CISSP Fix

ISC2 Common Body of Knowledge (CBK) has specified objectives for the CISSP test. These objectives are grouped under ten CBK domains. Following are some important areas in which an individual should possess good knowledge before taking the CISSP test:

* Deploying and managing SSL certificates
* Implementing security for wireless networks
* Configuring public and private wireless LANs
* Configuring authentication for secure remote access
* Configuring IPSec authentication and troubleshooting IPSec
* Implementing Public key infrastructure and hashing function
* Configuring and troubleshooting authentication for Web users
* Implementing Internet security and handling types of attacks
* Configuring IPSec to secure communication between networks and hosts
* Configuring and troubleshooting virtual private network (VPN) protocols
* Installing and configuring Certificate Authority (CA) hierarchies, root, intermediate, and issuing CA. Managing Certificate Authorities (CAs)

This test prepares you for various job roles, which include: systems engineer, systems administrator, network administrator, information systems administrator, technical support engineers, systems analysts, network analysts and technical consultants. If you would like to know more about the Windows XP CISSP test please visit the Array website.

The test is appropriate for you if you are working or want to work in a typically complex computing environment of medium-to-large organizations. There are no specific prerequisites for this test, although it is recommended that you should have at least one year of experience in implementing and administering any desktop operating system in a network environment.

CISSP certification is an advanced-level certification specially meant for IT security professionals who have a minimum of four years of professional experience in the field of information security.

The CISSP certification validates your abilities and knowledge of the ten domains of a Common Body of Knowledge (CBK) such as access control, application security, cryptography, business continuity and disaster recovery planning, IS and risk management, operations security, physical security, security architecture and design, telecommunications and network security, and legal, regulations, compliance and investigations.

(ISC)2 Common Body of Knowledge (CBK) has specified objectives for the CISSP test. These objectives are grouped under ten CBK domains. Following are some important areas in which an individual should possess good knowledge before taking the CISSP test:

The CISSP test is designed to certify users who have a minimum of five years of professional experience in information security. The CISSP test covers implementing security policy, identifying security threats, and developing countermeasures using firewall systems and attack-recognition technologies. Before taking the CISSP test, you should practice the following:

1. Implement network perimeter security and elements of an effective security policy.

2. Implement encryption, including the three main encryption methods used in internetworking.

3. Implement public key infrastructure and hashing function.

4. Implement firewalls on the network.

5. Understand firewall system planning, including levels of protection.

SYN scan is the type of TCP scanning. This scan type is also known as “half-open scanning” because it not opens a full TCP connection. The port scanner generates a SYN packet. If the target port is open, it will respond with a SYN-ACK packet. The scanner host responds with a RST packet that closes the connection before the handshake is completed.

Twofish is a symmetric key block cipher. It operates on 128-bits block size and uses key sizes up to 256 bits. It uses pre-computed key-dependent S-boxes, and a relatively complex key schedule. One half of an n-bit key is used as the actual encryption key and the other half the key is used to modify the encryption algorithm. It borrows some elements from the pseudo-Hadamard transform (PHT) from the SAFER family of ciphers.

Phishing is a type of scam that entice a user to disclose personal information such as social security number, bank account details, or credit card number. An example of phishing attack is a fraudulent e-mail that appears to come from a user’s bank asking to change his online banking password. When the user clicks the link available on the e-mail, it directs him to a phishing site which replicates the original bank site. The phishing site lures the user to provide his personal information.

Internet Group Management Protocol (IGMP) is a communication protocol that multicasts messages and information among all member devices in an IP multicast group. However, multicast traffic is sent to a single MAC address but is processed by multiple hosts. It can be effectively used for gaming and showing online videos. IGMP is vulnerable to network attacks.

Static NAT performs a manual translation of one IP address to a different one. Static NAT is typically used to translate destination IP address in packets that reaches to the translation device (like router) for the LAN. In static translation type, a manual translation is performed between two addresses, and possibly port numbers.