Saturday, June 29, 2013

Start a Conversation With Your Child

I Can Believe in Myself

A children's book by Miriam Laundry with pictures by Jenniffer Julich.
My good friend Miriam Laundry recently released this book and even though it's outside the scope of this blog, I loved it so much I wanted to share it with you.If you have any children and you want to start a conversation with them about their confidence and self-esteem, this is the perfect book. It is so easy for children to grow up with an inner voice constantly saying "I can't" and if that's the only message they hear, they might start to believe it.

Ideally, parents would be able to hear that inner voice as soon is starts to attack their child's confidence and self-esteem. Sadly, only the child hears it.

However, parents can read this book to their children and help counter that inner voice with words to build their child's confidence and self-esteem.

Instead of a message of "I Can't", parents can help their children develop an attitude of "I Can."

Parents might even help their children grow up with a mindset of no limitations, realizing they can do anything.

Although I don't have any children to read to, I loved the messages in the I CAN Believe in Myself book so much, I bought a copy for my local library. You can to.

Monday, June 24, 2013

Identify Smurf Attacks in the Security+ Exam

Identify Smurf Attacks

Can you identify smurf attacks? The Security+ exam expects you to to be able to analyze and differentiate different types of attacks, including a smurf attack so you should understand how it works.

Performance Based Questions

Topics such as identifying attacks are ideally suited for the new performance based questions on the CompTIA Security+ exam. Instead of answering a multiple choice question, you might need to identify an attack shown in a diagram. If you're unfamiliar with the new performance based questions, check out these blogs too:

Identify Smurf Attacks - An Overview

A smurf attack spoofs the source address of a broadcast ping packet to flood a victim with ping replies. That's a complex sentence, so it's worthwhile breaking this down.
  • A ping is normally a unicast message
  • A smurf attack sends a ping as a broadcast instead of a unicast
  • The smurf attack spoofs the source IP address using the IP address of the victim
  • Other systems on the network flood the victim with pings

A Ping is Normally Unicast

A ping is normally a unicast message sent from one computer to one computer. It sends ICMP echo requests to one computer, and the receiving computer responds with ICMP echo responses.  Figure 1 shows how this works. Computer 1 is sending out a unicast ping to computer 3 and computer 3 responds with ICMP replies.
Identify Smurf Attacks Ping uses unicast
Figure 1
If you receive the responses you know that the other computer is operational.

Note: Because ICMP is used in many types of attacks, many firewalls block ICMP echo requests. If you don't receive ping responses back it doesn't necessarily mean the other computer is not operational. It could be because the ping is being blocked by a firewall.

On Windows systems, ping sends out four ICMP requests and gets back four replies. On  some other operating systems, ping continues until stopped. You can add the -t switch to ping on Windows systems causing ping requests to continue until stopped.
Pass the Security+ exam the first time you take it:
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

A Smurf Attack Sends the Ping Out as a Broadcast

Instead of using a unicast message, a smurf attack sends out the ping request as a broadcast.  In a broadcast, one computer sends the packet to all other computers in the subnet. These computers then reply to the single computer that sent the broadcast ping as shown in Figure 2. Computer 1 is sending out a broadcast ping to all the computers on the subnet and each one of them are now responding, flooding the computer with ping replies.
Identify Smurf Attacks Ping using broadcast instead of unicast
Figure 2
If computer 1 is the attacker, the results of Figure 2 aren't very beneficial.  If something isn't changed, the attacker gets attacked.

The Smurf Attack Spoofs the Source IP

If the source IP address isn’t changed, the computer sending out the broadcast ping will get flooded with the ICMP replies. Instead, the smurf attack substitutes the source IP with the IP address of the victim, and the victim gets flooded with these ICMP replies. 

Figure 3 shows how computer 1 can send out the smurf attack using computer 2's IP address as the source IP address. All the computers on the subnet then flood computer 2 with ICMP replies.
Identify Smurf Attacks Broadcast ping spoofing the source IP address
Figure 3

Smurf Attacks Use Amplifying Networks

A smurf amplifier is a computer network used in a smurf attack. This is easily prevented by blocking IP directed broadcasts used by smurf attacks. However, if a router or a firewall isn't configured to protect the network, it can become part of the attack.

Figure 4 shows how this works. The attacker (computer 1) sends a broadcast ping into the amplifying network with a spoofed source IP address of computer 6. Each computer in the amplifying network receives the broadcast and then responds by flooding the victim (computer 6) with ping replies.
Identify Smurf Attacks Smurf attack using amplifying network
Figure 4

Not Blue Packets

The rumor that a smurf attack is one where attackers send out little blue packets that report back to Papa Smurf is simply not true.
Identify Smurf Attacks Smurfs

Summary

Ensure you understand the basics of a smurf attack when taking any security-based exam such as the Security+SSCP, or CISSP exams. A smurf attack spoofs the source address of a broadcast ping packet to flood a victim with ping replies. Smurf attacks are known to use amplifying networks but administrators commonly block this rules on a router or firewall.

Saturday, June 22, 2013

Security+ Match Device Controls

Security+ Match Device Controls

The Security+ exam expects you to understand controls and you should be able to match device controls with specific devices. For example, can you match device controls used with mobile devices? Can you match device controls used on servers?

Performance Based Questions

Topics such as security controls for devices are ideally suited for the new performance based questions on the CompTIA Security+ exam. Instead of answering a multiple choice question, you might need to drag and drop different controls to the devices that they protect. If you're unfamiliar with the new performance based questions, you might like to check out these blogs too:

Match Device Controls Practice Question

The following list of controls includes some that are used with mobile devices exclusively. It also includes some controls that are used with servers but not mobile devices. Do you know which ones are which?

Security+ Match Device Controls

Click the image for a larger view.
Some of these are used only on mobile devices, some are only used on servers, and some can be used on both.
Which security controls are for mobile devices? mobiledevicesicon
Which security controls are for servers? serversicon
Pass the Security+ exam the first time you take it:
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

Match Device Controls for Mobile Devices

Here are the common security controls used for mobile devices:
  • Screen lock. Uses a passcode or password to lock the device. This prevents a thief from using a stolen device.
  • Strong password. Any time a password is used to protect a mobile device (or any device or system), it should be strong. This means they are at least eight characters and include multiple character types, such as upper case, lower case, numbers, and symbols. Two other blogs that cover password topics for the Security+ exam are Understanding Password History, and Three Factors of Authentication and Multifactor Authentication.
  • Data encryption. Encryption protects the confidentiality of data and smartphone security includes device encryption to protect the data against loss of confidentiality. It's possible to selectively encrypt some data on a system, an entire drive, or an entire device.
  • Remote wipe/sanitation. Remote wipe capabilities are useful if the phone is lost. The owner can send a remote wipe signal to the phone to delete all the data on the phone. This also deletes any cached data, such as cached online banking passwords, and provides a complete sanitization of the device, ensuring that all valuable data is removed.
  • Voice encryption. It’s possible to use voice encryption with some phones to help prevent the interception of conversations
  • Global positioning system (GPS) tracking. A GPS pinpoints the location of the phone. Many phones include GPS applications that you can run on another computer. If you lose your phone, GPS can help you find it. Who knows? You may find that it just fell through the cushions in your couch. This is useful to know before you send a remote wipe signal.
  • Cable locks. The number of laptops stolen during lunches at conferences is astronomical. Many people don’t seem to know how common thefts are and often leave their laptops unprotected. Cable locks can secure a mobile computer. They often look about the same as a cable lock used to secure bicycles.
  • Locked cabinet or safe. Small devices can be secured within a locked cabinet or safe. When they aren’t in use, a locked cabinet helps prevent their theft.
If you were to match the controls to the Mobile devices, it might look like this. The idea is that you drag and drop individual controls from the area on the right to the area under Mobile Devices.
Security+ Match Device Controls to Mobile Devices
Click the image for a larger view.

Match Device Controls for Servers

If you were to match the controls to servers, it might look like this:
Security+ Match Device Controls to Servers
Click the image for a larger view.
Some of these items are the same as the mobile devices, and some of the items are unique for servers:
  • Strong password. Any time a password is used to protect a mobile device (or any device or system), it should be strong. This means they are at least eight characters and include multiple character types, such as upper case, lower case, numbers, and symbols. Two other blogs that cover password topics for the Security+ exam are Understanding Password History, and Three Factors of Authentication and Multifactor Authentication.
  • Least privilege. Least privilege is a technical control. It specifies that individuals or processes are granted only those rights and permissions needed to perform their assigned tasks or functions. Rights and permissions are commonly assigned on servers, but rarely on mobile devices such as tablets and smartphones.
  • Data encryption. Encryption protects the confidentiality of data on servers just as it can protect the confidentiality of data on mobile devices.  It's possible to selectively encrypt individual files or entire disk volumes.
  • Mantrap, cipher lock, and proximity lock. This are examples of physical security and they can be used to restrict access to a server room.
  • Firewall. Software-based firewalls are commonly used on servers but are extremely rare on mobile devices.
  • TPM and HSM. Trusted Platform Modules (TPMs) and hardware security modules (HSMs) are hardware encryption devices. You can read more about them in the TPM and HSM Hardware Encryption Devices blog.

Other Security+ Resources

Security+ Match Device Controls Summary

You can expect to see some performance based questions on the Security+ exam and you might even see one requiring you to match device controls to specific devices. While these are different from a typical multiple choice question, you can still answer them correctly as long as you know the content. The information from this blog was derived from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide, and it covers all of the security controls in the Security+ exam.

Thursday, June 20, 2013

Using the A+ Training Kit

Using the A+ Training Kit

I recently received an email from a reader asking how to use the CompTIA A+ Training Kit (Exam 220-801 and Exam 220-802) book.  The two CompTIA A+ exams include pages and pages of objectives and the CompTIA A+ Training Kit (Exam 220-801 and Exam 220-802) book includes 26 chapters so it is a good question.
The book includes a CD with the following contents:
  • A fully functioning test engine with practice tests for the 220-801 and 220-802 exams. The engine includes study mode where you can immediately see the correct answer and explanation, and certification mode where the answers only show at the end of the test.
  • 196 realistic practice test questions for the 220-801 exam.
  • 200 realistic practice test questions for the 220-802 exam.
  • A fully searchable copy of the book in a PDF format.
  • A list of links to other content including multiple videos available on Microsoft sites and elsewhere.

What Type of Reader Are You?

While writing this book, I had three types of readers in mind. I expected each of these three readers would approach the book differently, but I also wanted to make sure it was useful to them.

1) Relatively New to Computers

If this is you, you can read the book from page 1 to the last page, mastering the concepts as you go.
Once you finish it, break open the CD and start doing practice test questions for the 220-801 exam. Each question has in-depth explanations and identifies the chapter where the concept is covered. At this point, you should ensure you know why the correct answers are correct, and why the incorrect answers are incorrect.

After passing the 220-801 exam, start doing the practice test questions for the 220-802 exam.

2) Very Familiar with Computers

If you've been working in an IT job for years but are taking the A+ exams to fulfill an employer requirement, you can use this method. Look at the 220-801 objectives to see what is clear and what isn't. For any concepts that aren't clear, use the objective map at the very beginning of the book, the table of contents, and the index to identify where the concepts are covered. You can also break open the CD and use the searchable PDF to find topics.

Next, start doing practice test questions for the 220-801 exam. The goal isn't to get all the questions correct. The goal is to ensure you understand the concepts. Ideally, you should be able to look at any question and know why the correct answers are correct, and why the incorrect answers are incorrect. This way, no matter how CompTIA words the questions, you'll be able to answer them correctly.

Finish the 220-801 exam and repeat this process with the 220-802 objectives.

3) Using the Book as a Secondary Source

It is common to use more than one source to study for any certification exam. If a topic isn't clear, you can use the second book to get another author's perspective. Use the objective map, the table of contents, the index, and the searchable PDF to identify where any topic is covered.
You can also use the practice test questions on the CD to help you prepare.

How is the A+ Training Kit Organized?

When I first started planning the book, my primary goal was to present the material in a logical order so that they made sense to just about any reader. Of course, I covered all the objectives, but for this book I didn't follow the order of the objectives. Topics in Domain 1 covered BIOS, motherboards, RAM, CPUs, chipsets, power, fans, front panel connectors, bus speeds, expansion cards, storage devices, cooling methods, interfaces, and custom configurations.

Instead, I outlined four major sections of the based on the A+ objectives for both exams. My section labels were helpful to me as I created the chapters and organized the book, but the section labels were cut somewhere in the editing process. Here are the four sections:

A+ Training Kit Section 1 - Hardware

The first ten chapters are focused on hardware components and troubleshooting them. These topics are heavily tested in the 220-801 exam, and advanced concepts are tested in the 220-802 exam. For example, the Troubleshooting domain in the 220-802 exam comprises 36% of the exam and expects you to know how to troubleshoot almost all of the hardware covered in the 220-801 exam.
  • Chapter 1 Introduction to Computers
  • Chapter 2 Understanding Motherboards and BIOS
  • Chapter 3 Understanding RA M and CPUs
  • Chapter 4 Comparing Storage Devices
  • Chapter 5 Exploring Peripherals and Expansion Cards
  • Chapter 6 Exploring Video and Display Devices
  • Chapter 7 Exploring Printers
  • Chapter 8 Working with Laptops
  • Chapter 9 Understanding Mobile Devices
  • Chapter 10 Working with Customers

A+ Training Kit Section 2 - Operating Systems

The next seven chapters focuses on Windows operating system topics. The 220-802 exam includes the Operating Systems domain which is 33% of the exam.
  • Chapter 11 Introducing Windows Operating Systems
  • Chapter 12 Installing and Updating Windows Operating Systems
  • Chapter 13 Using Windows Operating Systems
  • Chapter 14 Using the Command Prompt
  • Chapter 15 Configuring Windows Operating Systems
  • Chapter 16 Understanding Disks and File Systems
  • Chapter 17 Troubleshooting Windows Operating Systems

A+ Training Kit Section 3 - Networking

Section 3 includes seven chapters on networking topics.  Networking is 27 percent of the 220-801 exam. These topics are also interspersed in various objectives in the 220-802 exam.
  • Chapter 18 Introducing Networking Components
  • Chapter 19 Exploring Cables and Connectivity
  • Chapter 20 Understanding Protocols
  • Chapter 21 Comparing IPv4 and IPv6
  • Chapter 22 Network Security Devices
  • Chapter 23 Exploring Wireless Networking
  • Chapter 24 Connecting and Troubleshooting a Network

A+ Training Kit Section 4 - Security

The last section includes two chapters on security. The 220-802 has a heavy focus on security. The security domain is 22 percent of that exam, and security topics are sprinkled throughout the objectives.
  • Chapter 25 Understanding IT Security
  • Chapter 26 Recognizing Malware and Other Threats

Practice Test Questions for your Mobile Device

If desired, you can also complement the A+Training Kit with additional practice test questions. Learnzapp has published some great apps for most mobile devices to help people study practice test questions while on the go. Search the app store with "Learnzapp A+".

Tuesday, June 18, 2013

Network+ Troubleshooting Model

Network+ Troubleshooting Model

If you plan to take the Network+ exam, you should be aware of the Network+ troubleshooting model concepts listed by CompTIA. The good news is that this is rather straight forward if you look at the objectives. However, without an understanding of the Network+ troubleshooting model, question like the following might be challenging.

Sample Network+ Troubleshooting Model Questions

Can you answer these questions?
Q1. Sally has told you that she can no longer access a data share on a server within the network. Of the following choices, what is the BEST choice as your first step?
A. Check the server
B. Check the router
C. Check the switch
D. Ask Sally if anything on her computer has changed
Answer later in this blog.

Q2. Bob is troubleshooting a problem where a user is unable to access some network resources. He has determined that the fault is within a managed switch. However, he isn’t familiar with this switch and does not know how to access the configuration page. What should he do?
A. Gather information
B. Escalate the problem
C. Establish a plan of action
D. Document findings, actions, and outcomes
Answer later in this blog.
Over 275 realistic practice test questions available in the
CompTIA Network+ N10-005: Practice Test Questions (Get Certified Get Ahead)Kindle book.
Only $9.99. Free Kindle apps available for any platform.

Network+ Troubleshooting Model Objectives

CompTIA provides specific troubleshooting steps within the objectives. If you took the A+ exam, these should look familiar to you though they aren’t exactly the same. You should understand the specific steps and their order. They are:
  • Identify the problem:
    • Information gathering
    • Identify symptoms
    • Question users
    • Determine if anything has changed
  • Establish a theory of probable cause
    • Question the obvious
  • Test the theory to determine cause:
    • Once theory is confirmed determine next steps to resolve problem.
    • If theory is not confirmed, re-establish new theory or escalate.
  • Establish a plan of action to resolve the problem and identify potential effects
  • Implement the solution or escalate as necessary
  • Verify full system functionality and if applicable implement preventative measures
  • Document findings, actions and outcomes
If you know the order of the steps in the Network+ troubleshooting model, it will be easier to answer many of the questions that use phrases such as  “What should you do FIRST?” or “What should you do LAST?” It also allows you to answer other questions about the model through logic and elimination.  The only thing that might be confusing is when to escalate a problem.

Escalating Problems

There are times when you need to escalate a problem. This means that you pass the problem onto someone else within your organization. For example, many organizations use multiple tiers or levels of support. Personnel working in lower levels have very basic knowledge and do not have sufficient rights or permissions to resolve some problems. Instead, they need to escalate problems to higher-level technicians that have more knowledge and adequate rights and permissions. Common tiers or levels used in organizations are:
  • Tier 1 support is the most basic support. Personnel have basic skills, knowledge, and permissions to resolve simple problems. If technicians working at Tier 1 cannot resolve a problem, they can escalate it to Tier 2.
  • Tier 2 support technicians have a higher level of knowledge, experience, and permissions than Tier 1 personnel do. They assist Tier 1 personnel and can handle problems that are more complex. If Tier 2 support technicians cannot resolve a problem, they can escalate it to Tier 3.
  • Tier 3 support is often the highest level of support within an organization. Administrators and technicians at this level resolve the most complex problems. If they cannot resolve the problem, they might need to get assistance from outside the organization.

Network+ Troubleshooting Model Flowcharts

The first three steps of the Network+ troubleshooting model are shown in the following flow chart. This shows how a technician can loop between establishing a theory and testing a theory multiple times. At some point, the technician either confirms the theory and moves on to the next step in the troubleshooting model, or escalates the problem.
Network+ Troubleshooting Model Flowchart 1
At this stage, the primary reason technicians escalate a problem is when they run out of ideas for new theories. In other words, the technicians have exhausted their current knowledge and experience.
The next flow chart shows the last four stages of the Network+ troubleshooting model. This also has a decision point and an option to escalate the problem, though it's for a different reason. At this stage, the primary reason technicians escalate a problem is when they lack the rights or permissions to implement a solution. As an example, a technician might determine that a network switch has failed and should be replaced. However, if the technician doesn't have adequate rights or permissions to replace a switch, the technician escalates the problem.
Network+ Troubleshooting Model Flowchart 2

Sample Network+ Troubleshooting Theory Question and Answer

Here's the answer to the question posted at the beginning of this blog.
Q1. Sally has told you that she can no longer access a data share on a server within the network. Of the following choices, what is the BEST choice as your first step?
A. Check the server
B. Check the router
C. Check the switch
D. Ask Sally if anything on her computer has changed
Answer D is correctThe first step in the CompTIA troubleshooting model is to identify the problem and this includes questioning users and determining if anything has changed. You might choose to check the server, the router, and the switch later in your troubleshooting steps, but you should first identify the problem by gathering information, identifying symptoms, questioning users, and determining if anything has changed.
Realistic practice test questions for the Network+ N10-005 exam Available through LearnZapp on your mobile phone
Q2. Bob is troubleshooting a problem where a user is unable to access some network resources. He has determined that the fault is within a managed switch. However, he isn’t familiar with this switch and does not know how to access the configuration page. What should he do?
A. Gather information
B. Escalate the problem
C. Establish a plan of action
D. Document findings, actions, and outcomes
Answer B is correct. When technicians do not have enough knowledge or experience to troubleshoot further, they should escalate the problem and in this case, Bob doesn’t know how to access the configuration page of the managed switch. Gathering information is part of the first step (identifying the problem) but Bob has already done this step. If Bob had the knowledge of how to configure the switch, he should establish a plan of action but without this knowledge, he should escalate the problem. The last step is to document findings, actions, and outcomes but this is done after the problem is resolved.

Network+ Kindle Shorts

Topics in this blog came from the CompTIA Network+ Basic Networking Components (A Get Certified Get Ahead Kindle Short) ebook. This Kindle Short will be Chapter 1 in the upcoming  CompTIA Network+ Get Certified Get Ahead Study Guide written in the same style as the top selling CompTIA Security+: Get Certified Get Ahead Study Guide. Network+ Kindle shorts currently available are:


Join the conversation and get more free practice test questions on The Get Certified Get Ahead Facebook Page

Sunday, June 2, 2013

Save 50% on All Ebooks from Microsoft Press

Save 50% on *All* Ebooks from Microsoft Press

In celebration of TechEd, happening now in New Orleans, you can save 50% on all ebooks from Microsoft Press through shop.oreilly.com. Whether you're learning A+, CISSP, PowerShell 3.0, or deep into Windows Server 2012, or just about any other IT topic, you can  save now on the titles that will make your job easier. 

Ebooks from shop.oreilly.com are DRM-free. You get free lifetime access, multiple file formats, and free updates. Sync with Dropbox — your files, anywhere.

Use discount code CFTECH - Deal expires June 7, 2013 at 5:00am PT, and cannot be combined with other offers. Offer does not apply to Print, or "Print & Ebook" bundle pricing.
Save 50% on Ebooks from Microsoft Press
Here are some books you can get in this promotion.

CompTIA A+ Training Kit (Exam 220-801 and Exam 220-802)

Ace your preparation for the CompTIA A+ Exams 220-801 and 220-802 with this 2-in-1 Training Kit from Microsoft Press®. Work at your own pace through a series of lessons and practical exercises, and then assess your computing technology skills with the online practice test—featuring multiple, customizable testing options to meet your specific needs.

Your Training Kit includes:
  • In-depth coverage of all 10 CompTIA domains in Exams 220-801 and 220-802
  • Instructive case studies to enhance your performance on the job
  • Online practice tests to help you assess your exam readiness
  • The entire Training Kit in searchable eBook format
http://shop.oreilly.com/product/0790145335333.do

If you want a paperback copy, you can get it here: CompTIA A+ Training Kit (Exam 220-801 and Exam 220-802).

This book is getting great reviews on Amazon. Here are some comments.

Was the only resource I needed

If you have a background in PC hardware and already know your way around and computer, then this should be all you really need to be able to pass the exams.

From the arrival of the book, to taking the tests took only 3 weeks until I felt I was prepared enough. Really, a good piece of reference material to pick up and keep.

Great Tool for Certification or Refresher

I've worked as a computer technician for about eight years, getting my A+ certification just prior to being hired and re-certifying as part of a company-wide training curriculum a couple years later. When I'm not studying for something new, I like to pick up a study guide for one of the basic certifications as a refresher. Mike Meyers got me through my actual certifications and up until now he has been, without question, my favorite author on the subject. Darril Gibson will be my first choice from now on.

Terrific and Exhaustively Complete Test Prep

If you're going to prep for this test, I cannot imagine a better resource than this book.

Personally, I found the following topics very well-handled: Understanding the File Systems, Expansion Cards and Peripherals, and Configuring Windows.

Excellent resource for CompTIA A+

This book is really pleasant to read and learn from. At first I took cbtnuggets.com videos for CompTIA A+ and I am really happy I did it. 95% of the info you need its there but sometimes you need some more specific info on particular subjects like how basses work, clock speeds etc. This book can fill this gap and at the same time it will be really enjoyable to read because of the clear and concise writing approach that the author uses. One more advantage is that it covers all new topics CompTIA A+ has included like Mobile Devices Chapter.

CompTIA A+ Rapid Review

Assess your readiness for CompTIA A+ Exams 220-801 and 220-802—and quickly identify where you need to focus and practice. This practical, streamlined guide walks you through each exam objective, providing "need to know" checklists, review questions, tips, and links to further study—all designed to help bolster your preparation.

http://shop.oreilly.com/product/0790145349637.do

If you want a paperback copy, you can get it here: CompTIA A+ Rapid Review (Exam 220-801 and Exam 220-802) .

This book is intended to be a late stage review book and can be used as a supplement to the CompTIA A+ Training Kit (Exam 220-801 and Exam 220-802).

CISSP Rapid Review

Assess your readiness for the CISSP Exam—and quickly identify where you need to focus and practice. This practical, streamlined guide provides objective overviews, exam tips, "need-to-know" checklists, review questions, and a list of valuable resources—all designed to help evaluate and reinforce your preparation.

http://shop.oreilly.com/product/0790145349200.do

If you want a paperback copy, you can get it here: CISSP Rapid Review.

This book is intended to be a late stage review book and can be used as a supplement to the CISSP: Certified Information Systems Security Professional Study Guide.

Ebooks from Microsoft Press Summary

Save 50% on all ebooks from shop.oreilly.com with discount code CFTECH. This deal expires  June 7, 2013.