He is the recipient of the 2004 Joseph J. Wasserman Memorial Award for the distinguished contribution to the Information Systems Audit field, conferred by the New York Chapter of the Information Systems Audit and Control Association (ISACA). He is the first independent author and publisher in the CISSP Exam market to develop a comprehensive two-volume (Practice and Theory) reviewing products to help students prepare for the CISSP Exam in 2000. In addition to teaching undergraduate and graduate courses in business schools, he taught the Certified Information Systems Auditor (CISA) Exam and the Certified Internal Auditor (CIA) Exam review courses to prepare for these exams.

About the Technical Editor

RONALD L. KRUTZ is a senior information system security consultant. He has over 30 years of experience in distributed computing systems, computer architectures, real-time systems, information assurance methodologies, and information security training. He holds B.S., M.S., and Ph.D. degrees in Electrical and Computer Engineering and is the author of best-selling texts in the area of information system security. Dr. Krutz is a Certified Information Systems Security Professional (CISSP) and Information Systems Security Engineering Professional (ISSEP).

He coauthored the CISSP Prep Guide for John Wiley & Sons and is coauthor of the Wiley Advanced CISSP Prep Guide; CISSP Prep Guide, Gold Edition; Security +Certification Guide; CISM Prep Guide; CISSP Prep Guide, 2nd Edition: Mastering CISSP and ISSEP; Network Security Bible, CISSP and CAP Prep Guide, Platinum Edition: Mastering CISSP and CAP; Certified Ethical Hacker (CEH) Prep Guide; Certified Secure Software Lifecycle Prep Guide, Cloud Security, and Web Commerce Security.

He is also the author of Securing SCADA Systems and of three textbooks in the areas of microcomputer system design, computer interfacing, and computer architecture. Dr. Krutz has seven patents in the area of digital systems and has published over 40 technical papers. Dr. Krutz is a Registered Professional Engineer in Pennsylvania.

Acknowledgments

I want to thank the following organizations and institutions for enabling me to use their publications and reports. They were valuable and authoritative resources for developing the practice questions, answers, and explanations.

ISC2, Inc., for the use of its Common Body of Knowledge described in the “CISSP Candidate Information Bulletin,” January 1, 2012.

National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, for the use of various IT-related publications (FIPS, NISTIR, SP 500 series, SP 800 series).

National Communications System (NCS) and the U.S. Department of Defense (DOD) for their selected IT-related publications.

U.S. Government Accountability Office (GAO), formerly known as General Accounting Office, Washington, DC, for various IT-related reports and staff studies.

Office of Technology Assessment (OTA), U.S. Congress, Washington, DC, for various publications in IT security and privacy in network technology.

Office of Management and Budget (OMB), Washington, DC, for selected publications in IT security and privacy.

Federal Trade Commission (FTC), Washington, DC, at www.ftc.gov.

Chief Information Officer (CIO) council, Washington, DC at www.cio.gov.

Information Assurance Technical Framework (IATF), Release 3.1, National Security Agency (NSA), Fort Meade, Maryland, September 2002.

Security Technical Implementation Guides (STIGs) by Defense Information Systems Agency (DISA) developed for the U.S. Department of Defense (DOD).

I want to thank the following individuals for helping me to improve the content, quality, and completeness of this book:

Dean Bushmiller, of Austin, Texas, for grouping the author’s questions and making them into scenario-based questions and answers. Dean teaches the CISSP Exam and CISM Exam review classes to prepare for the exams.

Carol A. Long, executive acquisitions editor at Wiley Publishing, Inc., for publishing this book.

Ronald Krutz (technical editor), Apostrophe Editing Services (copy editor) and all the people at Wiley who made this book possible.

Credits

Executive Editor

Carol Long

Project Editor

Maureen Spears

Technical Editor

Ronald Krutz

Senior Production Editor

Debra Banninger

Copy Editor

Apostrophe Editing Services

Editorial Manager

Mary Beth Wakefield

Freelancer Editorial Manager

Rosemarie Graham

Marketing Manager

Ashley Zurcher

Production Manager

Tim Tate

Vice President and Executive Group Publisher

Richard Swadley

Vice President and Executive Publisher

Neil Edde

Associate Publisher

Jim Minatel

Project Coordinator, Cover

Katie Crocker

Compositor

JoAnn Kolonick, Happenstance Type-O-Rama

Proofreader

Kristy Eldredge,

Word One

Indexer

Robert Swanson

Cover Image

© Peter Nguyen / iStockPhoto

Cover Designer

Ryan Sneed

Preface

The purpose of CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test is to help the Certified Information Systems Security Professional (CISSP) examination candidates prepare for the exam by studying and practicing the sample test questions with the goal to succeed on the exam.

A total of 2,250 traditional multiple-choice (M/C) questions, answers, and explanations are presented in this book. In addition, a total of 82 scenario-based M/C questions, answers, and explanations are taken from the traditional 2,250 questions and grouped into the scenario-based format to give a flavor to the scenario questions. Traditional questions contain one stem followed by one question set with four choices of a., b., c., and d., and scenario questions contain one stem followed by several question sets with four choices of a., b., c., and d. The scenario-based questions can focus on more than one domain to test the comprehensive application of the subject matter in an integrated manner whereas the traditional questions focus on a single domain.

These 2,250 sample test practice questions are not duplicate questions and are not taken from the ISC2 or from anywhere else. The author developed these unique M/C questions for each domain based on the current CISSP Exam content specifications (see the “Description of the CISSP Examination” later in this preface). Each unique and insightful question focuses on a specific and necessary depth and breadth of the subject matter covered in the CISSP Exam.