ebook img

SSCP Systems Security Certified Practitioner All-in-One Exam Guide PDF

1076 Pages·2018·13.481 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview SSCP Systems Security Certified Practitioner All-in-One Exam Guide

Contents 1. Cover 2. Title Page 3. Copyright Page 4. Dedication 5. Contents at a Glance 6. Contents 7. Acknowledgments 8. Introduction 9. Exam Objective Map 10. Chapter 1 Security Fundamentals 1. Reviewing the Requirements for SSCP 1. Have One Year of Experience 2. Registering for the Exam 3. Passing the Exam 4. Subscribing to the (ISC)2 Code of Ethics and Getting Endorsed 5. Maintaining Your SSCP Certification 2. Understanding Basic Security Concepts 1. Confidentiality 2. Integrity 3. Availability 3. Exploring Fundamentals of Security 1. Least Privilege 2. Separation of Duties 3. Privacy and Data Sensitivity 4. Defense in Depth 5. Nonrepudiation 6. AAAs of Security 7. Accountability 8. Due Diligence 9. Due Care 4. Chapter Review 1. Questions 2. Answers 11. Chapter 2 Access Controls 1. Comparing Identification, Authentication, and Authorization 2. Exploring Authentication 1. Three Factors of Authentication 2. Multifactor Authentication 3. Two-Step Verification 4. Reviewing Identification 5. Single Sign-on Authentication 6. Centralized vs. Decentralized Authentication 7. Offline Authentication 8. Device Authentication 3. Implementing Access Controls 1. Comparing Subjects and Objects 2. Logical Access Controls 4. Comparing Access Control Models 1. Discretionary Access Control 2. Non-Discretionary Access Control 3. Access Control Matrix vs. Capability Table 5. Participating in the Identity and Access Management Lifecycle 1. Identity Proofing 2. Provisioning and Authorization 3. Maintenance and Entitlement 4. De-provisioning 6. Participating in Physical Security Operations 1. Badging 2. Data Center Assessment 7. Chapter Review 1. Questions 2. Answers 12. Chapter 3 Basic Networking and Communications 1. Understanding Use Cases 2. Reviewing the OSI Model 1. The Physical Layer (Layer 1) 2. The Data Link Layer (Layer 2) 3. The Network Layer (Layer 3) 4. The Transport Layer (Layer 4) 5. The Session Layer (Layer 5) 6. The Presentation Layer (Layer 6) 7. The Application Layer (Layer 7) 3. Comparing the OSI and TCP/IP Models 4. Understanding Network Topologies and Relationships 1. Ethernet 2. Bus Topology 3. Star Topology 4. Tree Topology 5. Token Ring Topology 6. Mesh Topology 7. Network Relationships 5. Reviewing Basic Protocols and Ports 1. Comparing IPv4 and IPv6 2. Dynamic Host Configuration Protocol 3. Address Resolution Protocol 4. Network Discovery Protocol 5. Domain Name System 6. Internet Control Message Protocol 7. Internet Group Message Protocol 8. Simple Network Management Protocol 9. File Transfer Protocol 10. Telnet 11. Secure Shell 12. Hypertext Transfer Protocol and Hypertext Transfer Protocol Secure 13. Transport Layer Security and Secure Sockets Layer 14. Network File System 15. Routing Protocols 16. E-mail Protocols 17. Internet Protocol Security 18. Tunneling Protocols 19. Mapping Well-Known Ports to Protocols 20. Comparing Ports and Protocol Numbers 6. Comparing Internetwork Trust Architectures 1. Comparing Public and Private IP Addresses 2. Using NAT 3. Comparing Trust Relationships 7. Exploring Wireless Technologies 1. Securing Data Transmissions 2. Wireless Device Administrator Password 3. Wireless Service Set Identifier 4. MAC Address Filtering 5. Bluetooth 6. NFC 7. GSM 8. 3G, LTE, and 4G 9. WiMAX 10. Radio Frequency Identification 11. Protecting Mobile Devices 8. Chapter Review 1. Questions 2. Answers 13. Chapter 4 Advanced Networking and Communications 1. Managing LAN-based Security 1. Comparing Switches and Routers 2. Physical and Logical Segmentation 3. Secure Device Management 4. VoIP 2. Using Proxy Servers 3. Understanding Firewalls 1. Packet-Filtering Firewall 2. Stateful Inspection Firewall 3. Application Firewall 4. Next-Generation Firewall 5. Defense Diversity 6. Comparing Network-based and Host-based Firewalls 4. Exploring Remote Access Solutions 1. Risks and Vulnerabilities 2. Tunneling Protocols 3. Authentication 4. Traffic Shaping and WAN Optimization 5. Managing Network Access Control 6. Exploring Virtual Environments 1. Virtualization Terminology 2. Shared Storage 3. Virtual Appliances 4. Virtual Desktop Infrastructure 5. Continuity and Resilience 6. Separation of Data Plane and Control Plane 7. Software-defined Networking 8. Protecting Virtualization Systems 7. Understanding Cloud Computing 1. Shared Responsibility Models 2. Cloud Operation Models 3. Storage 4. Privacy 5. Data Control and Third-party Outsourcing 6. Compliance 8. Chapter Review 1. Questions 2. Answers 14. Chapter 5 Attacks 1. Comparing Attackers 1. Hackers and Crackers 2. White Hats, Black Hats, and Gray Hats 3. Advanced Persistent Threats 4. Insider Threats 5. Script Kiddies 2. Exploring Attack Types and Countermeasures 1. Basic Countermeasures 2. Spoofing 3. Data Theft 4. DoS 5. DDoS 6. Botnets and Zombies 7. Sniffing Attack 8. Reconnaissance and Fingerprinting Attacks 9. Salami Attack 10. Man-in-the-Middle 11. Replay 12. Session Hijacking 13. DNS Cache Poisoning 14. Smurf and Fraggle Attacks 15. Software Security as a Countermeasure 16. Buffer Overflow Attacks 17. Injection Attacks 18. Cross-Site Scripting 19. Cross-Site Request Forgery 20. Password Attacks 21. Spam 22. Phishing Attacks 23. Phishing and Drive-by Downloads 24. Spear Phishing and Whaling 25. Vishing 26. Smishing 27. Zero Day Exploits 28. Covert Channel 29. Wireless Attacks and Countermeasures 3. Understanding Social Engineering 1. Tailgating 2. Impersonation 3. Skimming 4. Dumpster Diving 5. Shoulder Surfing 6. Social Networking Attacks 7. User Awareness as a Countermeasure 4. Chapter Review 1. Questions 2. Answers 15. Chapter 6 Malicious Code and Activity 1. Identifying Malicious Code 1. Virus 2. Worm 3. Trojan Horse 4. RATs 5. Scareware 6. Ransomware 7. Keylogger 8. Logic Bomb 9. Rootkits 10. Mobile Code 11. Backdoors and Trapdoors 12. Spyware 13. Malware Hoaxes 14. Analyzing the Stages of an Attack 2. Understanding Malware Delivery Methods 1. Delivering Malware via Drive-by Downloads 2. Delivering Malware via Malvertising 3. Delivering Malware via E-mail 4. Delivering Malware via USB Drives 3. Implementing Malicious Code Countermeasures 1. Antivirus Software 2. Keeping AV Signatures Up to Date 3. Spam Filters 4. Content-filtering Appliances 5. Keeping Operating Systems Up to Date 6. Scanners 7. Beware of Shortened Links 8. Sandboxing 9. Least Privilege 10. Software Security 11. Application Whitelisting and Blacklisting 12. Participating in Security Awareness and Training 4. Common Vulnerabilities and Exposures 5. Chapter Review 1. Questions 2. Answers 16. Chapter 7 Risk, Response, and Recovery 1. Defining Risk 1. Identifying Threat Sources 2. Identifying Threat Events 3. Understanding Vulnerabilities 4. Understanding Impact Assessments 5. Sharing Threat Intelligence 2. Managing Risk 1. Risk Treatment 2. Residual Risk 3. Identifying Assets 4. Risk Visibility and Reporting 5. Risk Register 6. Common Vulnerability Scoring System 7. Risk Management Frameworks 3. Performing Risk Assessments 1. Threat Modeling 2. Quantitative Analysis 3. Qualitative Analysis 4. Risk Assessment Steps 5. Address Findings 4. Supporting the Incident Lifecycle 1. Preparation 2. Detection, Analysis, and Escalation 3. Containment 4. Eradication 5. Recovery 6. Lessons Learned/Implementation of New Countermeasure 5. Chapter Review 1. Questions 2. Answers 17. Chapter 8 Monitoring and Analysis 1. Operating and Maintaining Monitoring Systems 1. Events of Interest

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.