CISSP Official Practice Tests by Mike Chapple, David Seidl

480 security fixes – spiral development model

SMTP (Simple Mail Transfer Protocol), 348,

442

OSI model and, 90

ports, 354

servers, 425

smurf attacks, 223, 320, 415

SNMP, OSI model and, 90

SOAP (Simple Object Access Protocol), 363

SOC (Service Organization Control), 272,

370

levels, 438

SOC 2 reports, 422

social engineering, 139, 209, 375, 393, 408,

410

social media, 153, 382

software

acceptance testing, 176

approved, 174

backdoors, 55

development schedule, 191

licensing, 172

requirements, 185

source, 61

testing, 128, 139, 142–143, 147, 185, 187,

190

vendors leaving business, 167

software development, 193, 195, 199, 291

Agile, 185, 189, 195, 215, 398, 401, 411

process, 189

answers, 393–404

life-cycle model, 284, 289

spiral model, 401

waterfall model, 196, 401–403, 443, 445

software escrow agreements, 388

software-based tokens, 121

software-defined network, 95, 354, 382

something you have authentication, 216

source code, testing and, 178

source port, 95

SOW (statement of work), 159

SOX, 325

span ports, 264

spiral development model, 199

security fixes, 155, 383

security guards, 5

security incidents, 389

security models, 52

Bell-LaPadula, 58, 77, 347

Biba, 77, 347

Clark-Wilson, 77, 347

Graham-Denning, 77, 347

Sutherland, 77, 347

security operations, answers, 381–392

*-Security Property, 340

segmentation, 354

self-service password reset tools, 366

self-signed digital certificates, 75, 346

separation of duties, 8, 12, 320, 360, 387,

412, 444

service bureaus, 387

Service Organizations Control audit, 321

service packs, 155

SESAME, 124, 368

session hijacking, 186, 196–197, 393, 403

session IDs, 119

Session layers, headers, 221

SFTP (secure FTP), 450

versus FTP, 32

shadowed passwords, 186, 398, 419

SIEM (Security Information and Event

Management), 132, 146, 426, 446

signal transmissions, 203

signature detection, 402

signature-based detection, 363

sign-on implementation, 106

Simple Integrity Property, 339, 416

Simple Security Property, 416, 455

single sign-on, 270

single-tier firewalls, 83, 96, 98

Six Cartridge Weekly scheme, 384

SLA (service-level agreement), 10, 159, 321,

324, 385, 412

SLE (single loss expectancy), 326, 420, 425,

434

smart cards, 212, 243, 250, 285, 343, 411

S/MME, 350