Certified Information Systems Security Professional (CISSP)
Certified Information Systems Security Professional (CISSP)
The ISC2 CISSP certification is a highly acknowledged cybersecurity credential. This certification is ideal for professionals who are looking to demonstrate their knowledge across different security practices and principles. By earning this credential you will be able to implement, design, and effectively manage a cybersecurity program. This certification provides information security professionals with an objective to measure competence and a globally recognized standard of achievement.
-
22+ Lessons
-
420+ Quizzes
-
840+ Flashcards
-
420+ Glossary of terms
-
108+ Pre Assessment Questions
-
3+ Full Length Tests
-
108+ Post Assessment Questions
-
324+ Practice Test Questions
-
80+ LiveLab
-
33+ Video tutorials
-
01:05+ Hours
- Overview of the CISSP Exam
- The Elements of This Study Guide
- Study Guide Exam Objectives
- Objective Map
- Security 101
- Understand and Apply Security Concepts
- Security Boundaries
- Evaluate and Apply Security Governance Principles
- Manage the Security Function
- Security Policy, Standards, Procedures, and Guidelines
- Threat Modeling
- Supply Chain Risk Management
- Summary
- Exam Essentials
- Written Lab
- Personnel Security Policies and Procedures
- Understand and Apply Risk Management Concepts
- Social Engineering
- Establish and Maintain a Security Awareness, Education, and Training Program
- Summary
- Exam Essentials
- Written Lab
- Planning for Business Continuity
- Project Scope and Planning
- Business Impact Analysis
- Continuity Planning
- Plan Approval and Implementation
- Summary
- Exam Essentials
- Written Lab
- Categories of Laws
- Laws
- State Privacy Laws
- Compliance
- Contracting and Procurement
- Summary
- Exam Essentials
- Written Lab
- Identifying and Classifying Information and Assets
- Establishing Information and Asset Handling Requirements
- Data Protection Methods
- Understanding Data Roles
- Using Security Baselines
- Summary
- Exam Essentials
- Written Lab
- Cryptographic Foundations
- Modern Cryptography
- Symmetric Cryptography
- Cryptographic Lifecycle
- Summary
- Exam Essentials
- Written Lab
- Asymmetric Cryptography
- Hash Functions
- Digital Signatures
- Public Key Infrastructure
- Asymmetric Key Management
- Hybrid Cryptography
- Applied Cryptography
- Cryptographic Attacks
- Summary
- Exam Essentials
- Written Lab
- Secure Design Principles
- Techniques for Ensuring CIA
- Understand the Fundamental Concepts of Security Models
- Select Controls Based on Systems Security Requirements
- Understand Security Capabilities of Information Systems
- Summary
- Exam Essentials
- Written Lab
- Shared Responsibility
- Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements
- Client-Based Systems
- Server-Based Systems
- Industrial Control Systems
- Distributed Systems
- High-Performance Computing (HPC) Systems
- Internet of Things
- Edge and Fog Computing
- Embedded Devices and Cyber-Physical Systems
- Specialized Devices
- Microservices
- Infrastructure as Code
- Virtualized Systems
- Containerization
- Serverless Architecture
- Mobile Devices
- Essential Security Protection Mechanisms
- Common Security Architecture Flaws and Issues
- Summary
- Exam Essentials
- Written Lab
- Apply Security Principles to Site and Facility Design
- Implement Site and Facility Security Controls
- Implement and Manage Physical Security
- Summary
- Exam Essentials
- Written Lab
- OSI Model
- TCP/IP Model
- Analyzing Network Traffic
- Common Application Layer Protocols
- Transport Layer Protocols
- Domain Name System
- Internet Protocol (IP) Networking
- ARP Concerns
- Secure Communication Protocols
- Implications of Multilayer Protocols
- Microsegmentation
- Wireless Networks
- Other Communication Protocols
- Cellular Networks
- Content Distribution Networks (CDNs)
- Secure Network Components
- Summary
- Exam Essentials
- Written Lab
- Protocol Security Mechanisms
- Secure Voice Communications
- Remote Access Security Management
- Multimedia Collaboration
- Load Balancing
- Manage Email Security
- Virtual Private Network
- Switching and Virtual LANs
- Network Address Translation
- Third-Party Connectivity
- Switching Technologies
- WAN Technologies
- Fiber-Optic Links
- Security Control Characteristics
- Prevent or Mitigate Network Attacks
- Summary
- Exam Essentials
- Written Lab
- Controlling Access to Assets
- Managing Identification and Authentication
- Implementing Identity Management
- Managing the Identity and Access Provisioning Lifecycle
- Summary
- Exam Essentials
- Written Lab
- Comparing Access Control Models
- Implementing Authentication Systems
- Understanding Access Control Attacks
- Summary
- Exam Essentials
- Written Lab
- Building a Security Assessment and Testing Program
- Performing Vulnerability Assessments
- Testing Your Software
- Implementing Security Management Processes
- Summary
- Exam Essentials
- Written Lab
- Apply Foundational Security Operations Concepts
- Addressing Personnel Safety and Security
- Provision Resources Securely
- Apply Resource Protection
- Managed Services in the Cloud
- Perform Configuration Management (CM)
- Managing Change
- Managing Patches and Reducing Vulnerabilities
- Summary
- Exam Essentials
- Written Lab
- Conducting Incident Management
- Implementing Detective and Preventive Measures
- Logging and Monitoring
- Automating Incident Response
- Summary
- Exam Essentials
- Written Lab
- The Nature of Disaster
- Understand System Resilience, High Availability, and Fault Tolerance
- Recovery Strategy
- Recovery Plan Development
- Training, Awareness, and Documentation
- Testing and Maintenance
- Summary
- Exam Essentials
- Written Lab
- Investigations
- Major Categories of Computer Crime
- Ethics
- Summary
- Exam Essentials
- Written Lab
- Introducing Systems Development Controls
- Establishing Databases and Data Warehousing
- Storage Threats
- Understanding Knowledge-Based Systems
- Summary
- Exam Essentials
- Written Lab
- Malware
- Malware Prevention
- Application Attacks
- Injection Vulnerabilities
- Exploiting Authorization Vulnerabilities
- Exploiting Web Application Vulnerabilities
- Application Security Controls
- Secure Coding Practices
- Summary
- Exam Essentials
- Written Lab
Hands on Activities (Live Labs)
- Encrypting the Disk
- Encrypting a File or Folder
- Understanding documentation review
- Understanding and Applying Risk Management Concepts
- Understanding Security Controls
- Understanding Business Continuity Planning
- Understanding Laws related to IT
- Understanding Data Loss Prevention System
- Understanding Cryptographic Systems
- Understanding Symmetric Encryption Algorithms
- Observing an MD5-Generated Hash Value
- Observing an SHA-Generated Hash Value
- Using OpenSSL to Create a Public/Private Key Pair
- Understanding the Diffie-Hellman Algorithm
- Understanding the RSA Algorithm
- Hiding Text Using Steganography
- Understanding the Hardware Security Module
- Understanding Secure Design Principles
- Understanding Evaluation Assurance Levels
- Understanding Constrained Interface
- Understanding the Lifecycle of an Executed Process
- Understanding the Internet Files Cache
- Understanding Hypervisor
- Understanding a Rootkit
- Understanding Fire Detection Systems
- Understanding Security Controls
- Understanding Programmable Lock
- Understanding the OSI Model
- Understanding the Application Layer Protocols
- Configuring IPSec
- Understanding IP Classes
- Understanding Virtual eXtensible LAN
- Understanding 802.11 Wireless Networking Amendments
- Understanding LiFi and Zigbee
- Using Windows Firewall
- Understanding Network Topologies
- Configuring a VPN
- Understanding IPsec's Encryption of a Packet in Transport and Tunnel Modes
- Configuring VLANs
- Configuring Dynamic NAT
- Configuring Static NAT
- Understanding NAT and PAT
- Understanding Third-Party Connectivity
- Understanding Circuit Switching and Packet Switching
- Restricting Local Accounts
- Assigning Permissions to Folders
- Examining Kerberos Settings
- Performing Spoofing
- Simulating an Eavesdropping Attack Using Wireshark
- Using Rainbow Tables
- Configuring Audit Group Policy
- Using nmap for Scanning
- Conducting Vulnerability Scanning Using Nessus
- Exploiting Windows 7 Using Metasploit
- Scanning Ports Using Metasploit
- Understanding Penetration Testing
- Understanding Penetration Tests
- Understanding the Fagan Inspections
- Understanding Training and Awareness Program
- Understanding Security Operations
- Understanding Privileged Account Management
- Understanding Cloud Shared Responsibility Model
- Performing DoS Attack with SYN Flood
- Enabling Intrusion Prevention and Detection
- Understanding Honeypots and Honeynets
- Understanding Security Information and Event Management
- Configuring RAID 5
- Taking Incremental Backup
- Taking a Full Backup
- Completing the Chain of Custody
- Understanding Organizational Code of Ethics
- Understanding Software Development Lifecycle
- Understanding Software Capability Maturity Model
- Understanding ACID Model
- Understanding a Neural Network
- Causing a DarkComet Trojan Infection
- Understanding Antimalware Software
- Exploiting a Website Using SQL Injection
- Conducting a Cross-Site Request Forgery Attack
- Attacking a Website Using XSS Injection
What are the prerequisites for this exam? | Candidates must have a minimum of five years cumulative paid work experience in two or more of the eight domains of the CISSP CBK Full-Time Experience: Must have worked a minimum of 35 hours/week for four weeks in order to accrue one month of work experience. Part-Time Experience: Your part-time experience cannot be less than 20 hours a week and no more than 34 hours a week. |
---|---|
What is the exam registration fee? | USD 749 |
Where do I take the exam? | (ISC)² |
What is the format of the exam? | Multiple choice and advanced innovative questions |
How many questions are asked in the exam? | The exam contains 100 - 150 questions. |
What is the duration of the exam? | 180 minutes |
What is the passing score? | 700 |
What is the exam's retake policy? | Re-test after the first attempt - after 30 test-free days Re-test after the second attempt - after 60 test-free days Re-test after the third attempt - after 90 test-free days Maximum four attempts during the 12-month period. |
What is the validity of the certification? | An (ISC)2 CISSP certification is valid for three years in total. |
Where can I find more information about this exam? | Know more about the CISSP |
What are the career opportunities after passing this exam? |
|