ISC2 Security Security Security Security Security (CISSP) (2024) CERT PREP

مدرس Mike Chapple

انتشار 2024/04/25

مدت زمان 21h 27m

سطح مناسب همه

فایل تمرینی ندارد

آموزش ISC2 Certified Information Systems Security Professional (CISSP) (2024) Cert Prep

در این دوره، مربی و کارشناس امنیت سایبری، مایک چاپل، کل مجموعه اطلاعاتی را که باید هنگام آماده شدن برای گواهینامه ISC2 Certified Information Systems Security Professional (CISSP) بدانید را پوشش می دهد. CISSP یکی از معتبرترین گواهینامه ها برای متخصصان امنیتی است. با امنیت و مدیریت ریسک و امنیت دارایی آشنا شوید. معماری و مهندسی امنیت را کاوش کنید. درباره ارتباطات و امنیت شبکه و همچنین مدیریت هویت و دسترسی (IAM) بیاموزید. ارزیابی امنیتی، آزمایش و عملیات را بررسی کنید. به علاوه، بینش ارزشمندی در مورد امنیت توسعه نرم افزار به دست آورید. این دوره آمادگی شما را برای امتحان CISSP شروعی عالی می کند. این دوره توسط مایک چاپل ایجاد شده است. ما خوشحالیم که میزبان این آموزش در کتابخانه خود هستیم.

Information Security IT Security Assessments Network Security Security Operations

Introduction

Earning your CISSP ()

What you should know ()

Study resources ()

1. The CISSP Exam

The CISSP exam ()

Is the CISSP right for you? ()

Careers in information security ()

Value of certification ()

2. Inside the CISSP Exam

Registering for the exam ()

Exam environment ()

Question types ()

Computerized adaptive testing ()

Passing the exam ()

3. Preparing for the Exam

Exam tips ()

Practice tests ()

4. Experience Requirement

Meeting the experience requirement ()

Continuing education requirements ()

5. Domain 1: Security and Risk Management

Overview of the Security and Risk Management domain ()

6. Security Fundamentals

The five pillars of information security ()

Confidentiality ()

Integrity ()

Availability ()

Authenticity and nonrepudiation ()

7. Security Governance

Aligning security with the business ()

Organizational processes ()

Security roles and responsibilities ()

Control and risk frameworks ()

8. Compliance and Ethics

Legal and compliance risks ()

Data privacy ()

General Data Protection Regulation (GDPR) ()

California privacy law ()

National data privacy laws ()

Computer crimes ()

Software licensing ()

Intellectual property ()

Import and export controls ()

Data breaches ()

Ethics ()

9. Security Policy

Security policy framework ()

Security policies ()

10. Business Continuity

Business continuity planning ()

Business continuity controls ()

High availability and fault tolerance ()

11. Personnel Security

Personnel security ()

Security in the hiring process ()

Employee termination process ()

Employee privacy ()

Social networking ()

12. Risk Management

Risk analysis, assessment, and scope ()

Quantitative risk assessment ()

Risk treatment ()

Security control selection and implementation ()

Continuous monitoring, measurement, and tuning ()

Risk management frameworks ()

Risk visibility and reporting ()

13. Threat Modeling

Threat intelligence ()

Managing threat indicators ()

Intelligence sharing ()

Threat research ()

Identifying threats ()

Automating threat intelligence ()

Threat hunting ()

14. Supply Chain Risk Management

Managing vendor relationships ()

Vendor agreements ()

Vendor information management ()

Cloud audits ()

15. Awareness and Training

Security awareness training ()

Compliance training ()

User habits ()

Measuring compliance and security posture ()

16. Domain 2: Asset Security

Overview of the Asset Security domain ()

17. Data Security

Understanding data security ()

Data security policies ()

Data security roles ()

Limiting data collection ()

The data lifecycle ()

18. Data Security Controls

Developing security baselines ()

Leveraging industry standards ()

Customizing security standards ()

Cloud storage security ()

Information classification ()

Digital rights management ()

Data loss prevention ()

19. Change and Configuration Management

Change management ()

Configuration and asset management ()

Physical asset management ()

Supply chain risks and mitigations ()

20. Domain 3: Security Engineering

Overview of the Security Architecture and Engineering domain ()

21. Secure Design

Secure design principles ()

Security models ()

Security evaluation models ()

Segregation of duties ()

Privacy by design ()

Secure defaults ()

Information system lifecycle ()

22. Virtualization and Cloud Computing

What is the cloud? ()

Cloud computing roles ()

Drivers for cloud computing ()

Security service providers ()

Multitenant computing ()

Virtualization ()

Desktop and application virtualization ()

Cloud compute resources ()

Containerization ()

Cloud activities and the cloud reference architecture ()

Cloud deployment models ()

Cloud service categories ()

Edge and fog computing ()

23. Hardware Security

Memory protection ()

Hardware encryption ()

Hardware and firmware security ()

24. Server Security Issues

Server and database security ()

NoSQL databases ()

Distributed and high-performance computing ()

25. Embedded Systems Security

Industrial control systems and operational technology ()

Internet of things ()

Securing smart devices ()

Secure networking for smart devices ()

Embedded systems ()

Communications for embedded devices ()

26. Encryption

Understanding encryption ()

Symmetric and asymmetric cryptography ()

Goals of cryptography ()

Codes and ciphers ()

Cryptographic math ()

Choosing encryption algorithms ()

The perfect encryption algorithm ()

The cryptographic lifecycle ()

27. Symmetric Cryptography

Data encryption standard ()

3DES ()

AES, Blowfish, and Twofish ()

RC4 ()

Cipher modes ()

Steganography ()

28. Asymmetric Cryptography

Rivest-Shamir-Adelman (RSA) ()

PGP and GnuPG ()

Elliptic curve and quantum cryptography ()

29. Key Management

Key management practices ()

Key exchange ()

Diffie-Hellman ()

Key escrow ()

Key stretching ()

Hardware security modules ()

30. Public Key Infrastructure

Trust models ()

PKI and digital certificates ()

Hash functions ()

Digital signatures ()

Digital signature standard ()

Create a digital certificate ()

Revoke a digital certificate ()

Certificate stapling ()

Certificate authorities ()

Certificate subjects ()

Certificate types ()

Certificate formats ()

31. Cryptanalytic Attacks

Brute-force attacks ()

Knowledge-based attacks ()

Eavesdropping attacks ()

Implementation attacks ()

Limitations of encryption algorithms ()

Ransomware ()

32. Physical Security

Site and facility design ()

Data center environmental controls ()

Data center environmental protection ()

Power control ()

Physical access control ()

Visitor management ()

Physical security personnel ()

33. Software Security Architecture

SOAP and REST ()

SOA and microservices ()

34. Domain 4: Communication and Network Security

Introducing the Communication and Network Security domain ()

35. TCP/IP Networking

Introducing TCP/IP ()

IP addresses and DHCP ()

Network traffic ()

Domain name system (DNS) ()

Network ports ()

ICMP ()

Multilayer protocols ()

36. Secure Network Design

Public and private addressing ()

Subnetting ()

Security zones ()

Isolating sensitive systems ()

VLANs and logical segmentation ()

Security device placement ()

Software defined networking (SDN) ()

Transmission media ()

Cloud networking ()

Zero trust and SASE ()

37. Network Security Devices

Routers, switches, and bridges ()

Network topologies ()

Transport architecture ()

Firewalls ()

Proxy servers ()

Load balancers ()

VPNs and VPN concentrators ()

Network intrusion detection and prevention ()

Protocol analyzers ()

Unified threat management ()

Content distribution networks ()

38. Network Security Techniques

Restricting network access ()

Network access control ()

Firewall rule management ()

Router configuration security ()

Switch configuration security ()

Maintaining network availability ()

Network monitoring ()

Firewall and network logs ()

Network performance metrics ()

SNMP ()

Isolating sensitive systems ()

Deception technologies ()

Network support ()

39. Specialized Networking

Telephony ()

Multimedia collaboration ()

Storage networks ()

40. Transport Encryption

TLS and SSL ()

IPsec ()

Remote network access ()

41. Wireless Networking

Understanding wireless networking ()

Wireless encryption ()

Wireless authentication ()

Wireless signal propagation ()

Wireless networking equipment ()

42. Mobile Device Security

Mobile connection methods ()

Mobile device security ()

Mobile device management ()

Mobile device tracking ()

Mobile application security ()

Mobile security enforcement ()

Bring your own device (BYOD) ()

Mobile deployment models ()

43. Host Security

Operating system security ()

Malware prevention ()

Application management ()

Host-based network security controls ()

File integrity monitoring ()

44. Domain 5: Identity and Access Management

Introducing the Identity and Access Management (IAM) domain ()

45. Identification

Authentication, authorization, and accounting (AAA) ()

Usernames and access cards ()

Biometrics ()

Registration and identity proofing ()

46. Authentication

Authentication factors ()

Multifactor authentication ()

Something you have ()

Password authentication protocols ()

Single sign-on and federation ()

RADIUS ()

Kerberos and LDAP ()

SAML ()

Identity as a service (IDaaS) ()

OAuth and OpenID Connect ()

Certificate-based authentication ()

Passwordless authentication ()

47. Accountability

Accountability ()

Session management ()

48. Account Management

Understand account and privilege management ()

Account types ()

Account policies ()

Password policies ()

Manage roles ()

Account monitoring ()

Provisioning and deprovisioning ()

49. Authorization

Understand authorization ()

Mandatory access controls ()

Discretionary access controls ()

Access control lists ()

Database access control ()

Advanced authorization concepts ()

50. Access Control Attacks

Social engineering ()

Impersonation attacks ()

Identity fraud and pretexting ()

Watering hole attacks ()

Physical social engineering ()

51. Domain 6: Security Assessment and Testing

Introducing the Security Assessment and Testing domain ()

52. Vulnerability Scanning

What is vulnerability management? ()

Identify scan targets ()

Scan configuration ()

Scan perspective ()

Analyzing scan reports ()

Correlating scan results ()

53. Penetration Testing

Penetration testing ()

Ethical disclosure ()

Bug bounty ()

Cybersecurity exercises ()

54. Log Reviews

Logging security information ()

Security information and event management ()

Continuous security monitoring ()

Endpoint monitoring ()

55. Code Testing

Code review ()

Code tests ()

Fuzz testing ()

Interface testing ()

Misuse case testing ()

Test coverage analysis ()

Code repositories ()

Third-party code ()

Software risk analysis and mitigation ()

56. Disaster Recovery Planning

Disaster recovery ()

Backups ()

Restoring backups ()

Disaster recovery sites ()

Testing BC/DR plans ()

After action reports ()

57. Assessing Security Processes

Collect security process data ()

Management review and approval ()

Security metrics ()

Audits and assessments ()

Control management ()

58. Domain 7: Security Operations

Introducing the Security Operations domain ()

59. Investigations and Forensics

Conducting investigations ()

Evidence types ()

Introduction to forensics ()

System and file forensics ()

Network forensics ()

Software forensics ()

Mobile device forensics ()

Embedded device forensics ()

Chain of custody ()

Reporting and documenting incidents ()

Electronic discovery (eDiscovery) ()

60. Privilege Management

Need to know and least privilege ()

Privileged account management ()

61. Incident Management

Build an incident response program ()

Creating an incident response team ()

Incident communications plan ()

Incident identification ()

Escalation and notification ()

Mitigation ()

Containment techniques ()

Incident eradication and recovery ()

Validation ()

Post-incident activities ()

62. Personnel Safety

Personnel safety ()

Emergency management ()

63. Domain 8: Software Development Security

Introducing the Software Development Security domain ()

64. Software Development Lifecycle

Software platforms ()

Development methodologies ()

Scaled agile framework ()

Maturity models ()

Automation and DevOps ()

Programming languages ()

Acquired software ()

65. Application Attacks

OWASP top ten ()

Application security ()

Preventing SQL injection ()

Understanding cross-site scripting ()

Request forgery ()

Defending against directory traversal ()

Overflow attacks ()

Explaining cookies and attachments ()

Session hijacking ()

Code execution attacks ()

Privilege escalation ()

Driver manipulation ()

Memory vulnerabilities ()

Race condition vulnerabilities ()

66. Secure Coding Practices

Input validation ()

Parameterized queries ()

Authentication/session management issues ()

Output encoding ()

Error and exception handling ()

Code signing ()

Database security ()

Data de-identification ()

Data obfuscation ()

67. What's Next

Preparing for the exam ()

دانلود فایل فشرده

با توجه به امکانات آموزش و همچنین امکانات بسته انتخاب شده لینک دانلود فایل فشرده آماده خواهد شد. با در نظر داشتن این شرایط لطفا بسته مورد نظر خود را انتخاب کرده و روی دکمه درخواست لینک دانلود کلیک کنید

در حال به روزرسانی اطلاعات

درخواست لینک دانلود

در حال به روزرسانی اطلاعات

لطفا قبل از فعالسازی لینک دانلود به موارد زیر توجه کنید:

پسورد فایل‌های فشرده است.
لینک‌های آماده شده تا 8 روز پس از فعالسازی منقضی خواهند شد.
حجم فایل‌ها تخمینی هستند.
در صورتی که لینک دانلود تا 15دقیقه پس از درخواست آماده نشد، از بخش پشتیبانی پیگیری نمایید.