something You Are 651
Multifactor Authentication (MFA) 655
Two-Factor Authentication with Authenticator Apps 655
Passwordless Authentication 656
Device Authentication 657
Service Authentication 658
Mutual Authentication 659
Implementing Identity Management 659
Single Sign-On 659
SSO and Federated Identities 660
Credential Management Systems 662
Credential Manager Apps 663
Scripted Access 663
Session Management 663
Managing the Identity and Access Provisioning Lifecycle 664
Provisioning and Onboarding 665
Deprovisioning and Offboarding 666
Defining New Roles 667
Account Maintenance 667
Account Access Review 667
Summary 668
Exam Essentials 669
Written Lab 671
Review Questions 672

Chapter 14 Controlling and Monitoring Access 677
Comparing Access Control Models 678
Comparing Permissions, Rights, and Privileges 678
Understanding Authorization Mechanisms 679
Defining Requirements with a Security Policy 681
Introducing Access Control Models 681
Discretionary Access Control 682
Nondiscretionary Access Control 683
Implementing Authentication Systems 690
Implementing SSO on the Internet 691
Implementing SSO on Internal Networks 694
Understanding Access Control Attacks 699
Risk Elements 700
Common Access Control Attacks 700
Core Protection Methods 713
Summary 714
Exam Essentials 715
Written Lab 717
Review Questions 718

Chapter 15 Security Assessment and Testing 723
Building a Security Assessment and Testing Program 725
Security Testing 725
Security Assessments 726
Security Audits 727
Performing Vulnerability Assessments 731
Describing Vulnerabilities 731
Vulnerability Scans 732
Penetration Testing 742
Compliance Checks 745
Testing Your Software 746
Code Review and Testing 746
Interface Testing 751
Misuse Case Testing 751
Test Coverage Analysis 752
Website Monitoring 752
Implementing Security Management Processes 753
Log Reviews 753
Account Management 754
Disaster Recovery and Business Continuity 754
Training and Awareness 755
Key Performance and Risk Indicators 755
Summary 756
Exam Essentials 756
Written Lab 758
Review Questions 759

Chapter 16 Managing Security Operations 763
Apply Foundational Security Operations Concepts 765
Need to Know and Least Privilege 765
Separation of Duties (SoD) and Responsibilities 767
Two-Person
Control 768
Job Rotation 768
Mandatory Vacations 768
Privileged Account Management 769
Service Level Agreements (SLAs) 771
Addressing Personnel Safety and Security 771
Duress 771
Travel 772
Emergency Management 773
Security Training and Awareness 773
Provision Resources Securely 773
Information and Asset Ownership 774
Asset Management 774
Apply Resource Protection 776
Media Management 776
Media Protection Techniques 776
Managed Services in the Cloud 779
Shared Responsibility with Cloud Service Models 780
Scalability and Elasticity 782
Perform Configuration Management (CM) 782
Provisioning 783
Baselining 783
Using Images for Baselining 783
Automation 784
Managing Change 785
Change Management 787
Versioning 788
Configuration Documentation 788
Managing Patches and Reducing Vulnerabilities 789
Systems to Manage 789
Patch Management 789
Vulnerability Management 791
Vulnerability Scans 792
Common Vulnerabilities and Exposures 792
Summary 793
Exam Essentials 794
Written Lab 796
Review Questions 797

Chapter 17 Preventing and Responding to Incidents 801
Conducting Incident Management 803
Defining an Incident 803
Incident Management Steps 804
Implementing Detective and Preventive Measures 810
Basic Preventive Measures 810
Understanding Attacks 811
Intrusion Detection and Prevention Systems 820
Specific Preventive Measures 828
Logging and Monitoring 834
Logging Techniques 834
The Role of Monitoring 837
Monitoring Techniques 840
Log Management 844
Egress Monitoring 844
Automating Incident Response 845
Understanding SOAR 845
Machine Learning and AI Tools 846
Threat Intelligence 847
The Intersection of SOAR, Machine Learning, AI, and Threat Feeds 850
Summary 851
Exam Essentials 852
Written Lab 855
Review Questions 856

Chapter 18 Disaster Recovery Planning 861
The Nature of Disaster 863
Natural Disasters 864
Human-Made
Disasters 869
Understand System Resilience, High Availability, and Fault Tolerance 875
Protecting Hard Drives 875
Protecting Servers 877
Protecting Power Sources 878
Trusted Recovery 879
Quality of Service 880
Recovery Strategy 880
Business Unit and Functional Priorities 881
Crisis Management 882
Emergency Communications 882
Workgroup Recovery 883
Alternate Processing Sites 883
Database Recovery 888
Recovery Plan Development 890
Emergency Response 891
Personnel and Communications 891
Assessment 892
Backups and Off-site Storage 892
Software Escrow Arrangements 896
Utilities 897
Logistics and Supplies 897
Recovery vs. Restoration 897
Training, Awareness, and Documentation 898
Testing and Maintenance 899
Read-Through
Test 899
Structured Walk-Through 900
Simulation Test 900
Parallel Test 900
Full-Interruption Test 900
Lessons Learned 901
Maintenance 901
Summary 902
Exam Essentials 902
Written Lab 903
Review Questions 904

Chapter 19 Investigations and Ethics 909
Investigations 910
Investigation Types 910
Evidence 913
Investigation Process 919
Major Categories of Computer Crime 923
Military and Intelligence Attacks 924
Business Attacks 925
Financial Attacks 926
Terrorist Attacks 926
Grudge Attacks 927
Thrill Attacks 928
Hacktivists 928
Ethics 929
Organizational Code of Ethics 929
(ISC)2 Code of Ethics 930
Ethics and the Internet 931
Summary 933
Exam Essentials 934
Written Lab 935
Review Questions 936

Chapter 20 Software Development Security 941
Introducing Systems Development Controls 943
Software Development 943
Systems Development Lifecycle 952
Lifecycle Models 955
Gantt Charts and PERT 964
Change and Configuration Management 964
The DevOps Approach 966
Application Programming Interfaces 967
Software Testing 969
Code Repositories 970
Service-Level
Agreements 971
Third-Party
Software Acquisition 972
Establishing Databases and Data Warehousing 973
Database Management System Architecture 973
Database Transactions 977
Security for Multilevel Databases 978
Open Database Connectivity 982
NoSQL 982
Storage Threats 983
Understanding Knowledge-Based Systems 984
Expert Systems 984
Machine Learning 985
Neural Networks 986
Summary 987
Exam Essentials 987
Written Lab 988
Review Questions 989

Chapter 21 Malicious Code and Application Attacks 993
Malware 994
Sources of Malicious Code 995
Viruses 995
Logic Bombs 999
Trojan Horses 1000
Worms 1001
Spyware and Adware 1004
Ransomware 1004
Malicious Scripts 1005
Zero-Day
Attacks 1006
Malware Prevention 1006
Platforms Vulnerable to Malware 1007
Antimalware Software 1007
Integrity Monitoring 1008
Advanced Threat Protection 1008
Application Attacks 1009
Buffer Overflows 1009
Time of Check to Time of Use 1010
Backdoors 1011
Privilege Escalation and Rootkits 1011
Injection Vulnerabilities 1012
SQL Injection Attacks 1012
Code Injection Attacks 1016
Command Injection Attacks 1016
Exploiting Authorization Vulnerabilities 1017
Insecure Direct Object References 1018
Directory Traversal 1018
File Inclusion 1020
Exploiting Web Application Vulnerabilities 1020
Cross-Site
Scripting (XSS) 1021
Request Forgery 1023
Session Hijacking 1024
Application Security Controls 1025
Input Validation 1025
Web Application Firewalls 1027
Database Security 1028
Code Security 1029
Secure Coding Practices 1031
Source Code Comments 1031
Error Handling 1032
Hard-Coded
Credentials 1033
Memory Management 1034
Summary 1035
Exam Essentials 1035
Written Lab 1036
Review Questions 1037

Appendix A Answers to Review Questions 1041
Course Description: Print It | Download PDF | Email It

CISSP Certification Courses By City:

       FL - Winter Park       NC - Asheville       PA - York      
- - your home       GA - Atlanta       NC - Charlotte       PR - Puerto Rico      
AL - Birmingham       GA - Augusta       NC - Greensboro       QC - Montreal      
AL - Huntsville       GA - Columbus       NC - Raleigh       RI - Providence      
AL - Mobile       GA - Savannah       NC - Winston-Salem       SC - Greenville      
AR - Bentonville       HI - Honolulu       ND - Bismarck       SC - Myrtle Beach      
BC - Vancouver       IA - Des Moines       ND - Fargo       SC - North Charleston      
CA - Bakersfield       IA - Iowa City       NE - Lincoln       SK - Regina      
CA - Fresno       ID - Boise       NE - Omaha       SK - Saskatoon      
CA - Los Angeles       IL - Chicago       NH - Bedford       TN - Chattanooga      
CA - Merced       IL - Rockford       NJ - Bridgewater       TN - Knoxville      
CA - Modesto       IN - Bloomington       NM - Albuquerque       TN - Memphis      
CA - Napa       IN - Evansville       NM - Las Cruces       TN - Nashville      
CA - Oakland       IN - Fort Wayne       NM - Santa Fe       TX - Amarillo      
CA - Oxnard       IN - Indianapolis       NS - Halifax       TX - Austin      
CA - Rancho Cucamonga       IN - South Bend       NV - Henderson       TX - Beaumont      
CA - Sacramento       KS - Overland Park       NV - Reno       TX - Corpus Christi      
CA - Salinas       KS - Topeka       NY - Albany       TX - Dallas      
CA - San Diego       KY - Lexington       NY - Buffalo       TX - El Paso      
CA - San Jose       KY - Louisville       NY - New York City       TX - Fort Worth      
CA - Santa Maria       LA - Baton Rouge       NY - Rochester       TX - Houston      
CA - Santa Rosa       LA - Lafayette       NY - Syracuse       TX - Killeen      
CA - Stockton       LA - New Orleans       OH - Beavercreek       TX - Laredo      
CB - Caribbean       LA - Shreveport       OH - Cincinnati       TX - Longview      
CB - Kingston       MA - Burlington       OH - Columbus       TX - Lubbock      
CB - Nassau       MA - Springfield       OH - Highland Heights       TX - McAllen      
CO - Boulder       MA - Westborough       OH - Toledo       TX - Midland      
CO - Colorado Springs       MB - Winnipeg       OH - Youngstown       TX - San Antonio      
CO - Denver       MD - Largo       OK - Oklahoma City       TX - Tyler      
CT - Cheshire       MD - Laurel       OK - Tulsa       TX - Waco      
CT - New Haven       ME - Portland       ON - Ottawa       UT - Ogden      
CT - Stamford       MI - Ann Arbor       ON - Toronto       UT - Salt Lake City      
DE - Wilmington       MI - Flint       OR - Beaverton       VA - Charlottesville      
FL - Daytona Beach       MI - Grand Rapids       OR - Bend       VA - Glen Allen      
FL - Fort Lauderdale       MI - Lansing       OR - Eugene       VA - Harrisonburg      
FL - Fort Myers       MI - Livonia       OR - Medford       VA - Roanoke      
FL - Gainesville       MN - Minnetonka       OR - Salem       VA - Virginia Beach      
FL - Jacksonville       MO - Columbia       PA - Allentown       VT - Burlington      
FL - Lakeland       MO - St. Louis       PA - Erie       WA - Seattle      
FL - Miami       MS - Biloxi       PA - Harrisburg       WA - Spokane      
FL - Naples       MS - Jackson       PA - Malvern       WI - Eau Claire      
FL - Pensacola       MT - Billings       PA - Philadelphia       WI - Green Bay      
FL - Sarasota       MT - Montana       PA - Pittsburgh       WI - Madison      
FL - Tallahassee       NB - Moncton       PA - Reading       WI - Milwaukee      
FL - Tampa       NB - Saint John       PA - Scranton-Wilkes Barre