CISSP Study Guide 8th edition

(CIS-502)
Lessons
Lab
TestPrep
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Introduction

  • Overview of the CISSP Exam
  • Notes on This Course's Organization
2

Security Governance Through Principles and Policies

  • Understand and Apply Concepts of Confidentiality, Integrity, and Availability
  • Evaluate and Apply Security Governance Principles
  • Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
  • Understand and Apply Threat Modeling Concepts and Methodologies
  • Apply Risk-Based Management Concepts to the Supply Chain
  • Summary
  • Exam Essentials
  • Written Lab
3

Personnel Security and Risk Management Concepts

  • Personnel Security Policies and Procedures
  • Security Governance
  • Understand and Apply Risk Management Concepts
  • Establish and Maintain a Security Awareness, Education, and Training Program
  • Manage the Security Function
  • Summary
  • Exam Essentials
  • Written Lab
4

Business Continuity Planning

  • Planning for Business Continuity
  • Project Scope and Planning
  • Business Impact Assessment
  • Continuity Planning
  • Plan Approval and Implementation
  • Summary
  • Exam Essentials
  • Written Lab
5

Laws, Regulations, and Compliance

  • Categories of Laws
  • Laws
  • Compliance
  • Contracting and Procurement
  • Summary
  • Exam Essentials
  • Written Lab
6

Protecting Security of Assets

  • Identify and Classify Assets
  • Determining Ownership
  • Using Security Baselines
  • Summary
  • Exam Essentials
  • Written Lab
7

Cryptography and Symmetric Key Algorithms

  • Historical Milestones in Cryptography
  • Cryptographic Basics
  • Modern Cryptography
  • Symmetric Cryptography
  • Cryptographic Lifecycle
  • Summary
  • Exam Essentials
  • Written Lab
8

PKI and Cryptographic Applications

  • Asymmetric Cryptography
  • Hash Functions
  • Digital Signatures
  • Public Key Infrastructure
  • Asymmetric Key Management
  • Applied Cryptography
  • Cryptographic Attacks
  • Summary
  • Exam Essentials
  • Written Lab
9

Principles of Security Models, Design, and Capabilities

  • Implement and Manage Engineering Processes Using Secure Design Principles
  • Understand the Fundamental Concepts of Security Models
  • Select Controls Based On Systems Security Requirements
  • Understand Security Capabilities of Information Systems
  • Summary
  • Exam Essentials
  • Written Lab
10

Security Vulnerabilities, Threats, and Countermeasures

  • Assess and Mitigate Security Vulnerabilities
  • Client-Based Systems
  • Server-Based Systems
  • Database Systems Security
  • Distributed Systems and Endpoint Security
  • Internet of Things
  • Industrial Control Systems
  • Assess and Mitigate Vulnerabilities in Web-Based Systems
  • Assess and Mitigate Vulnerabilities in Mobile Systems
  • Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
  • Essential Security Protection Mechanisms
  • Common Architecture Flaws and Security Issues
  • Summary
  • Exam Essentials
  • Written Lab
11

Physical Security Requirements

  • Apply Security Principles to Site and Facility Design
  • Implement Site and Facility Security Controls
  • Implement and Manage Physical Security
  • Summary
  • Exam Essentials
  • Written Lab
12

Secure Network Architecture and Securing Network Components

  • OSI Model
  • TCP/IP Model
  • Converged Protocols
  • Wireless Networks
  • Secure Network Components
  • Cabling, Wireless, Topology, Communications, and Transmission Media Technology
  • Summary
  • Exam Essentials
  • Written Lab
13

Secure Communications and Network Attacks

  • Network and Protocol Security Mechanisms
  • Secure Voice Communications
  • Multimedia Collaboration
  • Manage Email Security
  • Remote Access Security Management
  • Virtual Private Network
  • Virtualization
  • Network Address Translation
  • Switching Technologies
  • WAN Technologies
  • Miscellaneous Security Control Characteristics
  • Security Boundaries
  • Prevent or Mitigate Network Attacks
  • Summary
  • Exam Essentials
  • Written Lab
14

Managing Identity and Authentication

  • Controlling Access to Assets
  • Comparing Identification and Authentication
  • Implementing Identity Management
  • Managing the Identity and Access Provisioning Lifecycle
  • Summary
  • Exam Essentials
  • Written Lab
15

Controlling and Monitoring Access

  • Comparing Access Control Models
  • Understanding Access Control Attacks
  • Summary
  • Exam Essentials
  • Written Lab
16

Security Assessment and Testing

  • Building a Security Assessment and Testing Program
  • Performing Vulnerability Assessments
  • Testing Your Software
  • Implementing Security Management Processes
  • Summary
  • Exam Essentials
  • Written Lab
17

Managing Security Operations

  • Applying Security Operations Concepts
  • Securely Provisioning Resources
  • Managing Configuration
  • Managing Change
  • Managing Patches and Reducing Vulnerabilities
  • Summary
  • Exam Essentials
  • Written Lab
18

Preventing and Responding to Incidents

  • Managing Incident Response
  • Implementing Detective and Preventive Measures
  • Logging, Monitoring, and Auditing
  • Summary
  • Exam Essentials
  • Written Lab
19

Disaster Recovery Planning

  • The Nature of Disaster
  • Understand System Resilience and Fault Tolerance
  • Recovery Strategy
  • Recovery Plan Development
  • Training, Awareness, and Documentation
  • Testing and Maintenance
  • Summary
  • Exam Essentials
  • Written Lab
20

Investigations and Ethics

  • Investigations
  • Major Categories of Computer Crime
  • Ethics
  • Summary
  • Exam Essentials
  • Written Lab
21

Software Development Security

  • Introducing Systems Development Controls
  • Establishing Databases and Data Warehousing
  • Storing Data and Information
  • Understanding Knowledge-Based Systems
  • Summary
  • Exam Essentials
  • Written Lab
22

Malicious Code and Application Attacks

  • Malicious Code
  • Password Attacks
  • Application Attacks
  • Web Application Security
  • Reconnaissance Attacks
  • Masquerading Attacks
  • Summary
  • Exam Essentials
  • Written Lab

1

Security Governance Through Principles and Policies

  • Identifying protection mechanisms
  • Identifying security management plans
  • Identifying steps in a classification scheme
  • Identifying risk actions
2

Personnel Security and Risk Management Concepts

  • Understanding elements of risk
  • Identifying steps in quantitative risk analysis
  • Understanding agents
3

Business Continuity Planning

  • Identifying phases in BCP process
  • Identifying man-made threats
4

Laws, Regulations, and Compliance

  • Identifying CFAA provisions
5

Cryptography and Symmetric Key Algorithms

  • Checking the integrity of messages through MAC values
  • Identifying asymmetric algorithms
6

PKI and Cryptographic Applications

  • Backing up an encryption certificate and key
7

Principles of Security Models, Design, and Capabilities

  • Identifying Information models
  • Identifying TCSEC categories
8

Physical Security Requirements

  • Identifying terms associated with power issues
  • Identifying primary stages of fire
  • Identifying physical access control mechanisms
9

Secure Network Architecture and Securing Network Components

  • Identifying application layer protocols
  • Identifying steps in the encapsulation/decapsulation process
  • Identifying OSI layer functions
  • Identifying OSI layers
  • Identifying connectionless communication
  • Identifying abbreviations for various Internet layer protocols
  • Identifying TCP/IP protocol layers
  • Identifying TCP/IP layers
  • Identifying flag bit designator
  • Configuring IPv4 address
  • Configuring SSID
  • Creating and configuring a network
  • Identifying gateway firewalls
  • Identifying hardware devices
  • Connecting Systems to the Internet Through a Firewall Router
  • Identifying network topologies
  • Identifying UTP categories
  • Identifying steps in CSMA technology
  • Identifying LAN sub technologies
  • Identifying types of cable
  • Identifying components of a coaxial cable
10

Secure Communications and Network Attacks

  • Identifying secure communication protocols
  • Identifying authentication protocols
  • Identifying phreaker tools
  • Identifying security solutions
  • Connecting to a server using Remote Desktop Connection
  • Creating a dial-up connection
  • Creating a remote access VPN connection
  • Identifying VPN protocols
  • Installing Windows Virtual PC
  • Creating a virtual PC machine
  • Understanding NAT
  • Identifying switching technology properties
  • Identifying specialized protocols
  • Understanding transparency
  • Understanding security boundaries
11

Managing Identity and Authentication

  • Creating a password for account
  • Configuring password policies
  • Enabling and disabling password expiration
  • Configuring NPS network policy
  • Identifying drawbacks of Kerberos authentication
  • Identifying components of the Kerberos authentication protocol
  • Identifying authentication services
  • Configuring NPS to provide RADIUS authentication
  • Identifying responsibilities
12

Controlling and Monitoring Access

  • Identifying authorization mechanisms
  • Viewing password hashes
13

Managing Security Operations

  • Identifying steps within an effective patch management program
  • Identifying security reviews
  • Identifying steps in incident response management
14

Preventing and Responding to Incidents

  • Configuring audit policies
  • Viewing different event details
  • Identifying log types
  • Filtering entries in Event Viewer
15

Disaster Recovery Planning

  • Identifying processing sites in disaster recovery plan
  • Identifying disaster recovery plan tests
16

Investigations and Ethics

  • Identifying computer crime types
17

Software Development Security

  • Identifying stages in a waterfall lifecycle model
  • Identifying generations of languages
  • Understanding object-oriented programming terms
  • Identifying levels in Software Capability Maturity Model
  • Identifying testing methods
  • Identifying keys in a database
  • Identifying storage types
18

Malicious Code and Application Attacks

  • Installing the AVG antivirus and scanning a drive
  • Understanding application attacks
  • Identifying types of viruses

Why Do Learners Love This Course?

uCertify provides best quality content relevant to the industry and keeps it up to date. Happy with the overall course quality. Thank you uCertify!

Asim Fareed
IT Support Engineer

uCertify courses not only guarantee your success at getting certified but also equip you to truly understand the subject and the preparation methodology will give you a competitive edge over others who may be paper certified but not qualified to use the skills on the job. I recently accessed uCertify CISSP course and have a great experience. I will rate uCertify CISSP course and labs 8 out of 10. The course and platform seem to be perfect with each and every topics in chapter explained so nicely and easily that would really help any fresher to understand and clear up his certification.

Sajid Kaini
Sajid Kaini
Assistant Manager Cyber Security