About CISSP Evaluator Domain 3
Our CISSP Evaluator apps are the number one applications to help you pass the latest CISSP examination the first time taken! Each of our apps are categorized by domain, which provides you with the ease and convenience of reviewing specific domains you may need to pay extra attention to. With their simple to use interface, our apps makes studying each of the 8 CISSP domains a breeze. View the explanations of any question at any time, and at the end of a quiz or exam, see your score along with detailed explanations for any questions you may have answered incorrectly. With our CISSP Evaluator apps, you can study specific domains or take practice tests that mimic the real examination by purchasing the right CISSP Evaluator application today!
The CISSP Evaluator Domain 3 application tests a candidate's knowledge in the following:
*Implementing and managing engineering processes using secure design principles
*Fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)
*Selecting controls and countermeasures based upon systems security evaluation models
*Security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module, interfaces, fault tolerance)
*Assessing and mitigating vulnerabilities of security architectures, designs, and solution elements
----Client-based (e.g., applets, local caches) Server-based (e.g., data flow control)
----Database security (e.g., inference, aggregation, data mining, data analytics, warehousing)
----Large-scale parallel data systems
----Distributed systems (e.g., cloud computing, grid computing, peer to peer)
----Cryptographic systems
----Industrial control systems (e.g., SCADA)
*Assessing and mitigating vulnerabilities in web-based systems (e.g., XML, OWASP)
*Assessing and mitigating vulnerabilities in mobile systems
*Assessing and mitigating vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, Internet of things (IOT))
*Applying cryptography
----Cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance)
----Cryptographic types (e.g., symmetric, asymmetric, elliptic curves)
----Public Key Infrastructure (PKI)
----Key management practices
----Digital signatures
----Digital rights management
----Non-repudiation
----Integrity (hashing and salting)
----Methods of cryptanalytic attacks (e.g., brute force, cipher-text only, known plaintext)
*Applying secure principles to site and facility design
*Designing and implementing physical security
----Wiring closets
----Server rooms
----Media storage facilities
----Evidence storage
----Restricted and work area security (e.g., operations centers)
----Data center security
----Utilities and HVAC considerations
----Water issues (e.g., leakage, flooding)
----Fire prevention, detection and suppress