Scroll to top button

ISC2 CISSP Study Guide 8th edition

ISBN : 9781616910808

Prepare for the ISC2 CISSP certification exam with the ISC2 CISSP Study Guide 8th edition course and lab. The lab can be mapped to any course, textbook, or training, therefore, adding value and a hands-on component to training. The course and lab completely cover the CISSP exam objectives and help you master the skills required to work with business continuity planning, asset security, cryptography, PKI, and so on. The course provides the required skills and knowledge for understanding and using all the basic and advanced security principles and methods.

The vendor-neutral ISC2 CISSP certification is the ideal credential for those with deep technical and managerial competence to design, engineer, implement, and manage overall information security programs to protect organizations. This exam validates candidate's working knowledge of information technology security of an IT professional. The exam covers ten domains of knowledge, including access control, business continuity, and security architecture.

Glossary of terms
Pre Assessment Questions
Post Assessment Questions
Performance lab
Learn the real world skills using LiveLab.
Exam related FAQs
What are the prerequisites for this exam?

ISC2 has the following pre-requisites:

  • At least five years of cumulative, paid, full-time work experience.
  • In two or more of the eight domains of the (ISC)2 CISSP Common Body of Knowledge (CBK).
What is the exam registration fee? USD 699
Where do I take the exam? Pearson VUE
What is the format of the exam? Multiple choice questions and advanced innovative questions
How many questions are asked in the exam? The exam contains 100-150 questions.
What is the duration of the exam? 180 minutes
What is the passing score? 700

(on a scale of 0-1000)

What is the exam's retake policy?
  • A candidate may sit for CISSP exam up to three times within a 12-month period.
  • If a candidate does not pass the exam the first time, he/she may retest after 30 test-free days.
  • If a candidate does not pass the exam the second time, he/she may retest after an additional 90 test-free days.
  • If a candidate does not pass the exam the third time, he/she may retest after 180 test-free days from their most recent exam attempt.
What is the validity of the certification? Three years
Where can I find more information about this exam? To know more about the CISSP-2018, click here.
Which certification covers this exam?
What are the career opportunities after passing this exam?
  • Security Auditor
  • Security Architect
  • Network Architect
  • Director of Security
  • Security Consultant
  • IT Director/Manager
  • Security Systems Engineer
  • Chief Information Security Officer
  • Overview of the CISSP Exam
  • Notes on This Course's Organization
  • Understand and Apply Concepts of Confidentiality, Integrity, and Availability
  • Evaluate and Apply Security Governance Principles
  • Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines
  • Understand and Apply Threat Modeling Concepts and Methodologies
  • Apply Risk-Based Management Concepts to the Supply Chain
  • Summary
  • Exam Essentials
  • Written Lab
  • Personnel Security Policies and Procedures
  • Security Governance
  • Understand and Apply Risk Management Concepts
  • Establish and Maintain a Security Awareness, Education, and Training Program
  • Manage the Security Function
  • Summary
  • Exam Essentials
  • Written Lab
  • Planning for Business Continuity
  • Project Scope and Planning
  • Business Impact Assessment
  • Continuity Planning
  • Plan Approval and Implementation
  • Summary
  • Exam Essentials
  • Written Lab
  • Categories of Laws
  • Laws
  • Compliance
  • Contracting and Procurement
  • Summary
  • Exam Essentials
  • Written Lab
  • Identify and Classify Assets
  • Determining Ownership
  • Using Security Baselines
  • Summary
  • Exam Essentials
  • Written Lab
  • Historical Milestones in Cryptography
  • Cryptographic Basics
  • Modern Cryptography
  • Symmetric Cryptography
  • Cryptographic Lifecycle
  • Summary
  • Exam Essentials
  • Written Lab
  • Asymmetric Cryptography
  • Hash Functions
  • Digital Signatures
  • Public Key Infrastructure
  • Asymmetric Key Management
  • Applied Cryptography
  • Cryptographic Attacks
  • Summary
  • Exam Essentials
  • Written Lab
  • Implement and Manage Engineering Processes Using Secure Design Principles
  • Understand the Fundamental Concepts of Security Models
  • Select Controls Based On Systems Security Requirements
  • Understand Security Capabilities of Information Systems
  • Summary
  • Exam Essentials
  • Written Lab
  • Assess and Mitigate Security Vulnerabilities
  • Client-Based Systems
  • Server-Based Systems
  • Database Systems Security
  • Distributed Systems and Endpoint Security
  • Internet of Things
  • Industrial Control Systems
  • Assess and Mitigate Vulnerabilities in Web-Based Systems
  • Assess and Mitigate Vulnerabilities in Mobile Systems
  • Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
  • Essential Security Protection Mechanisms
  • Common Architecture Flaws and Security Issues
  • Summary
  • Exam Essentials
  • Written Lab
  • Apply Security Principles to Site and Facility Design
  • Implement Site and Facility Security Controls
  • Implement and Manage Physical Security
  • Summary
  • Exam Essentials
  • Written Lab
  • OSI Model
  • TCP/IP Model
  • Converged Protocols
  • Wireless Networks
  • Secure Network Components
  • Cabling, Wireless, Topology, Communications, and Transmission Media Technology
  • Summary
  • Exam Essentials
  • Written Lab
  • Network and Protocol Security Mechanisms
  • Secure Voice Communications
  • Multimedia Collaboration
  • Manage Email Security
  • Remote Access Security Management
  • Virtual Private Network
  • Virtualization
  • Network Address Translation
  • Switching Technologies
  • WAN Technologies
  • Miscellaneous Security Control Characteristics
  • Security Boundaries
  • Prevent or Mitigate Network Attacks
  • Summary
  • Exam Essentials
  • Written Lab
  • Controlling Access to Assets
  • Comparing Identification and Authentication
  • Implementing Identity Management
  • Managing the Identity and Access Provisioning Lifecycle
  • Summary
  • Exam Essentials
  • Written Lab
  • Comparing Access Control Models
  • Understanding Access Control Attacks
  • Summary
  • Exam Essentials
  • Written Lab
  • Building a Security Assessment and Testing Program
  • Performing Vulnerability Assessments
  • Testing Your Software
  • Implementing Security Management Processes
  • Summary
  • Exam Essentials
  • Written Lab
  • Applying Security Operations Concepts
  • Securely Provisioning Resources
  • Managing Configuration
  • Managing Change
  • Managing Patches and Reducing Vulnerabilities
  • Summary
  • Exam Essentials
  • Written Lab
  • Managing Incident Response
  • Implementing Detective and Preventive Measures
  • Logging, Monitoring, and Auditing
  • Summary
  • Exam Essentials
  • Written Lab
  • The Nature of Disaster
  • Understand System Resilience and Fault Tolerance
  • Recovery Strategy
  • Recovery Plan Development
  • Training, Awareness, and Documentation
  • Testing and Maintenance
  • Summary
  • Exam Essentials
  • Written Lab
  • Investigations
  • Major Categories of Computer Crime
  • Ethics
  • Summary
  • Exam Essentials
  • Written Lab
  • Introducing Systems Development Controls
  • Establishing Databases and Data Warehousing
  • Storing Data and Information
  • Understanding Knowledge-Based Systems
  • Summary
  • Exam Essentials
  • Written Lab
  • Malicious Code
  • Password Attacks
  • Application Attacks
  • Web Application Security
  • Reconnaissance Attacks
  • Masquerading Attacks
  • Summary
  • Exam Essentials
  • Written Lab

Hands on Activities (Labs)

  • Encrypting the Disk
  • Encrypting a File or Folder
  • Configuring Audit Group Policy 
  • Completing the Chain of Custody
  • Assigning Permissions to Folders
  • Identifying risk actions
  • Understanding elements of risk
  • Identifying steps in quantitative risk analysis
  • Configuring Standard Access Control List
  • Configuring Extended Access Control List
  • Identifying phases in BCP process
  • Identifying CFAA provisions
  • Checking the integrity of messages through MAC values
  • Identifying asymmetric algorithms
  • Identifying cryptographic attacks
  • Using OpenSSL to Create a Public/Private Key Pair
  • Observe an SHA-Generated Hash Value
  • Observing an MD5-Generated Hash Value
  • Identifying sequence of sender's process in digital signature system
  • Understanding PKCS standards
  • Identifying OSI layer functions
  • Identifying OSI layers
  • Identifying steps in the encapsulation/decapsulation process
  • Identifying connectionless communication
  • Identifying abbreviations for various Internet layer protocols
  • Identifying TCP/IP protocol layers
  • Identifying TCP/IP layers
  • Identifying flag bit designator
  • Using Windows Firewall
  • Configuring Linux Firewall Using Iptable 
  • Identifying gateway firewalls
  • Identifying hardware devices
  • Connecting systems to the Internet through a router
  • Identifying firewall techniques
  • Identifying types of cable
  • Identifying components of a coaxial cable
  • Identifying network topologies
  • Identifying UTP categories
  • Identifying steps in CSMA technology
  • Identifying LAN sub technologies
  • Configuring IPSec
  • Configuring VLAN
  • Identifying secure communication protocols
  • Identifying authentication protocols
  • Identifying phreaker tools
  • Identifying security solutions
  • Configuring a VPN
  • Identifying VPN protocols
  • Configuring Static NAT
  • Configuring Dynamic NAT
  • Understanding NAT
  • Identifying switching technology properties
  • Identifying specialized protocols
  • Understanding transparency
  • Understanding security boundaries
  • Using Ettercap for ARP Spoofing
  • Identifying types of Denial of Service attacks
  • Identifying access control types
  • Identifying authorization mechanisms
  • Restricting Local Accounts
  • Identifying drawbacks of Kerberos authentication
  • Identifying components of the Kerberos authentication protocol
  • Identifying authentication services
  • Identifying responsibilities
  • Reviewing an Authorization Letter for Penetration Testing
  • Identifying attacks
  • Identifying social engineering attacks
  • Configuring User Access Control Setting
  • Scanning Ports Using Metasploit
  • Exploiting Windows 7 Using Metasploit
  • Enabling a Keylogger in a Target Machine
  • Conducting Vulnerability Scanning Using Nessus
  • Using nmap for Scanning
  • Identifying terms associated with data destruction
  • Identifying steps within an effective patch management program
  • Identifying steps in incident response management
  • Enabling Intrusion Prevention and Detection
  • Configuring Snort
  • Identifying malicious attacks
  • Working with a host-based IDS
  • Identifying sequence in which the IDS instructs the TCP to reset connections
  • Performing DoS Attack with SYN Flood
  • Identifying RAID level characteristics
  • Identifying processing sites in disaster recovery plan
  • Identifying disaster recovery plan tests
  • Taking a Full Backup
  • Taking Incremental Backup
  • Configuring RAID 5
  • Identifying computer crime types
  • Identifying stages in a waterfall lifecycle model
  • Understanding object-oriented programming terms
  • Identifying levels in Software Capability Maturity Model
  • Identifying testing methods
  • Identifying primary phases of SDLC
  • Identifying keys in a database
  • Identifying storage types
  • Causing a DarkComet Trojan Infection
  • Identifying types of viruses
  • Identifying types of viruses
  • Using the John the Ripper Tool
  • Using Social Engineering Techniques to Plan an Attack
  • Attacking a Website Using XSS Injection
  • Conducting a Cross-Site Request Forgery Attack
  • Exploiting a Website Using SQL Injection
  • Understanding application attacks
  • Defending against IP Spoofing
  • Using Burp Suite

Customer Testimonials

Brian Metres
Personally, I'm happy with uCertify CISSP course as this course gives comprehensive chapter-by-chapter study and then I can start reviewing my progress by taking quizzes and exams and the platform will track my personal progress so I can view my progress anytime I wanted. I would also recommend the professional and students who are planning to be CISSP certified.
Aldwin Baranda
uCertify is a one-stop destination to get all desired IT certification courses. I had a lovely experience doing their CISSP course and labs here & also completing it successfully.
Chirag Gupta
The course is designed in a very simple way that beginners can learn easily and pass the certification exam in their first attempt. The quizzes provide detailed answers and I am extremely impressed by their Labs.