Lawrence C. Miller - CISSP For Dummies

CISSP For Dummies, 5th Edition

Published by: John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, www.wiley.com

Copyright 2016 by John Wiley & Sons, Inc., Hoboken, New Jersey

Media and software compilation copyright 2016 by John Wiley & Sons, Inc. All rights reserved.

Published simultaneously in Canada

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions .

Trademarks: Wiley, For Dummies, the Dummies Man logo, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and may not be used without written permission. All trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY : THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.

For general information on our other products and services, please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. For technical support, please visit www.wiley.com/techsupport .

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com . For more information about Wiley products, visit www.wiley.com .

Library of Congress Control Number: 2016931711

ISBN 978-1-119-21023-8 (pbk); 978-1-119-21025-2 (epub); 978-1-119-21024-5 (epdf)

1. Table of Contents

Lets face it, those of us who have prepared for the (ISC)2 Certified Information Systems Security Professional (CISSP) exam know it can be a daunting task. Some candidates spread their preparation out over the course of a year; others take months, and others prepare in a matter of weeks. Then there are those who schedule and take the exam with little to no preparation. Theres really no wrong way to prepare, if your approach leads to the achievement of your professional goals. That said, I am frequently asked "What is the best book to use to prepare for the CISSP exam?" Theres a plethora of choices: the thick official guide book, the CISSP study guide, or independent books written by those in the industry. Suffice it to say, there is no shortage of books available to prepare for the CISSP exam. Which leads me to CISSP For Dummies.

The Wiley For Dummies series has become a wildly successful approach to learning about a broad range of popular topics. With so many topics covered by the popular series, most of us have a For Dummies book on at least one topic. The series presents popular topics in a lighter, more digestible way that hopefully facilitates learning. At (ISC)2, we are proud that our CISSP has become such a popular topic and professional certification that it has earned its own CISSP For Dummies, which we are pleased to endorse.

As you prepare for the CISSP exam, we hope you find the tools that work best for your study methods and maintaining your skills. I wish you the best of luck as you prepare for the (ISC)2 CISSP exam and work toward achieving your professional goals.

Best regards,

David P. Shearer

CEO

(ISC)2, Inc.

For more than 20 years security practitioners around the world have been pursuing a well-known and highly regarded professional credential: the Certified Information Systems Security Professional (CISSP) certification. And since 2001, CISSP For Dummies has been helping security practitioners enhance their security knowledge and earn the coveted CISSP certification.

Today, there are more than 100,000 CISSPs worldwide. Ironically, some certification skeptics might argue that the CISSP certification is becoming less relevant because so many people have earned the certification. However, the CISSP certification isnt less relevant because more people are attaining it more people are attaining it because its now more relevant than ever. Information security is far more important than at any time in the past, with extremely large-scale data security breaches and highly sophisticated cyberattacks becoming all too frequent occurrences in our modern era.

There are many excellent and reputable information security training and education programs available. In addition to technical and industry certifications, there are also many fully accredited postsecondary degree, certificate and apprenticeship programs available for information security practitioners. And there are certainly plenty of self-taught, highly skilled individuals working in the information security field who have a strong understanding of core security concepts, techniques and technologies.

But inevitably, there are also far too many charlatans who are all too willing to overstate their security qualifications and prey on the obliviousness of business and other leaders who think wiping a server, for example, means like, with a cloth or something in order to pursue a fulfilling career in the information security field, or perhaps for dubious purposes.

The CISSP certification is widely held as the professional standard for information security professionals, similar to the Certified Public Accountant (CPA) license for accountants or the Professional Engineer (PE) license for engineers. It enables security professionals to distinguish themselves from others in the information security field by validating