CISSP Official Practice Tests by Mike Chapple, David Seidl

SPIT (Spam over Internet Telephony) attacks – Take-Grant permissions model 481

subject/object model, 53, 424, 448

subnet masks, 93, 232

supervisory mode, 342

surveys, 241

Sutherland model, 77, 347

SW-CMM (Software Capability Maturity

Model), 179–180, 234, 260

Defined stage, 394, 419

Initial stage, 419

initial stage, 394

life-cycle management and, 195

Managed stage, 394, 419

Optimizing stage, 419

Repeatable stage, 394, 402, 419, 431

symlinks, 216

symmetric cryptosystems, 58, 278, 281, 337,

419, 441

symmetric keys, shared, 379

SYN flood attack, 170, 213, 386, 390, 410

synchronous communications, 450

synchronous soft tokens, 367

synthetic monitoring, 136, 372, 411, 455

synthetic transactions, 372

syslog, 241, 369, 422, 440

system boot process, 198

system downgrade, 33

System High mode, 342

system mode, 342

system testing, 400

systems assurance, 64

T

T1 lines, 354

T3 lines, 97, 354, 355

tables (databases), degrees, 180

tabletop exercise, 436

TACACS+ (Terminal Access Controller

Access-Control System), 359, 419, 450

tailoring, 423

take rule, 406

Take-Grant permissions model, 68, 204, 254

SPIT (Spam over Internet Telephony) attacks,
90, 352
SPML (Service Provisioning Markup
Language), 363, 409, 414, 425, 430
spoofing attacks, 185, 280, 412, 427, 448
SQL injection attack, 23, 187, 197, 304, 393,
398, 403
evidence, 171
sqlmap, 380
SSA E -18, 217
SSH (Secure Shell), 332, 379
versus Tel net , 32
SSI, OSI model and, 92
SSIDs
disabling, 84, 349
discovering, 84
multiple, 405
SSO redirects, 113
ST (service ticket), 301
stakeholders, 324
business continuity planning and, 17
star topology, 240, 417
state machines
Bell-LaPadula model, 71
Biba model, 71
state tokens, 118
stateful inspections, 354, 405
statement coverage tests, 379
static analysis, 380
static code analysis, 454
static packet filtering, 405, 415, 422
static program reviews, 376
static testing, 400
stealth viruses, 397
steganography, 62–63, 212, 342, 410
Stopped state, 438
STRIDE (Spoofing, Tampering, Repudiation,
Information Disclosure, Denial of
Service, Elevation of Privilege), 4, 10,
24, 135, 146, 270, 295, 326, 378
structural and behavior requirements, 397
structural coverage, code review, 226
STs (security targets), 452