CISSP : CISSP Study Guide, Seventh Edition

CISSP Study Guide, Seventh Edition
ISBN : 978-1-61691-848-4
Gain hands-on expertise in (ISC)² CISSP Certification Exam with CISSP Study Guide. The course covers all the objectives of (ISC)² CISSP Exam which include security and risk management, security engineering, communications and network security, identity and access management, software development security and so on. The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks.


uCertify uses content from well known publishers, instructors, and subject matter experts. They have a minimum of 15 years of experience in their fields. uCertify brings these textbooks to life. It is full of interactive activities that keep the learner engaged. uCertify brings all available learning resources for a topic in one place so that the learner can efficiently learn without going to multiple places. Challenge questions are also embedded in the chapters so learners can attempt those while they are learning about that particular topic. This helps them grasp the concepts better because they can go over it again right away which improves learning. At the end of every lesson, uCertify courses guide the learners on the path they should follow.

uCertify platform supports 50+ different types of interactive activities, connect the idea, or try it yourself lab activities embedded throughout its course. These interactive activities keep learners engaged and make learning fun.

Here's What You Get

Exercises Flashcards Quizzes Glossary

Each lesson comes with Exercises, Flashcards & Quizzes. There is no limit to the number of times learners can attempt these. Exercises come with detailed remediation, which ensures that learners are confident on the topic before proceeding. Flashcards help master the key concepts. Glossary defines the key terms.

Exercise Questions
Glossary of terms

Test Prep & Practice Questions

uCertify provides full length practice tests. These tests closely follow the exam objectives and are designed to simulate real exam conditions. Each course has a number of test sets consisting of hundreds of items to ensure that learners are prepared for the certification exam.

Here's What You Get

Pre-assessments Questions
Full Length Tests
Post-Assessments Questions


Full Remediation

Each question comes with detailed remediation explaining not only why an answer option is correct but also why the incorrect answer options are incorrect.

Unlimited Practice

Each test can be taken unlimited number of times until the learner feels they are prepared. Learner can review the test and read detailed remediation. Detailed test history is also available.

Learn, Test and Review Mode

Each test set comes with learn, test and review modes. In learn mode, learners will attempt a question and will get immediate feedback and complete remediation as they move on to the next question. In test mode, learners can take a timed test simulating the actual exam conditions. In review mode, learners can read through one item at a time without attempting it.


Online labs can be used to supplement training. uCertify labs are an inexpensive & safe way to explore and learn. uCertify labs are versatile - labs simulate real-world, hardware, software & command line interface environments and can be mapped to any text-book, course & training.

Here's What You Get

Performance based lab

Hands on Activities

Security Governance Through Principles and Policies

  • Identifying protection mechanisms
  • Identifying security management plans
  • Identifying steps in a classification scheme
  • Identifying risk actions

Personnel Security and Risk Management Concepts

  • Understanding elements of risk
  • Identifying steps in quantitative risk analysis
  • Understanding agents

Business Continuity Planning

  • Identifying phases in BCP process
  • Identifying man-made threats

Laws, Regulations, and Compliance

  • Identifying CFAA provisions

Protecting Security of Assets

Cryptography and Symmetric Key Algorithms

  • Checking the integrity of messages through MAC values
  • Identifying asymmetric algorithms

PKI and Cryptographic Applications

  • Backing up an encryption certificate and key

Principles of Security Models, Design, and Capabilities

  • Identifying Information models
  • Identifying TCSEC categories

Security Vulnerabilities, Threats, and Countermeasures

Physical Security Requirements

  • Identifying terms associated with power issues
  • Identifying primary stages of fire
  • Identifying physical access control mechanisms

Secure Network Architecture and Securing Network Components

  • Identifying application layer protocols
  • Identifying steps in the encapsulation/decapsulation process
  • Identifying OSI layer functions
  • Identifying OSI layers
  • Identifying connectionless communication
  • Identifying abbreviations for various Internet layer protocols
  • Identifying TCP/IP protocol layers
  • Identifying TCP/IP layers
  • Identifying flag bit designator
  • Configuring IPv4 address
  • Configuring SSID
  • Creating and configuring a network
  • Identifying gateway firewalls
  • Identifying hardware devices
  • Connecting systems to the Internet through a firewall router
  • Identifying network topologies
  • Identifying UTP categories
  • Identifying steps in CSMA technology
  • Identifying LAN sub technologies
  • Identifying types of cable
  • Identifying components of a coaxial cable

Secure Communications and Network Attacks

  • Identifying secure communication protocols
  • Identifying authentication protocols
  • Identifying phreaker tools
  • Identifying security solutions
  • Connecting to a server using Remote Desktop Connection
  • Creating a dial-up connection
  • Creating a remote access VPN connection
  • Identifying VPN protocols
  • Installing Windows Virtual PC
  • Creating a virtual PC machine
  • Understanding NAT
  • Identifying switching technology properties
  • Identifying specialized protocols
  • Understanding transparency
  • Understanding security boundaries

Managing Identity and Authentication

  • Creating a password for account
  • Configuring password policies
  • Enabling and disabling password expiration
  • Configuring NPS network policy
  • Identifying drawbacks of Kerberos authentication
  • Identifying components of the Kerberos authentication protocol
  • Identifying authentication services
  • Configuring NPS to provide RADIUS authentication
  • Identifying responsibilities

Controlling and Monitoring Access

  • Identifying authorization mechanisms
  • Viewing password hashes

Security Assessment and Testing

Managing Security Operations

  • Identifying steps within an effective patch management program
  • Identifying security reviews
  • Identifying steps in incident response management

Preventing and Responding to Incidents

  • Configuring audit policies
  • Viewing different event details
  • Identifying log types
  • Filtering entries in Event Viewer

Disaster Recovery Planning

  • Identifying processing sites in disaster recovery plan
  • Identifying disaster recovery plan tests

Incidents and Ethics

  • Identifying computer crime types

Software Development Security

  • Identifying stages in a waterfall lifecycle model
  • Identifying generations of languages
  • Understanding object-oriented programming terms
  • Identifying levels in Software Capability Maturity Model
  • Identifying testing methods
  • Identifying keys in a database
  • Identifying storage types

Malicious Code and Application Attacks

  • Installing the AVG antivirus and scanning a drive
  • Understanding application attacks
  • Identifying types of viruses

Appendix A

Appendix B

Exam Information

The Certified Information Systems Security Professional (CISSP) certification is a standalone certification from (ISC)² with the exam code CISSP. This exam is for security professionals and it validates working knowledge of information technology security. The exam covers 10 domains of knowledge, including access control, business continuity, and security architecture. 

Career Prospects
  • Security Auditor
  • Security Analyst
  • Security Manager
  • Security Architect
  • Network Architect
  • Director of Security
  • Security Consultant
  • IT Director/Manager
  • Security Systems Engineer
  • Chief Information Security Officer
Exam FAQs
What is the exam registration fee?
USD 599
Where do I take the exam?
What is the format of the exam?
Multiple choice questions and advanced innovative questions
How many questions are asked in the exam?
The exam contains 250 questions.
What is the duration of the exam?
360 minutes
What is the passing score?

(on a scale of 700-1000)

What is the exam's retake policy?
(ISC)²’s policy for retaking the exam via CBT states that after the first unsuccessful exam attempt, candidates will have 3 more attempts to take the exam. For 2nd attempt the candidate must wait for 30 days before next exam attempt.  For 3rd attempt he needs to wait for 90 days and for 4th attempt the wait period is 180 days. Candidates are eligible to sit for (ISC)² examinations a maximum of 3 times within a calendar year.
Where can I find more information about this exam?
To know more about the CISSP-2016, click here.

Table of Content

Here's What you will Learn

Lesson 1: Security Governance Through Principles and Policies

  • Understand and Apply Concepts of Confidentiality, Integrity, and Availability
  • Apply Security Governance Principles
  • Develop and Implement Documented Security Policy, Standards, Procedures, and Guidelines
  • Understand and Apply Threat Modeling
  • Integrate Security Risk Considerations into Acquisition Strategy and Practice
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 2: Personnel Security and Risk Management Concepts

  • Contribute to Personnel Security Policies
  • Security Governance
  • Understand and Apply Risk Management Concepts
  • Establish and Manage Information Security Education, Training, and Awareness
  • Manage the Security Function
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 3: Business Continuity Planning

  • Planning for Business Continuity
  • Project Scope and Planning
  • Business Impact Assessment
  • Continuity Planning
  • Plan Approval and Implementation
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 4: Laws, Regulations, and Compliance

  • Categories of Laws
  • Laws
  • Compliance
  • Contracting and Procurement
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 5: Protecting Security of Assets

  • Classifying and Labeling Assets
  • Identifying Data Roles
  • Protecting Privacy
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 6: Cryptography and Symmetric Key Algorithms

  • Historical Milestones in Cryptography
  • Cryptographic Basics
  • Modern Cryptography
  • Symmetric Cryptography
  • Cryptographic Life Cycle
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 7: PKI and Cryptographic Applications

  • Asymmetric Cryptography
  • Hash Functions
  • Digital Signatures
  • Public Key Infrastructure
  • Asymmetric Key Management
  • Applied Cryptography
  • Cryptographic Attacks
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 8: Principles of Security Models, Design, and Capabilities

  • Implement and Manage Engineering Processes Using Secure Design Principles
  • Understand the Fundamental Concepts of Security Models
  • Select Controls and Countermeasures Based on Systems Security Evaluation Models
  • Understand Security Capabilities of Information Systems
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 9: Security Vulnerabilities, Threats, and Countermeasures

  • Assess and Mitigate Security Vulnerabilities
  • Client-Based
  • Server-Based
  • Database Security
  • Distributed Systems
  • Industrial Control Systems
  • Assess and Mitigate Vulnerabilities in Web-Based Systems
  • Assess and Mitigate Vulnerabilities in Mobile Systems
  • Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical Systems
  • Essential Security Protection Mechanisms
  • Common Architecture Flaws and Security Issues
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 10: Physical Security Requirements

  • Apply Secure Principles to Site and Facility Design
  • Design and Implement Physical Security
  • Implement and Manage Physical Security
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 11: Secure Network Architecture and Securing Network Components

  • OSI Model
  • TCP/IP Model
  • Converged Protocols
  • Wireless Networks
  • General Wi-Fi Security Procedure
  • Cabling, Wireless, Topology, and Communications Technology
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 12: Secure Communications and Network Attacks

  • Network and Protocol Security Mechanisms
  • Secure Voice Communications
  • Multimedia Collaboration
  • Manage Email Security
  • Remote Access Security Management
  • Virtual Private Network
  • Virtualization
  • Network Address Translation
  • Switching Technologies
  • WAN Technologies
  • Miscellaneous Security Control Characteristics
  • Security Boundaries
  • Prevent or Mitigate Network Attacks
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 13: Managing Identity and Authentication

  • Controlling Access to Assets
  • Comparing Identification and Authentication
  • Implementing Identity Management
  • Managing the Identity and Access Provisioning Life Cycle
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 14: Controlling and Monitoring Access

  • Comparing Access Control Models
  • Understanding Access Control Attacks
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 15: Security Assessment and Testing

  • Building a Security Assessment and Testing Program
  • Performing Vulnerability Assessments
  • Testing Your Software
  • Implementing Security Management Processes
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 16: Managing Security Operations

  • Applying Security Operations Concepts
  • Provisioning and Managing Resources
  • Managing Configuration
  • Managing Change
  • Managing Patches and Reducing Vulnerabilities
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 17: Preventing and Responding to Incidents

  • Managing Incident Response
  • Implementing Preventive Measures
  • Logging, Monitoring, and Auditing
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 18: Disaster Recovery Planning

  • The Nature of Disaster
  • Understand System Resilience and Fault Tolerance
  • Recovery Strategy
  • Recovery Plan Development
  • Training, Awareness, and Documentation
  • Testing and Maintenance
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 19: Incidents and Ethics

  • Investigations
  • Major Categories of Computer Crime
  • Incident Handling
  • Ethics
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 20: Software Development Security

  • Introducing Systems Development Controls
  • Establishing Databases and Data Warehousing
  • Storing Data and Information
  • Understanding Knowledge-Based Systems
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 21: Malicious Code and Application Attacks

  • Malicious Code
  • Password Attacks
  • Application Attacks
  • Web Application Security
  • Reconnaissance Attacks
  • Masquerading Attacks
  • Summary
  • Exam Essentials
  • Written Lab

Lesson 22: Appendix A

Lesson 23: Appendix B


uCertify provides courses, simulator, labs, test prep kits for IT certifications including Microsoft, Oracle, Cisco, CompTIA, CIW, PMI, ISC2, Linux, Zend, Google, IC3 , Adobe and many more.

© 2002-2017 uCertify. All Rights Reserved