BytesCertification Based

Cybersecurity

Certified Information Systems Security Professional (CISSP) Exam Crash

Advanced

By: Raymond Lacoste

Overview

This is a hyper-focused certification prep course for the CISSP certification exam. This course is not meant as a replacement for the full CISSP course. It was designed for two very specific purposes: 1) to cover the most important topics needed to pass the certification exam, 2) to teach you how to read, interpret, and answer CISSP questions. There are approximately 200 video based questions that we walk through so you can develop the skills you need to be successful on the CISSP certification exam.

Modules

1. Security and Risk Management

1.1 Question: Being Ethical as a CISSP3 min

1.2 ISC2 Code of Ethics2 min

1.3 Question: Applying ISC2 Code of Ethics3 min

1.4 Question: What is the Ethical Thing To Do?3 min

1.5 Question: Security Concept Violations3 min

1.6 Question: Applying Security Concepts3 min

1.7 Understanding Security Concepts2 min

1.8 Question: Aligning your Information Security Program3 min

1.9 Question: Applying Security Governance Principles3 min

1.10 Question: Exercising Security Governance Principles3 min

1.11 Question: GDPR3 min

1.12 Investigation types2 min

1.13 Question: Is it a Policy, Standard, Procedure, or Guideline?3 min

1.14 Question: Developing Policy, Standards, Procedures, and Guidelines3 min

1.15 Policy, Standards, Procedures, and Guidelines3 min

1.16 Question: Business Continuity3 min

1.17 Question: Business Impact Analysis Metrics3 min

1.18 Question: Enforcing Personnel Security Policies and Procedures3 min

1.19 Exploring Onboarding, Transfers, and Termination Requirements3 min

1.20 Question: Risk Response Strategies4 min

1.21 Types of Controls3 min

1.22 Risk Response Strategies2 min

1.23 Quantitative vs Qualitative Risk Assessment3 min

1.24 Question: Risk Management Frameworks3 min

1.25 Question: Applying Threat Modeling3 min

1.26 Understanding Threat Modeling4 min

1.27 Question: Supply Chain Risk Mitigation2 min

1.28 Question: Supply Chain Risks2 min

1.29 Supply Chain Risk Management Concepts4 min

1.30 Question: Methods and Techniques to Increase Awareness and Training2 min

1.31 Program effectiveness evaluation4 min

1.32 Question: Determine If Your Security Awareness Program is Reducing Risk2 min

2. Asset Security

2.1 Question: Enhancing Asset Security Practices2 min

2.2 Question: Identify and Classify information and assets2 min

2.3 Question: Confusion About Handling Requirements2 min

2.4 Identifying and Classifying Information and Assets4 min

2.5 Question: Safeguarding Assets4 min

2.6 Question: Employees Mishandle Sensitive Documents2 min

2.7 Question: Provisioning Assets2 min

2.8 Question: Maintaining Assets4 min

2.9 Question: Manage the Data Lifecycle and Maintain Compliance3 min

2.10 Question: Best Practices and Regulatory Compliance for Data Collection3 min

2.11 Question: Data Roles2 min

2.12 Question: Effectively Dispose of Old Hard Drives3 min

2.13 Question: Reducing the Impact of a Breach3 min

2.14 Data Roles1 min

2.15 Data Destruction Methods1 min

2.16 Question: End of Life Practices2 min

2.17 Question: End-of-Support Considerations3 min

2.18 EOL vs EOS2 min

2.19 Question: Regulatory Frameworks2 min

2.20 Question: Protecting Sensitive Information3 min

3. Security Architecture and Engineering

3.1 Question: Which Secure Design Principle?2 min

3.2 Question: Choosing a Secure Design Principle1 min

3.3 Secure Design Principles1 min

3.4 Question: Confidentiality Security Model2 min

3.5 Question: Which Security Model?2 min

3.6 Security Models2 min

3.7 Question: Security Controls for Compliance and Safeguard3 min

3.8 Various Security Controls1 min

3.9 Question: Security Capabilities of Information Systems2 min

3.10 Assess and Mitigate Vulnerabilities2 min

3.11 Question: Effectively Prevent Pivoting in the Future3 min

3.12 Question: Mitigating the Risk3 min

3.13 Question: Choosing the Best Control3 min

3.14 Symmetric vs Asymmetric vs Hashing1 min

3.15 Question: Selecting an Appropriate Cryptographic Solution3 min

3.16 Question: Implementing the Best Cryptographic Solution2 min

3.17 Question: Purpose of the PKI2 min

3.18 Salting4 min

3.19 Question: Which Cryptanalytic Attack?2 min

3.20 Question: Side-Channel Attack2 min

3.21 Methods of Cryptanalytic Attacks1 min

3.22 Security Principles for Sites and Facilities1 min

3.23 Question: Preventing Tailgating3 min

3.24 Question: Fire Suppression3 min

3.25 Question: Backup Power2 min

3.26 Question: Which Phase of the Information System Lifecycle3 min

3.27 Phases of the Information System Lifecycle1 min

4. Communication and Network Security

4.1 Question: Eavesdropping and Tampering Concerns2 min

4.2 Secure Design Principles in Network Architectures2 min

4.3 Question: ZTA Design Principles3 min

4.4 Question: Store-and-Forward vs Cut-Through3 min

4.5 Question: Network Layer Protocol2 min

4.6 Question: Remote CLI Protocol2 min

4.7 Question: Security Benefit of CDN3 min

4.8 Question: IP Address Technique3 min

4.9 Question: Converged Networks2 min

4.10 Question: Physical Segmentation3 min

4.11 Question: Eliminate Risk in a Critical ICS System3 min

4.12 Question: WiFi2 min

4.13 Question: WPA33 min

4.14 Question: VPC Best Practice3 min

4.15 Secure Protocols2 min

4.16 OSI and TCP/IP Models2 min

4.17 Unicast, Broadcast, Multicast, Anycast1 min

4.18 Question: Reducing Broadcast Storms3 min

4.19 Question: Power Outages3 min

4.20 Question: Guarantee Minimal Downtime2 min

4.21 Question: Protecting Transmission Media3 min

4.22 Question: Host-Based Control3 min

4.23 Summary of Components1 min

4.24 Question: Protecting All IP Traffic2 min

4.25 Question: Ensuring End-to-End CIA3 min

4.26 Communication Channel Recommendations1 min

5. Identity and Access Management (IAM)

5.1 Question: Improving Security Controls3 min

5.2 Question: Mitigating Unauthorized Access to Confidential Data3 min

5.3 Question: MFA2 min

5.4 Authentication Factors1 min

5.5 Question: Simplify Credential Management3 min

5.6 Question: Authentication with External Partners3 min

5.7 SSO vs FIM3 min

5.8 Passwordless Authentication Examples3 min

5.9 Question: Just-In-Time Authentication2 min

5.10 Question: Identity Proofing3 min

5.11 Question: Choosing the Best Authentication Solution2 min

5.12 Understanding Federated Identity2 min

5.13 Question: Choosing The Best Authorization Solution2 min

5.14 Question: Authorization Based on Labels2 min

5.15 Question: Owner Controls Authorization2 min

5.16 Authorization Mechanisms2 min

5.17 Question: Reducing Risks Associated with Employee Departures3 min

5.18 Question: Orphaned Service Account3 min

5.19 Question: Preventing Future Access4 min

5.20 Question: Minimize the Risk Associated with Employee Terminations4 min

5.21 Question: Use of sudo2 min

5.22 5 Things to Remember About the Identity and Access Provisioning Lifecycle3 min

5.23 Question: Secret Key Authentication2 min

5.24 Question: Authenticating Management Access to Network Devices1 min

5.25 Question: Authenticating Without Sharing Credentials1 min

5.26 Characteristics of Authentication Systems1 min

6. Security Assessment and Testing

6.1 Assessment, Test, and Audit Strategies2 min

6.2 Frequency of Test, Assessments, and Audits2 min

6.3 Question: Validating detect and response to advanced attacker tactics3 min

6.4 Question: Verifying input-handling routines reject invalid or malicious actions3 min

6.5 Question: Testing code for common security flaws2 min

6.6 Question: Assurance that every critical control in your security framework has been tested at least once2 min

6.7 Question: Example of synthetic transactions/benchmarks2 min

6.8 Question: Evaluating the security of its externally facing web applications without causing service disruptions3 min

6.9 Types of Security Control Tests1 min

6.10 Question: Proving to Auditors It Has Been Done3 min

6.11 Question: Evidence of Senior Leadership Approval3 min

6.12 Question: Backup Evidence2 min

6.13 The Why’s and How's of Collecting Security Process Data2 min

6.14 Question: Communicate Findings Clearly3 min

6.15 Question: Ethical Disclosure4 min

6.16 Question: Sections of a Report2 min

6.17 Exception Handling2 min

6.18 Question: Ensuring the Audit Produces Valid Results2 min

6.19 Question: SOC Reports3 min

6.20 Types of SOC Reports2 min

7. Security Operations

7.1 Question: Investigation Actions3 min

7.2 Question: Ensuring the Integrity and Admissibility of Evidence3 min

7.3 Question: Real-time Threat Detection and Historical Forensic Analysis3 min

7.4 Question: Detect and Block Anomalous Behavior3 min

7.5 Question: Configuration Management4 min

7.6 Question: Reduce Fraud Risk2 min

7.7 Foundational Security Operations Concepts1 min

7.8 Question: Apply Resource Protection3 min

7.9 Incident Management Phases1 min

7.10 Question: Incident Management Lifecycle2 min

7.11 Question: Phases of Incident Management3 min

7.12 Detection and Preventative Measures1 min

7.13 Question: Only Allow Trusted Applications to Run4 min

7.14 Question: Automatically Block Reconnaissance and Exploit Attempts2 min

7.15 Question: Deceiving Adversaries2 min

7.16 Question: Patch and Vulnerability Management3 min

7.17 Question: Change Management3 min

7.18 Recovery Sites Strategies1 min

7.19 Backup Storage Strategies1 min

7.20 Backup Types3 min

7.21 Disaster Recovery (DR) Processes3 min

7.22 Question: Testing the DRP3 min

7.23 DRP Test Types1 min

7.24 Question: Business Continuity (BC) Planning2 min

7.25 Question: Physical Security4 min

7.26 Perimeter and Internal Physical Security Controls1 min

7.27 Question: Personnel Safety and Security Concerns3 min

8. Software Development

8.1 Question: Development Methodologies2 min

8.2 Question: Software Maturity Models1 min

8.3 Software Change Management4 min

8.4 Development Methodologies3 min

8.5 Software Development Maturity Models2 min

8.6 Question: Library Security2 min

8.7 SAST vs DAST vs IAST vs SCA3 min

8.8 Security Controls for Software Development Ecosystem2 min

8.9 Question: Effectiveness of Software Security3 min

8.10 Question: Reducing Risk with Software Security2 min

8.11 Assessing the Effectiveness of Software Security1 min

8.12 Question: Security Impact of Third-Party Software3 min

8.13 Question: Security Impact of Open-Source Software2 min

8.14 Question: Shared Responsibility2 min

8.15 Summarizing Security Impact of Acquired Software3 min

8.16 Question: Reducing Software Vulnerabilities3 min

8.17 Question: Strengthen the Security Posture of Your APIs3 min

8.18 Question: Outdated Third-Party Libraries2 min

8.19 Question: Secure Workloads Across Hybrid Cloud Environments2 min

8.20 Secure Coding Guidelines and Standards1 min

Ready to Elevate Your Team's Learning?

Talk with our sales team to see how StormWind can transform the way your organization trains and grows.

CONTACT SALES