About This Book

The ideal reader for an Exam Cram 2 book is someone seeking certification. However, it should be noted that an Exam Cram 2 book is a very easily readable, rapid presentation of facts. Therefore, an Exam Cram 2 book is also extremely useful as a quick reference manual.

Most people seeking certification use multiple sources of information. Check out the links at the end of each chapter to get more information about subjects you're weak in. Practice tests can help indicate when you are ready. Various security books from retailers also describe the topics in this book in much greater detail. Don't forget that many have described the CISSP exam as being a "mile wide."

This book includes other helpful elements in addition to the actual logical, step-by-step learning progression of the chapters themselves. Exam Cram 2 books use elements such as exam alerts, tips, notes, and practice questions to make information easier to read and absorb.

Use the Cram Sheet to remember last-minute facts immediately before the exam. Use the practice questions to test your knowledge. You can always brush up on specific topics in detail by referring to the table of contents and the index. Even after you achieve certification, you can use this book as a rapid-access reference manual.

The Chapter Elements

Each Exam Cram 2 book has chapters that follow a predefined structure. This structure makes Exam Cram 2 books easy to read and provides a familiar format for all Exam Cram 2 books. These elements typically are used:

• Opening hotlists
• Chapter topics
• Exam Alerts
• Notes
• Tips
• Sidebars
• Cautions
• Exam-preparation practice questions and answers
• A "Need to Know More? " section at the end of each chapter

Now let's take a look at each of the elements in detail.

• Opening hotlists The start of every chapter contains a list of terms you should understand. A second hotlist identifies all the techniques and skills covered in the chapter.
• Chapter topics Each chapter contains details of all subject matter listed in the table of contents for that particular chapter. The objective of an Exam Cram 2 book is to cover all the important facts without giving too much detail; it is an exam cram. When examples are required, they are included.
• Exam Alerts Exam Alerts address exam-specific, exam-related information. An Exam Alert addresses content that is particularly important, tricky, or likely to appear on the exam. Exam Alerts look like this:

  Make sure you remember the different ways in which DES can be implemented and that ECB is considered the weakest form of DES.

• Notes Notes typically contain useful information that is not directly related to the current topic under consideration. To avoid breaking up the flow of the text, they are set off from the regular text.

  This is a note. You have already seen several notes.

• Tips Tips often provide shortcuts or better ways to do things.

  A clipping level is the point at which you set a control to distinguish between activity that should be investigated and activity that should not be investigated.

• Sidebars Sidebars are longer and run beside the text. They often describe real-world examples or situations.

  How Caller ID Can Be Hacked Sure, we all trust Caller ID, but some Voice over IP (VoIP) providers allow users to inject their own Call Party Number (CPN) into the call. Because VoIP is currently outside FCC regulation, these hacks are now possible.

• Cautions Cautions apply directly to the use of the technology being discussed in the Exam Cram. For example, a Caution might point out that the CER is one of the most important items to examine when examining biometric devices.

  The Crossover Error Rate (CER) is the point at which Type 1 errors and Type 2 errors intersect. The lower the CER is, the more accurate the device is.

• Exam-preparation practice questions At the end of every chapter is a list of 1015 exam practice questions similar to those in the actual exam. Each chapter contains a list of questions relevant to that chapter, including answers and explanations. Test your skills as you read.
• "Need to Know More?" section This section at the end of each chapter describes other relevant sources of information. With respect to this chapter, the best place to look for CISSP certification information is at the ISC2 website, www.ISC2.org.

Other Book Elements

Most of this Exam Cram 2 book on CISSP follows the consistent chapter structure already described. However, there are various, important elements that are not part of the standard chapter format. These elements apply to the entire book as a whole.

• Practice exams In addition to exam-preparation questions at the end of each chapter, two full practice exams are included at the end of the book.
• Answers and explanations for practice exams These follow each practice exam, providing answers and explanations to the questions in the exams.
• Glossary The glossary contains a listing of important terms used in this book with explanations.
• Cram Sheet The Cram Sheet is a quick-reference, tear-out cardboard sheet of important facts useful for last-minute preparation. Cram sheets often include a simple summary of facts that are most difficult to remember.
• CD The CD contains the PrepLogic Practice Exams, Preview Edition exam-simulation software. The preview edition exhibits most of the full functionality of the Premium Edition, but it contains only one exam's worth of questions. To get the complete set of practice questions and full exam functionality, visit www.preplogic.com.

Chapter Contents

The following list provides an overview of the chapters.

• Chapter 1: "The CISSP Certification Exam" This chapter introduces exam strategies and considerations.
• Chapter 2: "Physical Security" This chapter details physical security and the threats and countermeasures available for protecting an organization's resources.
• Chapter 3: "Security-Management Practices" This chapter discusses the organization's information assets and means of protection, including policies, procedures, guidelines, and assorted controls.
• Chapter 4: "Access-Control Systems and Methodology" This chapter covers the basics of access control. Items such as identification, authentication, and authorization are discussed, as are biometric access-control systems.
• Chapter 5: "System Architecture and Models" This chapter discusses the ways to design, monitor, implement, and lock down computer systems.
• Chapter 6: "Telecommunications and Network Security" One of the longest chapters, this chapter discusses telecommunication technology. Items such as TCP/IP, the OSI model, routing protocols, and networking equipment are discussed.
• Chapter 7: "Applications and Systems-Development Security" This chapter discusses databases, malicious code, knowledge-based systems, and application issues.
• Chapter 8: "Operations Security" This chapter covers security concepts, operation controls, auditing, and resource protection.
• Chapter 9: "Business-Continuity Planning" This chapter covers all the aspects of the BCP and DRP process. Its goal is to help the reader understand what is needed to prevent, minimize, and recover from disasters.
• Chapter 10: "Law, Investigations, and Ethics" This chapter covers all things legal, from international law and incident response to forensics. It also covers the ethical standards that CISSP candidates must understand and abide by.
• Chapter 11: "Cryptography" This chapter discusses the methods, means, and systems used to encrypt and protect data. Symmetric, asymmetric, and hashing algorithms are introduced, along with PKI and cryptographic methods of attack.
• Chapter 12: "Practice Exam 1" This is a full-length practice exam.
• Chapter 13: "Answers to Practice Exam 1" This element contains the answers and explanations for the first practice exam.
• Chapter 14: "Practice Exam 2" This is a second full-length practice exam.
• Chapter 15: "Answers to Practice Exam 2" This element contains the answers and explanations for the second practice exam.

Contacting the Author

Hopefully, this book provides you with the tools you need to pass the CISSP exam. Feedback is appreciated. The author can be contacted at info@thesolutionfirm.com.

Thank you for selecting my book; I hope you like it. Good luck!