Skip to main content

CISSP Official (ISC)2 Practice Tests, 2nd Edition

CISSP Official (ISC)2 Practice Tests, 2nd Edition

Mike Chapple, David Seidl

ISBN: 978-1-119-47596-5 May 2018 512 Pages

 E-Book

$26.99

Description

Full-length practice tests covering all CISSP domains for the ultimate exam prep

The (ISC)2 CISSP Official Practice Tests is a major resource for CISSP candidates, providing 1300 unique practice questions. The first part of the book provides 100 questions per domain. You also have access to four unique 125-question practice exams to help you master the material. As the only official practice tests endorsed by (ISC)2, this book gives you the advantage of full and complete preparation. These practice tests align with the 2018 version of the exam to ensure up-to-date preparation, and are designed to cover what you'll see on exam day. Coverage includes: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security.

The CISSP credential signifies a body of knowledge and a set of guaranteed skills that put you in demand in the marketplace. This book is your ticket to achieving this prestigious certification, by helping you test what you know against what you need to know.

  • Test your knowledge of the 2018 exam domains
  • Identify areas in need of further study
  • Gauge your progress throughout your exam preparation

The CISSP exam is refreshed every few years to ensure that candidates are up-to-date on the latest security topics and trends. Currently-aligned preparation resources are critical, and periodic practice tests are one of the best ways to truly measure your level of understanding.

Related Resources

Instructor

Request an Evaluation Copy for this title

Introduction xvii

Chapter 1 Security and Risk Management (Domain 1) 1

Chapter 2 Asset Security (Domain 2) 27

Chapter 3 Security Architecture and Engineering (Domain 3) 51

Chapter 4 Communication and Network Security (Domain 4) 79

Chapter 5 Identity and Access Management (Domain 5) 103

Chapter 6 Security Assessment and Testing (Domain 6) 127

Chapter 7 Security Operations (Domain 7) 151

Chapter 8 Software Development Security (Domain 8) 175

Chapter 9 Practice Test 1 201

Chapter 10 Practice Test 2 231

Chapter 11 Practice Test 3 259

Chapter 12 Practice Test 4 287

Appendix Answers 317

Chapter 1: Security and Risk Management (Domain 1) 318

Chapter 2: Asset Security (Domain 2) 327

Chapter 3: Security Architecture and Engineering (Domain 3) 338

Chapter 4: Communication and Network Security (Domain 4) 347

Chapter 5: Identity and Access Management (Domain 5) 358

Chapter 6: Security Assessment and Testing (Domain 6) 369

Chapter 7: Security Operations (Domain 7) 381

Chapter 8: Software Development Security (Domain 8) 393

Chapter 9: Practice Test 1 404

Chapter 10: Practice Test 2 418

Chapter 11: Practice Test 3 431

Chapter 12: Practice Test 4 445

Index 459

Errata in figure
Chapter 12, question 125, page 315

Replace the figure with the attached figure
Download
ChapterPageDetailsDatePrint Run
Back matter Advertisement Errata in text
Please replace the -Get Certified- advertisement page to the last
page of the book.
26-Jun-2018

359Errata in text
Chapter 3/Question 32 page 59,

currently reads
B. Kerckhoff's principle

Should be
B. Kerckhoffs' principle
4/2/2019

5112Errata in text
Chapter 5/Question 42 page 112

Incorrect
C. The CER and the ERR

Correct
C. The CER and the EER
4/2/2019

5119Errata in text
Chapter 5/Question 75 page119

Incorrect
5. IDP

Correct
5. IPS
4/2/2019

6146Errata in text
Chapter 6/Question 83 page 146

Incorrect
Which one of the following limitations of fuzz testing should Ryan consider when making his decision?

correct
Which one of the following statements about fuzz testing should Ryan consider when making his decision?
4/2/2019

6146Errata in text
Chapter 6/Question 83 page 146

Incorrect
A. They often find only simple faults.

Correct
A. Fuzzers only find complex faults
4/2/2019

7153Errata in text
Chapter 7/Question 8 page 153

Incorrect
Answers A, B, C, D:
Toni's

Correct
the user's
4/2/2019

9211Errata in text
Chapter 9/Question 47 page 211

Incorrect
D. ERR

Correct
D. EER
4/2/2019

9221Errata in text
Chapter 9/Question 87 page 221

Incorrect
D. Production

Correct
D. Processing
4/2/2019

12314Errata in figure
Chapter 12/Question 124 page 314 figure

Incorrect:
[In the figure] Encrypt key using receive public key

Correct:
[In the figure] Encrypt key using receiver's public key
4/2/2019

Appendix340Errata in text
Appendix, Answer-32, page 340

Incorrect
B. Kerckhoff's principle

Correct
B. Kerckhoffs' principle
4/2/2019

Appendix A - Chap 03344Errata in text
The correct answer to question 71 should be - B.
The existing explanation to the answer does not change.
20-July-2018

Appendix362Errata in text
Appendix, Answers-42, page 362

Incorrect:
B.CER and ERR are the same

Correct:
CER and EER are the same
4/2/2019

Appendix370Errata in text
In Appendix, for Question 10, in chapter 6, the correct answer and
explanation should be:

A. The key to answering this question correctly is understanding the difference between Type I and Type II audits. Type I audits only cover a single point in time and are based upon management descriptions of controls. They do not include an assessment of operating effectiveness. Type II audits cover a period of time and do include an assessment of operating effectiveness.
14-Aug-2018

Appendix382Errata in text
Appendix, Answer-8, page 382

Incorrect
Toni's

Correct
the user's
4/2/2019

Appendix409Errata in text
Appendix, Answers-47, page-409

Incorrect
CER and ERR

Correct
CER and EER
4/2/2019

Appendix437Errata in text
Appendix, Answer-53, page, 437

Incorrect
D. Modification of audit logs will prevent repudiation because the data cannot be trusted, and thus actions cannot be provably denied.

Correct
D. Modification of audit logs will allow repudiation because the data cannot be trusted, and thus actions can be provably denied.
4/2/2019

Appendix A456Errata in text
Appendix A, page 456, answer to question 109 of Chapter 12:

Currently reads:
109. The disaster recovery test types, listed in order of their potential impact on the business from the least impactful to the most impactful, are as follows:
A. Checklist review
B. Parallel test
C. Tabletop exercise
D. Full interruption test

The order of two options is mixed up here and should read:

109. The disaster recovery test types, listed in order of their potential impact on the business from the least impactful to the most impactful, are as follows:
A. Checklist review
C. Tabletop exercise
B. Parallel test
D. Full interruption test

The remainder of the explanation does correctly describe this. The order is just mismatched in the list.
2-Nov-18