《CCSPOfficial(ISC)2PracticeTests-外文文献》由会员分享,可在线阅读,更多相关《CCSPOfficial(ISC)2PracticeTests-外文文献(231页珍藏版)》请在金锄头文库上搜索。
1、CCSPOfficial (ISC)2 Practice TestsCCSPOfficial (ISC)2Practice TestsBen MalisowSenior Acquisitions Editor: Ken Brown Development Editor: Kelly Talbot Technical Editor: Bill Burke, Trevor L. Chandler, Aaron Kraus, Valerie Michelle Nelson, Brian T. OHara, Jordan Pike Production Manager: Kathleen Wisor
2、Copy Editor: Judy Flynn Editorial Manager: Mary Beth Wakefield Executive Editor: Jim Minatel Book Designers: Judy Fung and Bill Gibson Proofreader: Nancy Carrasco Indexer: John Sleeva Project Coordinator, Cover: Brent Savage Cover Designer: Wiley Cover Image: Jeremy Woodhouse/Getty Images, Inc.Copyr
3、ight 2018 by John Wiley each chapter contains a frac- tion of 750 practice questions, refecting the percentage of questions from the respective domain on the exam (for example, Chapter 1 refects Domain 1 of the CBK and has 143 questions). There are also two full-length practice exams, 125 questions
4、each, at the end of the book (Chapters 7 and 8).xviii IntroductionWho Should Read This BookThis book is intended for CCSP candidates. In order to earn the CCSP, you are expected to have professional experience in the feld of information security/IT security, particularly experience related to cloud
5、computing. The candidate will also need to provide evidence of their professional experience to (ISC)2 in the event of passing the exam. The author has drawn on his own experience studying for and passing the exam as well as years of teaching the CISSP and CCSP preparation courses for (ISC)2. He als
6、o solicited feedback from colleagues and former students who have taken the prep course and the exam. The book should refect the breadth and depth of question content you are likely to see on the exam. Some of the questions in this book are easier than what you will see on the exam; some of them may
7、 be harder. Hopefully, the book will prepare you for what you might encounter when you take the test. The one thing we chose not to simulate in the book is the “interactive” questions; (ISC)2 has stated that the current tests may go beyond the regular multiple-choice format and could include “matchi
8、ng” questions (a list of multiple answers and multiple terms, where the candidate has to arrange them all in order), drag-and-drop questions (where the candi- date uses the mouse to arrange items on the screen), and “hot spot” questions (where the candidate puts the mouse on areas of the screen to i
9、ndicate an answer). There will probably not be many of these on the exam you take, but they are weighted more in your score than the multiple-choice questions, so pay attention and be extra careful answering those.Tools You Will NeedIn addition to this book, we recommend the CCSP (ISC)2 Certifed Clo
10、ud Security Profes- sional Offcial Study Guide (OHara, Malisow), also from Wiley (2017). There is, as stated in the introduction, no magic formula for passing the exam. No single particular book/ source with all the answers to the exam exists. If someone claims to be able to provide you with such a
11、product, please realize that they are mistaken or, worse, misleading you. However, you can augment your studying by reviewing a signifcant portion of the likely sources used by the professionals who created the test. The following is a just a sampling of the possible professional resources the cloud
12、 practitioner should be familiar with: The Cloud Security Alliances Notorious Nine:https:/downloads.cloudsecurityalliance.org/initiatives/top_threats/ The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdfThe OWASPs Top 10:https:/www.owasp.org/index.php/Top_10_2013-Top_10The OWASPs XSS (Cross-Si
13、te Scripting) Prevention Cheat Sheet:https:/www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_ Cheat_SheetIntroduction xixThe OWASPs Testing Guide (v4):https:/www.owasp.org/images/1/19/OTGv4.pdfNIST SP 500-292, NIST Cloud Computing Reference Architecture:http:/ws680.nist.gov/publication/
14、get_pdf.cfm?pub_id=909505The CSAs Security Guidance for Critical Areas of Focus in Cloud Computing v3.0:https:/downloads.cloudsecurityalliance.org/assets/research/ security-guidance/csaguide.v3.0.pdfENISAs Cloud Computing Benefits, Risks, and Recommendations for Information Security:https:/www.enisa
15、.europa.eu/publications/cloud-computing-risk-assessmentThe Uptime Institutes Tier Standard: Topology and Tier Standard: Operational Sustainability (the linked page includes download options for the documents):https:/ Certified Cloud Security Professional Objective MapDomain 1: Architectural Concepts
16、 and Design RequirementsA. Understand Cloud Computing ConceptsA.1. Cloud Computing DefinitionsA.2. Cloud Computing RolesA.3. Key Cloud Computing CharacteristicsA.4. Building Block TechnologiesB. Describe Cloud Reference ArchitectureB.1. Cloud Computing ActivitiesB.2. Cloud Service CapabilitiesB.3. Cloud Service CategoriesB.4. Cloud Deployment ModelsB.5. Cloud Cross-Cutting AspectsC. Understand Secur
