Full download test bank at ebook textbookfull.

com

CISSP study guide Conrad

CLICK LINK TO DOWLOAD

https://textbookfull.com/product/cissp-study-
guide-conrad/

textbookfull
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

CISSP Official Study Guide Mike Chapple

https://textbookfull.com/product/cissp-official-study-guide-mike-
chapple/

(ISC)² CISSP certified information systems security

professional: official study guide Eighth Edition
Chapple

https://textbookfull.com/product/isc%c2%b2-cissp-certified-
information-systems-security-professional-official-study-guide-
eighth-edition-chapple/

CISSP All in One Exam Guide Harris

https://textbookfull.com/product/cissp-all-in-one-exam-guide-
harris/

Cissp All-In-One Exam Guide Shon Harris

https://textbookfull.com/product/cissp-all-in-one-exam-guide-
shon-harris/
CISSP All in one Exam Guide 7th Edition Shon Harris

https://textbookfull.com/product/cissp-all-in-one-exam-guide-7th-
edition-shon-harris/

CISSP All in one Exam Guide 8th Edition Shon Harris

https://textbookfull.com/product/cissp-all-in-one-exam-guide-8th-
edition-shon-harris/

CISSP Official Practice Tests Mike Chapple

https://textbookfull.com/product/cissp-official-practice-tests-
mike-chapple/

Proteome informatics Conrad Bessant

https://textbookfull.com/product/proteome-informatics-conrad-
bessant/

ACLS Study Guide Barbara J. Aehlert

https://textbookfull.com/product/acls-study-guide-barbara-j-
aehlert/
CISSP Study Guide
Page left intentionally blank
CISSP Study Guide
Third Edition

Eric Conrad

Seth Misenar

Joshua Feldman

Bryan Simon - Technical Editor

AMSTERDAM • BOSTON • HEIDELBERG • LONDON

NEW YORK • OXFORD • PARIS • SAN DIEGO
SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO
Syngress is an imprint of Elsevier
Acquiring Editor: Chris Katsaropoulos
Editorial Project Manager: Anna Valutkevich
Project Manager: Priya Kumaraguruparan
Designer: Mark Rogers

Syngress is an imprint of Elsevier

225 Wyman Street, Waltham, MA 02451, USA

Copyright © 2016, 2012, 2011 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or any information storage and retrieval system, without
permission in writing from the publisher. Details on how to seek permission, further information about the
Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance
Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher
(other than as may be noted herein).

Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden
our understanding, changes in research methods, professional practices, or medical treatment may become
necessary.

Practitioners and researchers must always rely on their own experience and knowledge in evaluating and
using any information, methods, compounds, or experiments described herein. In using such information
or methods they should be mindful of their own safety and the safety of others, including parties for whom
they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any
liability for any injury and/or damage to persons or property as a matter of products liability, negligence
or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in
the material herein.

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

ISBN: 978-0-12-802437-9

For information on all Syngress publications

visit our website at store.elsevier.com/Syngress
Contents
About the Authors....................................................................................................xix
Acknowledgments....................................................................................................xxi

CHAPTER 1 Introduction.................................................................................. 1
How to Prepare for the Exam.......................................................... 2
The CISSP® Exam is a Management Exam............................. 2
The 2015 Update....................................................................... 2
The Notes Card Approach........................................................ 3
Practice Tests............................................................................ 3
Read the Glossary..................................................................... 3
Readiness Checklist.................................................................. 4
How to Take the Exam.................................................................... 4
Steps to Becoming a CISSP®................................................... 4
Computer Based Testing (CBT)............................................... 5
How to Take the Exam............................................................. 5
After the Exam.......................................................................... 9
Good Luck!...................................................................................... 9
References...................................................................................... 10

CHAPTER 2 Domain 1: Security and Risk Management

(e.g., Security, Risk, Compliance, Law,
Regulations, Business Continuity)..................................... 11
Unique Terms and Definitions....................................................... 11
Introduction....................................................................................12
Cornerstone Information Security Concepts................................. 12
Confidentiality, Integrity and Availability.............................. 12
Identity and Authentication, Authorization
and Accountability (AAA)...................................................... 15
Non-Repudiation..................................................................... 17
Least Privilege and Need to Know......................................... 17
Subjects and Objects............................................................... 18
Defense-in-Depth.................................................................... 19
Due Care and Due Diligence.................................................. 19
Legal and Regulatory Issues.......................................................... 20
Compliance with Laws and Regulations................................20
Major Legal Systems.............................................................. 20
Criminal, Civil, and Administrative Law............................... 22
Liability................................................................................... 23

v
vi Contents

Due Care................................................................................. 24
Due Diligence......................................................................... 24
Legal Aspects of Investigations.............................................. 24
Intellectual Property................................................................ 31
Privacy.................................................................................... 36
International Cooperation....................................................... 38
Import/Export Restrictions.....................................................38
Trans-Border Data Flow......................................................... 39
Important Laws and Regulations............................................ 39
Security and 3rd Parties.................................................................. 43
Service Provider Contractual Security.................................... 44
Procurement............................................................................ 45
Vendor Governance................................................................ 45
Acquisitions............................................................................ 45
Divestitures............................................................................. 46
Ethics.............................................................................................46
The (ISC)2® Code of Ethics...................................................46
Computer Ethics Institute....................................................... 48
IAB’s Ethics and the Internet.................................................. 48
Information Security Governance.................................................. 49
Security Policy and Related Documents................................. 49
Personnel Security.................................................................. 52
Access Control Defensive Categories and Types.......................... 55
Preventive............................................................................... 55
Detective................................................................................. 56
Corrective................................................................................ 56
Recovery................................................................................. 56
Deterrent................................................................................. 56
Compensating......................................................................... 57
Comparing Access Controls................................................... 57
Risk Analysis................................................................................. 58
Assets...................................................................................... 58
Threats and Vulnerabilities..................................................... 58
Risk = Threat × Vulnerability................................................. 59
Impact..................................................................................... 60
Risk Analysis Matrix.............................................................. 60
Calculating Annualized Loss Expectancy.............................. 60
Total Cost of Ownership......................................................... 62
Return on Investment.............................................................. 63
Budget and Metrics................................................................. 64
Risk Choices........................................................................... 65
 Contents vii

Quantitative and Qualitative Risk Analysis............................ 67

The Risk Management Process............................................... 67
Types of Attackers......................................................................... 68
Hackers................................................................................... 68
Black Hats and White Hats..................................................... 69
Script Kiddies.........................................................................69
Outsiders................................................................................. 70
Insiders.................................................................................... 71
Hacktivist................................................................................ 71
Bots and Botnets..................................................................... 72
Phishers and Spear Phishers...................................................73
Summary of Exam Objectives....................................................... 74
Self Test......................................................................................... 74
Self Test Quick Answer Key......................................................... 77
References...................................................................................... 78

CHAPTER 3 Domain 2: Asset Security (Protecting Security

of Assets).................................................................................... 81
Unique Terms and Definitions....................................................... 81
Introduction....................................................................................81
Classifying Data............................................................................. 82
Labels...................................................................................... 82
Security Compartments........................................................... 82
Clearance................................................................................83
Formal Access Approval........................................................83
Need to Know......................................................................... 84
Sensitive Information/Media Security.................................... 84
Ownership...................................................................................... 85
Business or Mission Owners................................................... 85
Data Owners...........................................................................85
System Owner......................................................................... 85
Custodian................................................................................ 86
Users....................................................................................... 86
Data Controllers and Data Processors....................................86
Data Collection Limitation..................................................... 86
Memory and Remanence............................................................... 87
Data Remanence..................................................................... 87
Memory................................................................................... 87
Data Destruction............................................................................ 90
Overwriting............................................................................. 91
viii Contents

Degaussing.............................................................................. 91
Destruction.............................................................................. 92
Shredding................................................................................ 92
Determining Data Security Controls............................................. 92
Certification and Accreditation............................................... 92
Standards and Control Frameworks........................................ 93
Scoping and Tailoring............................................................. 96
Protecting Data in Motion and Data at Rest........................... 96
Summary of Exam Objectives....................................................... 98
Self Test......................................................................................... 98
Self Test Quick Answer Key....................................................... 100
References.................................................................................... 101

CHAPTER 4 Domain 3: Security Engineering (Engineering

and Management of Security)...........................................103
Unique Terms and Definitions..................................................... 103
Introduction..................................................................................104
Security Models........................................................................... 104
Reading Down and Writing Up............................................ 104
State Machine Model............................................................ 105
Bell-LaPadula Model............................................................ 106
Lattice-Based Access Controls............................................. 106
Integrity Models.................................................................... 106
Information Flow Model....................................................... 109
Chinese Wall Model............................................................. 109
Noninterference....................................................................109
Take-Grant............................................................................ 110
Access Control Matrix.......................................................... 110
Zachman Framework for Enterprise Architecture................ 111
Graham-Denning Model....................................................... 111
Harrison-Ruzzo-Ullman Model............................................ 112
Modes of Operation.............................................................. 112
Evaluation Methods, Certification and Accreditation................. 113
The Orange Book.................................................................. 113
ITSEC................................................................................... 114
The International Common Criteria...................................... 115
Secure System Design Concepts................................................. 116
Layering................................................................................ 116
Abstraction............................................................................ 117
Security Domains.................................................................. 117
The Ring Model.................................................................... 117
Open and Closed Systems..................................................... 119
 Contents ix

Secure Hardware Architecture..................................................... 119

The System Unit and Motherboard....................................... 119
The Computer Bus................................................................ 119
The CPU...............................................................................120
Memory Protection............................................................... 123
Trusted Platform Module...................................................... 126
Data Execution Prevention and Address Space
Layout Randomization.......................................................... 126
Secure Operating System and Software Architecture................. 127
The Kernel............................................................................ 127
Users and File Permissions................................................... 128
Virtualization and Distributed Computing.................................. 131
Virtualization........................................................................ 131
Cloud Computing.................................................................. 132
Grid Computing.................................................................... 134
Large-Scale Parallel Data Systems....................................... 134
Peer to Peer........................................................................... 134
Thin Clients........................................................................... 135
System Vulnerabilities, Threats and Countermeasures............... 136
Emanations............................................................................ 136
Covert Channels.................................................................... 137
Backdoors............................................................................. 138
Malicious Code (Malware)................................................... 138
Server-Side Attacks.............................................................. 140
Client-Side Attacks............................................................... 140
Web Architecture and Attacks.............................................. 141
Database Security.................................................................143
Countermeasures................................................................... 145
Mobile Device Attacks......................................................... 146
Cornerstone Cryptographic Concepts.......................................... 147
Key Terms............................................................................. 147
Confidentiality, Integrity, Authentication
and Non-Repudiation............................................................ 147
Confusion, Diffusion, Substitution and Permutation............ 147
Cryptographic Strength......................................................... 148
Monoalphabetic and Polyalphabetic Ciphers.......................148
Modular Math....................................................................... 148
Exclusive Or (XOR)............................................................. 149
Data at Rest and Data in Motion........................................... 150
Protocol Governance............................................................. 150
History of Cryptography.............................................................. 150
Egyptian Hieroglyphics........................................................ 151
x Contents

Spartan Scytale.....................................................................151
Caesar Cipher and other Rotation Ciphers...........................151
Vigenère Cipher.................................................................... 152
Cipher Disk........................................................................... 153
Jefferson Disks...................................................................... 153
Book Cipher and Running-Key Cipher................................155
Codebooks............................................................................155
One-Time Pad....................................................................... 155
Hebern Machines and Purple................................................ 157
Cryptography Laws............................................................... 160
Types of Cryptography................................................................ 160
Symmetric Encryption.......................................................... 160
Asymmetric Encryption........................................................ 168
Hash Functions.....................................................................170
Cryptographic Attacks................................................................. 171
Brute Force...........................................................................172
Social Engineering................................................................ 172
Rainbow Tables.................................................................... 172
Known Plaintext...................................................................173
Chosen Plaintext and Adaptive Chosen Plaintext................. 173
Chosen Ciphertext and Adaptive Chosen Ciphertext........... 174
Meet-in-the-Middle Attack................................................... 174
Known Key........................................................................... 174
Differential Cryptanalysis..................................................... 174
Linear Cryptanalysis............................................................. 175
Side-Channel Attacks...........................................................175
Implementation Attacks........................................................ 175
Birthday Attack..................................................................... 175
Key Clustering...................................................................... 176
Implementing Cryptography........................................................ 176
Digital Signatures.................................................................176
Message Authenticate Code.................................................. 177
HMAC..................................................................................177
Public Key Infrastructure...................................................... 178
SSL and TLS......................................................................... 179
IPsec...................................................................................... 179
PGP....................................................................................... 181
S/MIME................................................................................ 181
Escrowed Encryption............................................................ 181
Steganography......................................................................182
Digital Watermarks............................................................... 183
 Contents xi

Perimeter Defenses...................................................................... 183

Fences................................................................................... 183
Gates..................................................................................... 184
Bollards................................................................................. 184
Lights.................................................................................... 185
CCTV.................................................................................... 185
Locks..................................................................................... 187
Smart Cards and Magnetic Stripe Cards............................... 190
Tailgating/Piggybacking....................................................... 192
Mantraps and Turnstiles........................................................ 192
Contraband Checks............................................................... 193
Motion Detectors and Other Perimeter Alarms.................... 193
Doors and Windows.............................................................. 194
Walls, Floors, and Ceilings................................................... 194
Guards................................................................................... 195
Dogs...................................................................................... 195
Restricted Work Areas and Escorts...................................... 196
Site Selection, Design, and Configuration................................... 196
Site Selection Issues.............................................................. 196
Site Design and Configuration Issues................................... 197
System Defenses.......................................................................... 199
Asset Tracking...................................................................... 199
Port Controls......................................................................... 199
Environmental Controls............................................................... 200
Electricity.............................................................................. 200
HVAC................................................................................... 202
Heat, Flame, and Smoke Detectors....................................... 203
Personnel Safety, Training and Awareness.......................... 204
ABCD Fires and Suppression............................................... 205
Types of Fire Suppression Agents........................................ 207
Summary of Exam Objectives..................................................... 211
Self Test....................................................................................... 212
Self Test Quick Answer Key....................................................... 214
References.................................................................................... 215

CHAPTER 5 Domain 4: Communication and Network

Security (Designing and Protecting
Network Security).................................................................. 219
Unique Terms and Definitions..................................................... 219
Introduction..................................................................................219
xii Contents

Network Architecture and Design............................................... 220

Network Defense-in-Depth................................................... 220
Fundamental Network Concepts........................................... 220
The OSI Model..................................................................... 223
The TCP/IP Model................................................................ 225
Encapsulation........................................................................ 226
Network Access, Internet and Transport Layer
Protocols and Concepts......................................................... 227
Application Layer TCP/IP Protocols
and Concepts......................................................................... 241
Layer 1 Network Cabling.....................................................245
LAN Technologies and Protocols......................................... 248
LAN Physical Network Topologies...................................... 250
WAN Technologies and Protocols.......................................253
Converged Protocols............................................................. 256
Software-Defined Networks.................................................258
Wireless Local Area Networks............................................. 259
RFID..................................................................................... 262
Secure Network Devices and Protocols....................................... 263
Repeaters and Hubs..............................................................263
Bridges.................................................................................. 263
Switches................................................................................ 264
Network Taps........................................................................ 266
Routers.................................................................................. 267
Firewalls................................................................................ 271
Modem.................................................................................. 276
DTE/DCE and CSU/DSU..................................................... 277
Secure Communications.............................................................. 277
Authentication Protocols and Frameworks........................... 278
VPN......................................................................................280
Remote Access...................................................................... 282
Summary of Exam Objectives..................................................... 287
Self Test....................................................................................... 288
Self Test Quick Answer Key....................................................... 290
References.................................................................................... 290

CHAPTER 6 Domain 5: Identity and Access Management

(Controlling Access and Managing Identity)................ 293
Unique Terms and Definitions..................................................... 293
Introduction..................................................................................293
Authentication Methods............................................................... 294
 Contents xiii

Type 1 Authentication: Something You Know.................... 294

Type 2 Authentication: Something You Have...................... 301
Type 3 Authentication: Something You Are........................ 304
Someplace You Are.............................................................. 309
Access Control Technologies...................................................... 309
Centralized Access Control..................................................309
Decentralized Access Control............................................... 309
Single Sign-On (SSO)........................................................... 310
Access Provisioning Lifecycle.............................................. 311
Federated Identity Management........................................... 312
Identity as a Service (IDaaS)................................................ 312
Credential Management Systems.......................................... 313
Integrating Third-party Identity Services.............................314
LDAP.................................................................................... 314
Kerberos................................................................................ 314
SESAME............................................................................... 318
Access Control Protocols and Frameworks.......................... 318
Access Control Models................................................................ 321
Discretionary Access Controls (DAC).................................321
Mandatory Access Controls (MAC)..................................... 321
Non-Discretionary Access Control....................................... 321
Rule-Based Access Controls................................................. 323
Content and Context-Dependent Access Controls................ 323
Summary of Exam Objectives..................................................... 323
Self Test....................................................................................... 324
Self Test Quick Answer Key....................................................... 326
References.................................................................................... 326

CHAPTER 7 Domain 6: Security Assessment and Testing

(Designing, Performing, and Analyzing
Security Testing)....................................................................329
Unique Terms and Definitions..................................................... 329
Introduction..................................................................................329
Assessing Access Control............................................................ 329
Penetration Testing............................................................... 330
Vulnerability Testing............................................................ 332
Security Audits.....................................................................332
Security Assessments............................................................ 332
Internal and Third Party Audits............................................ 333
Log Reviews......................................................................... 333
Software Testing Methods........................................................... 335
xiv Contents

Static and Dynamic Testing.................................................. 335

Traceability Matrix............................................................... 336
Synthetic Transactions.......................................................... 336
Software Testing Levels....................................................... 337
Fuzzing.................................................................................. 337
Combinatorial Software Testing........................................... 338
Misuse Case Testing............................................................. 338
Test Coverage Analysis........................................................ 339
Interface Testing................................................................... 339
Analyze and Report Test Outputs......................................... 339
Summary of Exam Objectives..................................................... 340
Self Test....................................................................................... 340
Self Test Quick Answer Key....................................................... 343
References.................................................................................... 345

CHAPTER 8 Domain 7: Security Operations (e.g., Foundational

Concepts, Investigations, Incident Management,
Disaster Recovery)................................................................347
Unique Terms and Definitions..................................................... 347
Introduction..................................................................................348
Administrative Security............................................................... 348
Administrative Personnel Controls....................................... 348
Privilege Monitoring............................................................. 352
Forensics...................................................................................... 352
Forensic Media Analysis......................................................353
Network Forensics................................................................ 356
Forensic Software Analysis.................................................. 356
Embedded Device Forensics................................................. 356
Electronic Discovery (eDiscovery)....................................... 357
Incident Response Management.................................................. 357
Incident Response................................................................. 358
Methodology......................................................................... 358
Root-Cause Analysis............................................................. 363
Operational Preventive and Detective Controls.......................... 363
Intrusion Detection Systems and Intrusion
Prevention Systems............................................................... 363
Security Information and Event Management...................... 366
Continuous Monitoring......................................................... 367
Data Loss Prevention............................................................ 367
Endpoint Security.................................................................368
 Contents xv

Honeypots............................................................................. 370
Honeynets............................................................................. 370
Asset Management....................................................................... 371
Configuration Management.................................................. 371
Change Management............................................................ 373
Continuity of Operations............................................................. 375
Service Level Agreements (SLA)......................................... 375
Fault Tolerance..................................................................... 376
BCP and DRP Overview and Process......................................... 383
Business Continuity Planning (BCP).................................... 383
Disaster Recovery Planning (DRP)...................................... 384
Relationship between BCP and DRP.................................... 384
Disasters or Disruptive Events.............................................. 385
The Disaster Recovery Process............................................. 392
Developing a BCP/DRP.............................................................. 394
Project Initiation...................................................................395
Scoping the Project............................................................... 398
Assessing the Critical State................................................... 398
Conduct Business Impact Analysis (BIA)............................ 399
Identify Preventive Controls................................................. 403
Recovery Strategy................................................................. 403
Related Plans......................................................................... 407
Plan Approval....................................................................... 412
Backups and Availability............................................................. 412
Hardcopy Data...................................................................... 413
Electronic Backups............................................................... 414
Software Escrow................................................................... 416
DRP Testing, Training and Awareness....................................... 417
DRP Testing.......................................................................... 417
Training................................................................................. 419
Awareness............................................................................. 420
Continued BCP/DRP Maintenance.............................................. 420
Change Management............................................................ 420
BCP/DRP Version Control................................................... 421
BCP/DRP Mistakes............................................................... 421
Specific BCP/DRP Frameworks.................................................. 421
NIST SP 800-34.................................................................... 422
ISO/IEC-27031..................................................................... 422
BS-25999 and ISO 22301..................................................... 422
BCI........................................................................................ 423
Summary of Exam Objectives..................................................... 423
xvi Contents

Self Test....................................................................................... 424

Self Test Quick Answer Key....................................................... 426
References.................................................................................... 427

CHAPTER 9 Domain 8: Software Development Security

(Understanding, Applying, and Enforcing
Software Security).................................................................429
Unique Terms and Definitions..................................................... 429
Introduction..................................................................................430
Programming Concepts............................................................... 430
Machine Code, Source Code and Assemblers...................... 430
Compilers, Interpreters and Bytecode..................................431
Procedural and Object-Oriented Languages......................... 431
Fourth-Generation Programming Language......................... 433
Computer-Aided Software Engineering (CASE).................434
Top-Down vs. Bottom-Up Programming............................. 434
Types of Publicly Released Software................................... 434
Application Development Methods............................................. 436
Waterfall Model.................................................................... 436
Sashimi Model...................................................................... 438
Agile Software Development................................................ 439
Spiral..................................................................................... 441
Rapid Application Development (RAD).............................. 442
Prototyping............................................................................ 442
SDLC.................................................................................... 443
Integrated Product Teams..................................................... 447
Software Escrow................................................................... 447
Code Repository Security..................................................... 448
Security of Application Programming Interfaces (APIs)...... 449
Software Change and Configuration Management............... 449
DevOps................................................................................. 450
Databases..................................................................................... 450
Types of Databases............................................................... 451
Database Integrity................................................................. 455
Database Replication and Shadowing................................... 455
Data Warehousing and Data Mining....................................456
Object-Oriented Design and Programming................................. 456
Object-Oriented Programming (OOP).................................. 456
Object Request Brokers........................................................ 460
Object-Oriented Analysis (OOA) and Object-Oriented
Design (OOD)....................................................................... 461
 Contents xvii

Assessing the Effectiveness of Software Security....................... 462

Software Vulnerabilities....................................................... 462
Disclosure............................................................................. 466
Software Capability Maturity Model (CMM)......................466
Acceptance Testing............................................................... 467
Assessing the Security Impact of Acquired Software........... 468
Artificial Intelligence................................................................... 469
Expert Systems.....................................................................469
Artificial Neural Networks.................................................... 470
Bayesian Filtering................................................................. 471
Genetic Algorithms and Programming................................. 472
Summary of Exam Objectives..................................................... 473
Self Test....................................................................................... 473
Self Test Quick Answer Key....................................................... 475
References.................................................................................... 476

Appendix: Self Test����������������������������������������������������������������������������������������������� 479

Glossary.................................................................................................................. 521
Index....................................................................................................................... 559
Page left intentionally blank
About the Authors

Eric Conrad (CISSP, GIAC GSE, GPEN, GCIH, GCIA, GCFA, GAWN, GSEC,
GISP, GCED), is a Senior SANS instructor and CTO of Backshore Communications,
which provides information warfare, hunt teaming, penetration testing, incident han-
dling, and intrusion detection consulting services. Eric started his professional career
in 1991 as a UNIX systems administrator for a small oceanographic communica-
tions company. He gained information security experience in a variety of industries,
including research, education, power, Internet, and healthcare, in positions ranging
from systems programmer to security engineer to HIPAA security officer and ISSO.
He is lead author of MGT414: SANS Training Program for CISSP® Certification, and
co-author of SANS SEC511: Continuous Monitoring and Security Operations and
SANS SEC542: Web App Penetration Testing and Ethical Hacking. Eric graduated
from the SANS Technology Institute with a Master of Science degree in Information
Security Engineering. He earned his Bachelor of Arts in English from Bridgewater
State College. Eric lives in Peaks Island, Maine, with his family, Melissa, Eric, and
Emma. His website is http://ericconrad.com.

Seth Misenar (CISSP, GIAC GSE, GSEC, GPPA, GCIA, GCIH, GCWN, GCFA,
GWAPT, GPEN) is a Cyber Security Expert who serves as Senior Instructor with
the SANS Institute and Principal Consultant at Context Security, LLC. He is num-
bered among the few security experts worldwide to have achieved the GIAC GSE
(#28) credential. Seth teaches a variety of cyber security courses for the SANS In-
stitute including two very popular courses for which he is lead author: the bestsell-
ing SEC511: Continuous Monitoring and Security Operations and SEC542: Web
Application Penetration Testing and Ethical Hacking. He also serves as co-author
for MGT414: SANS Training Program for CISSP® Certification. Seth’s background
includes security research, intrusion analysis, incident response, security architecture
design, network and web application penetration testing. He has previously served
as a security consultant for Fortune 100 companies, as well as, the HIPAA Security
Officer for a state government agency. Seth has a Bachelor of Science degree in
Philosophy from Millsaps College and resides in Jackson, Mississippi with his wife,
Rachel, and children, Jude, Hazel, and Shepherd.

Joshua Feldman (CISSP) is a Vice President at the Moody’s Corporation – a bond

ratings agency critical to the security, health and welfare of the global commerce sec-
tor. He drives M&A, security architecture, design, and integration efforts for IT Risk
and InfoSec. Before taking on this promotion, Joshua was the Enterprise Security
Architect for Corning, Inc. At Corning, Joshua helped to deliver a slew of security
transformations for Corning and was a key team member focused on maturing the
security function. From 2002 until 2012, he worked as the Technical Director of a
xix
xx About the Authors

US DoD cyber-security services contract. Supporting the DoD, he helped create the
current standard used for assessing cyber threats and analyzing potential adversaries
for impact. During his tenure, he supported many DoD organizations including the
Office of the Secretary of Defense, DISA, and the Combatant Commands. Joshua got
his start in the cyber security field when he left his high school science teaching posi-
tion in 1997 and began working for Network Flight Recorder (NFR, Inc.), a small
Washington, DC based startup making the first generation of Network Intrusion De-
tection Systems. He has a Bachelor’s of Science from the University of Maryland
and a Master’s in Cyber Operations from National Defense University. He currently
resides in New York, NY with his two dogs, Jacky and Lily.

Bryan Simon (CISSP) is an internationally recognized expert in cybersecurity and

has been working in the information technology and security field since 1991. Over
the course of his career, Bryan has held various technical and managerial positions
in the education, environmental, accounting, and financial services sectors. Bryan
speaks on a regular basis at international conferences and with the press on matters
of cybersecurity. He has instructed individuals from organizations such as the FBI,
NATO, and the UN in matters of cybersecurity, on three continents. Bryan has spe-
cialized expertise in defensive and offensive capabilities. He has received recogni-
tion for his work in I.T. Security, and was most recently profiled by McAfee (part
of Intel Security) as an I.T. Hero. Bryan holds 11 GIAC Certifications including
GSEC, GCWN, GCIH, GCFA, GPEN, GWAPT, GAWN, GISP, GCIA, GCED, and
GCUX. Bryan’s scholastic achievements have resulted in the honour of sitting as a
current member of the Advisory Board for the SANS Institute, and his acceptance
into the prestigious SANS Cyber Guardian program. Bryan is a SANS Certified In-
structor for SEC401: Security Essentials Bootcamp Style, SEC501: Advanced Secu-
rity Essentials – Enterprise Defender, SEC505: Securing Windows with Powershell
and the Critical Security Controls, and SEC511: Continuous Monitoring and Secu-
rity Operations. Bryan dedicates this book to his little boy, Jesse. Daddy loves you!
Acknowledgments

Eric Conrad: I need to first thank my wife, Melissa, and my children, Eric and
Emma, for their love and patience while I wrote this book. Thank you to the contrib-
uting authors and my friends Joshua Feldman and Seth Misenar.
Thank you to my teachers and mentors: Thank you, Miss Gilmore, for sending
me on my way. Thank you, Dave Curado and Beef Mazzola, for showing me the right
way to do it. Thank you, Stephen Northcutt, Alan Paller, Deb Jorgensen, Scott Weil,
Eric Cole, Ed Skoudis, Johannes Ullrich, Mike Poor, Ted Demopoulos, Jason Fossen,
Kevin Johnson, John Strand, Jonathan Ham, and many others from the SANS Insti-
tute, for showing me how to take it to the next level.
I would like to thank the supergroup of information security professionals who
answered my last-minute call and collectively wrote the 500 questions compris-
ing the two sets of online practice exams: Rodney Caudle, David Crafts, Bruce
Diamond, Jason Fowler, Philip Keibler, Warren Mack, Eric Mattingly, Ron Reidy,
Mike Saurbaugh, and Gary Whitsett.

Seth Misenar: I would like to thank my wife, Rachel, the love of my life, who
showed continued patience, support, and strength while entertaining two young
children throughout this writing process. I am grateful to my children, Jude, Hazel,
and Shepherd who were amazingly gracious when Daddy had to write. And I count
myself lucky to have such wonderful parents, Bob and Jeanine, who, as always,
provided much of their time to ensure that my family was taken care of during this
writing period.

xxi
Page left intentionally blank
 CHAPTER

Introduction
1
EXAM OBJECTIVES IN THIS CHAPTER
• How to Prepare for the Exam
• How to Take the Exam
• Good Luck!

This book is born out of real-world information security industry experience. The
authors of this book have held the titles of systems administrator, systems program-
mer, network engineer/security engineer, security director, HIPAA security officer,
ISSO, security consultant, instructor, and others.
This book is also born out of real-world instruction. We have logged countless
road miles teaching information security classes to professionals around the world.
We have taught thousands of students in hundreds of classes: both physically on
most of the continents, as well as online. Classes include CISSP®, of course, but also
continuous monitoring, hunt teaming, penetration testing, security essentials, hacker
techniques, information assurance boot camps, and others.
Good instructors know that students have spent time and money to be with them, and
time can be the most precious. We respect our students and their time: we do not waste
it. We teach our students what they need to know, and we do so as efficiently as possible.
This book is also a reaction to other books on the same subject. As the years have
passed, other books’ page counts have grown, often past 1000 pages. As Larry Wall
once said, “There is more than one way to do it.” [1] Our experience tells us that there
is another way. If we can teach someone with the proper experience how to pass the
CISSP® exam in a 6-day boot camp, is a 1000+ page CISSP® book really necessary?
We asked ourselves: what can we do that has not been done before? What can we
do better or differently? Can we write a shorter book that gets to the point, respects
our student’s time, and allows them to pass the exam?
We believe the answer is yes; you are reading the result. We know what is impor-
tant, and we will not waste your time. We have taken Strunk and White’s advice to
“omit needless words” [2] to heart: it is our mantra.
This book will teach you what you need to know, and do so as concisely as
possible.

1
2 CHAPTER 1 Introduction

HOW TO PREPARE FOR THE EXAM

Read this book, and understand it: all of it. If we cover a subject in this book, we
are doing so because it is testable (unless noted otherwise). The exam is designed to
test your understanding of the Common Body of Knowledge, which may be thought
of as the universal language of information security professionals. It is said to be “a
mile wide and two inches deep.” Formal terminology is critical: pay attention to it.
The Common Body of Knowledge is updated occasionally, most recently in April
2015. This book has been updated to fully reflect the 2015 CBK. The (ISC)2® Can-
didate Information Bulletin (CIB) describes the current version of the exam; down-
loading and reading the CIB is a great exam preparation step. You may download
it here: https://www.isc2.org/uploadedfiles/(isc)2_public_content/exam_outlines/
cissp-exam-outline-april-2015.pdf
Learn the acronyms in this book and the words they represent, backwards and
forwards. Both the glossary and index of this book are highly detailed, and map from
acronym to name. We did this because it is logical for a technical book, and also to
get you into the habit of understanding acronyms forwards and backwards.
Much of the exam question language can appear unclear at times: formal terms
from the Common Body of Knowledge can act as a beacon to lead you through the
more difficult questions, highlighting the words in the question that really matter.

THE CISSP® EXAM IS A MANAGEMENT EXAM

Never forget that the CISSP® exam is a management exam: answer all questions
as an information security manager would. Many questions are fuzzy and provide
limited background: when asked for the best answer, you may think: “it depends.”
Think and answer like a manager. For example: the exam states you are c­ oncerned
with network exploitation. If you are a professional penetration tester you may won-
der: am I trying to launch an exploit, or mitigate one? What does “concerned” mean?
Your CSO is probably trying to mitigate network exploitation, and that is how
you should answer on the exam.

THE 2015 UPDATE

The 2015 exam moved to 8 domains of knowledge (down from 10). Lots of content
was moved. The domain content can seem jumbled at times: the concepts do not
always flow logically from one to the next. Some domains are quite large, while
others are small. In the end this is a non-issue: you will be faced with 250 questions
from the 8 domains, and the questions will not overtly state the domain they are
based on.
The 2015 update focused on adding more up-to-date technical content, including an
emphasis on cloud computing, the Internet of Things (IoT) and Content Distribution Net-
works (CDN), as well as other modern technical topics. Even DevOps was added, which
is quite a spin on the pre-2015 “exam way” concerning best practices for development.
 How to Prepare for the Exam 3

THE NOTES CARD APPROACH

As you are studying, keep a “notes card” file for highly specific information that
does not lend itself to immediate retention. A notes card is simply a text file (you can
create it with a simple editor like WordPad) that contains a condensed list of
detailed information.
Populate your notes card with any detailed information (which you do not already
know from previous experience) which is important for the exam, like the five levels
of the Software Capability Maturity Level (CMM; covered in Chapter 9, Domain 8:
Software Development Security), or the ITSEC and Common Criteria Levels
­(covered in Chapter 4, Domain 3: Security Engineering), for example.
The goal of the notes card is to avoid getting lost in the “weeds”: drowning in
specific information that is difficult to retain on first sight. Keep your studies focused
on core concepts, and copy specific details to the notes card. When you are done,
print the file. As your exam date nears, study your notes card more closely. In the
days before your exam, really focus on those details.

PRACTICE TESTS
Quizzing can be the best way to gauge your understanding of this material, and of
your readiness to take the exam. A wrong answer on a test question acts as a laser
beam: showing you what you know, and more importantly, what you do not know.
Each chapter in this book has 15 practice test questions at the end, ranging from easy
to medium to hard. The Self Test Appendix includes explanations for all correct and
incorrect answers; these explanations are designed to help you understand why the
answers you chose were marked correct or incorrect. This book’s companion Web
site is located at http://booksite.elsevier.com/companion/conrad/index.php. It con-
tains 500 questions: two full practice exams. Use them.
You should aim for 80% or greater correct answers on any practice test. The real
exam requires 700 out of 1000 points, but achieving 80% or more on practice tests
will give you some margin for error. Take these quizzes closed book, just as you will
take the real exam. Pay careful attention to any wrong answers, and be sure to reread
the relevant section of this book. Identify any weaker domains (we all have them):
domains where you consistently get more wrong answers than others. Then focus
your studies on those weak areas.
Time yourself while taking any practice exam. Aim to answer at a rate of at least
one question per minute. You need to move faster than true exam pace because the
actual exam questions may be more difficult and therefore take more time. If you are
taking longer than that, practice more to improve your speed. Time management is
critical on the exam, and running out of time usually equals failure.

READ THE GLOSSARY

As you wrap up your studies, quickly read through the glossary towards the back of
this book. It has over 1000 entries, and is highly detailed by design. The glossary
definitions should all be familiar concepts to you at this point.
4 CHAPTER 1 Introduction

If you see a glossary definition that is not clear or obvious to you, go back to the
chapter it is based on, and reread that material. Ask yourself: do I understand this
concept enough to answer a question about it?

READINESS CHECKLIST
These steps will serve as a “readiness checklist” as you near the exam day. If
you remember to think like a manager, are consistently scoring over 80% on
practice tests, are answering practice questions quickly, understand all glossary
terms, and perform a final thorough read through of your notes card, you are ready
to go.

HOW TO TAKE THE EXAM

The CISSP® exam was traditionally taken via paper-based testing: old-school paper-
and-pencil. This has now changed to computer-based testing (CBT), which we will
discuss shortly.
The exam has 250 questions, with a 6-hour time limit. Six hours sounds like
a long time, until you do the math: 250 questions in 360 minutes leaves less than a
minute and a half to answer each question. The exam is long and can be grueling; it
is also a race against time. Preparation is the key to success.

STEPS TO BECOMING A CISSP®

Becoming a CISSP® requires four steps:
• Proper professional information security experience
• Agreeing to the (ISC)2® code of ethics
• Passing the CISSP® exam
• Endorsement by another CISSP®
Additional details are available on the examination registration form available at
https://www.isc2.org.
The exam currently requires 5 years of professional experience in 2 or more of
the 8 domains of knowledge. Those domains are covered in chapters 2–9 of this
book. You may waive 1 year with a college degree or approved certification; see the
examination registration form for more information.
You may pass the exam before you have enough professional experience and
become an “Associate of (ISC)2®.” Once you meet the experience requirement, you
can then complete the process and become a CISSP®.
The (ISC)2® code of ethics is discussed in Chapter 2, Domain 1: Security and
Risk Management.
Passing the exam is discussed in section “How to Take the Exam,” and we dis-
cuss endorsement in section “After the Exam” below.
 How to Take the Exam 5

COMPUTER BASED TESTING (CBT)

(ISC)2® has partnered with Pearson VUE (http://www.pearsonvue.com/) to provide
computer-based testing (CBT). Pearson VUE has testing centers located in over 160
countries around the world; go to their website to schedule your exam. Note that the
information regarding CBT is subject to change: please check the (ISC)2® CBT site
(https://www.isc2.org/cbt/default.aspx) for any updates to the CBT process.
According to (ISC)2®, “Candidates will receive their unofficial test result at
the test center. The results will be handed out by the Test Administrator during the
checkout process. (ISC)2 will then follow up with an official result via email. In
some instances, real time results may not be available. A comprehensive statistical
and psychometric analysis of the score data is conducted during every testing cycle
before scores are released.” [3] This normally occurs when the exam changes:
students who took the updated exam in April and May of 2015 reported a 6-week
wait before they received their results. Immediate results followed shortly after
that time.
Pearson VUE’s (ISC)2® site is: http://www.pearsonvue.com/isc2/. It includes
useful resources, including the “Pearson VUE Testing Tutorial and Practice Exam,”
a Microsoft Windows application that allows candidates to try out a demo exam,
explore functionality, test the “Flag for Review” function, etc. This can help reduce
exam-day jitters, and familiarity with the software can also increase your test taking
speed.

HOW TO TAKE THE EXAM

The exam has 250 questions comprised of four types:
• Multiple choice
• Scenario
• Drag/drop
• Hotspot
Multiple-choice questions have four possible answers, lettered A, B, C, or D.
Each multiple-choice question has exactly one correct answer. A blank answer is a
wrong answer: guessing does not hurt you.
Scenario questions contain a long paragraph of information, followed by a num-
ber of multiple choice questions based on the scenario. The questions themselves are
multiple choice, with one correct answer only, as with other multiple choice ques-
tions. The scenario is often quite long, and contains unnecessary information. It is
often helpful to read the scenario questions first: this method will provide guidance
on keywords to look for in the scenario.
Drag & drop questions are visual multiple choice questions that may have mul-
tiple correct answers. Figure 1.1 is an example from Chapter 2, Domain 1: Security
and Risk Management.
Drag and drop: Identify all objects listed below. Drag and drop all objects from
left to right.
6 CHAPTER 1 Introduction

FIGURE 1.1 Sample Drag & Drop Question

As we will learn in Chapter 2, Domain 1: Security and Risk Management, passive

data such as physical files, electronic files and database tables are objects. Subjects
are active, such as users and running processes. Therefore you would drag the objects
to the right, and submit the answers, as shown in Figure 1.2.
Hotspot questions are visual multiple choice questions with one answer. They
will ask you to click on an area on an image; network maps are a common example.
Figure 1.3 shows a sample Hotspot question.
You plan to implement a single firewall that is able to filter trusted, untrusted, and
DMZ traffic. Where is the best location to place this firewall?
As we will learn in Chapter 5. The single firewall DMZ design requires a fire-
wall that can filter traffic on three interfaces: untrusted, (the Internet), trusted, and
DMZ. It is best placed as shown in Figure 1.4: (ISC)2® has sample examples of both
Drag & Drop and Hotspot questions available at: https://isc2.org/innovative-cissp-
questions/default.aspx.
The questions will be mixed from the 8 domains; the questions do not (overtly)
state the domain they are based on. There are 25 research questions (10% of the
exam) that do not count towards your final score. These questions are not marked:
you must answer all 250 questions as if they count.
Scan all questions for the key words, including formal Common Body of Knowl-
edge terms. Acronyms are your friend: you can identify them quickly, and they are
often important (if they are formal terms). Many words may be “junk” words, placed
Another random document with
no related content on Scribd:
wild; young Buchanan told me he was wild—but I did not expect it
was to end so soon.”
“And neither it shall,” said Martha, controlling, with absolute
physical pain, the fierce hot anger of her mother-like love. “Mr.
Buchanan has already taken from Harry a proportion of this sum. I
pledge myself that the rest shall be paid.”
“You!” He looked at her. Certainly, her name would not have been of
the smallest importance at a bill; but glimmerings of truth higher than
bills, or money values, will flash sometimes even on stolid men. For
a moment his eyes rested strangely upon her; and then he turned
away his head, and said, “Humph!” in a kind of confidential under
tone. The good man rubbed his bushy hair in perplexity. He did not
know what to make of this.
“But unless Harry has employment we can do nothing,” said
Martha, “all that is in our power, without him, must be the mere
necessities of living. You have helped us before, Mr. Sommerville.”
“If that was to be a reason for exerting myself again, in every case
of distress that comes to me,” said the merchant with complacency,
“I can tell you, I might give up all other business at once; but
recommending a man who turns out ill is a very unpleasant thing to
creditable people. There is Buchanan now—of course he took my
word for your brother—and I assure you I felt it quite a personal
reflection when his son told me that Muir was wild.”
“And his son dared!” exclaimed Martha, with uncontrollable
indignation, “and this youth who does evil of voluntary intent and
purpose is believed when he slanders Harry! Harry, whom this very
lad—that he should have power, vulgar and coarse as he is, with a
brother of mine!—has betrayed and beguiled into temptation. But I
do wrong to speak of this. The present matter is no fault of Harry’s,
yet it is the sole reason why he loses his situation; and I see no
ground here for any one saying that my brother has disgraced them.”
Strong emotion is always powerful. It might be that Mr. Sommerville
had no objection to hear Richard Buchanan condemned. It might be
that Martha’s fierce defence awoke some latent generosity in the
mind she addressed. However that might be, the merchant did not
resent her outburst, but answered it indistinctly in a low voice, and
ended with something about “partiality,” and “quite natural.”
“I am not partial,” said Martha hastily. “No one has ever seen, no
one can ever see, Harry’s faults as I do. I am not indifferent enough
to pass over any one defect he has; but Harry is young. He has
reached the time when men are but experimenting in independent
life. Why should he lose his good name for a common misfortune like
this?”
“You should have stayed in Ayr,” said Mr. Sommerville, with a little
weariness. “I don’t want to injure his good name! I have no object in
hurting your brother; indeed, for the sake of the old town, and some
other things, I would help him to a situation if I could. I’ll just speak to
my cash-keeper. He knows about vacant places better than I do.”
And partly to get rid of a visitor whose unusual earnestness
embarrassed him; partly out of a sudden apprehension that he might
possibly be called upon by and by for pecuniary help, if no situation
could be got for Harry, Mr. Sommerville left his easy chair, and had a
consultation in the outer office with his confidential clerk. Very weary
and faint, Martha remained standing in the private room. Many a
time in her own heart, with the bitterness of disappointed hope and
wounded love, she had condemned Harry; but with the fierceness of
a lion-mother, her heart sprang up to defend him when another voice
pronounced his sentence. She could not bear the slightest touch of
censure—instinctively she dared and defied whosoever should
accuse him—and no one had liberty to blame Harry except the
solitary voice which came to her in the night watches wrung out of
her own heart.
In a short time Mr. Sommerville returned.
“I hear of one place, Miss Muir,” said the merchant; “but there is
security needed, and that might be a drawback—seventy pounds a-
year—a good salary, but then they want security for five hundred
pounds. If you could manage that, the place is a very good one—
Rowan and Thomson—and it is a traveller they want—not so much
confinement as in an office; it might suit your brother very well, if it
were not for the security.”
“It would not do,” said Martha, quickly. “Harry cannot be a traveller
—it would kill him.”
Mr. Sommerville elevated his eyebrows. “Cannot be a traveller!
Upon my word, Miss Muir, to say that you came asking my help, you
are very fastidious. I fancied your brother would be glad of any
situation.”
“Not this—only not this,” said Martha, in haste, as if she almost
feared to listen to the proposal, “Harry is not strong. I thank you, Mr.
Sommerville, I thank you; but it would kill him.”
“Then, I know of nothing else,” said the merchant, coldly resuming
his seat. “If I hear of anything, I will let you know.”
Cold words of course, often said, never remembered. Martha
turned away down the dusty stair, blaming herself for thus wasting
the time in which she might have been working; but she could work
—could give daily bread to the little household still—and that was the
greatest comfort of her life.
Far different from the mill-girls and engineers of Port Dundas was
the passing population in these dusty streets. Elderly merchantmen,
with ease and competence in every fold of their spotless broadcloth
—young ones exuberant and unclouded, casting off the yoke of
business as lightly, out of the office, as they bore it sensibly within,
met Martha at every step. Here come some, fresh from the
Exchange. You can see they are discussing speculations, calculating
elaborate chances, perhaps “in the way of business,” hazarding a
princely fortune, which may be doubled or dissolved before another
year. And a group of young men meet them, louder and more
demonstrative, circling round one who is clearly the object of interest
to all. Why?—he is going out to India to-morrow to make his fortune
—and save that it gives him a little importance, and makes him the
lion of the day, envied by all his compeers, this youth, who is flushed
just now with a little excitement, in reality feels no more about his
Indian voyage, than if it were but a summer expedition to the
Gairloch, or Roseneath Bay; and is much more comfortably assured
of making his fortune, than he would be of bringing home a
creditable amount of trout, if the event of to-morrow was a day’s
fishing, instead of the beginning of an eventful life. Of the youths
round him, one will be the representative partner of his “house” in far
America before the year is out; another will feed wool in the bush;
another learn to adorn his active northern life, with oriental pomps
and luxuries by the blue waves of the Bosphorus. And among them
all there is a certain fresh confident unconscious life, which, so far as
it goes, carries you with it in sympathy. It is not refined, it is not
profound, it has little elevation and little depth; but withal it has such
a fresh breeze about it, such a continual unceasing motion, such an
undoubting confidence in its own success, that this simplicity of
worldliness moves you as if it were something nobler. Not true
enough, nor great enough to call the solemn “God speed” out of your
heart; yet you cannot choose, but wish the young adventurers well.
And there are clerks more hurried; young men with quick business-
step and eye, whose sons shall be merchants’ sons, as carelessly
prosperous as are the young masters in the office now; but some
who will live and die poor clerks, yet who will have their share of
enjoyed life as well, and end their days as pleasantly, pass and
repass among the crowd. Some, too, who will sink and fall, who will
break hearts, and give fair hopes the death-blow. So much young life
—so many souls, each to make its own existence for itself, and not
another. There come solemn thoughts into the mind which looks on
such a scene.
And Martha, half abstracted, looked on it, comparing them with
Harry. But there was none like Harry—not one; the heart that
clasped its arms about him in his misfortune—the dry eye which
watched the night long with schemes for his prosperity—could see
none worthy to be placed beside him. Poor Harry! his sister could not
see these others, for his continual shadow resting on her heart.
When Martha had nearly reached the Exchange, she heard some
one calling after her. It was John Buchanan; he came up out of
breath.
 “Will you tell Harry that I think he should come down and see my
father, Miss Muir?” gasped John. “I’ve been chasing you for ten
minutes—you walk so fast. My father’s come home, and he’s shut up
with Dick. I don’t think he’s pleased. If Harry would come down to-
morrow, it might be all right again.”
 CHAPTER XVI.
“’Tis the weak who are overbold; your strong man can
count upon the might he knoweth; your feeble one, in
fancy sets no bound to his bravery, nor thinks it time to fail
till there is need of standing.”
old play.
“Seventy pounds a-year,” repeated Harry Muir, as his sisters and
his wife sat round him, all of them now busy with the “opening,” while
Violet kept the baby; “and my uncle might be security, say for three
hundred pounds. It’s a mere matter of form, you know. Perhaps they
would take him for three hundred instead of five; and Rowan and
Thomson is a very good house. I think I might go down to-morrow
and inquire.”
“It would not do—you must not think of it,” said Martha quickly.
“Why must I not think of it? I don’t believe John Buchanan is right,
Martha, about his father quarrelling with Dick for sending me away.
And, besides, how could I return there, where they all know I was
dismissed—dismissed, Martha; besides Dick’s own abuse. I could
not do it. I would rather do anything than go back;—and seventy
pounds a-year!”
“Harry, let us rather labour for you night and day.”
His face grew red and angry. “Why, Martha? I am not a child surely
that I cannot be trusted. What do you mean?”
“No,” said Martha bitterly, “you are not a child; you are a full-grown
man, with all the endowments a man needs to do something in the
world. You can constrain the will of these poor girls, who think of you
every hour they live; and you can assert your independence, and be
proud, and refuse to bear the reproof you have justly earned. God
forgive me if I am too hard; but you wear me out, Harry. When I say
you must not seek for a fatal occupation like this, have I not cause?
Do I need to descend to particulars? Would you have me enter into
detail?”
“Martha! Martha!” The trembling hand of Rose was on her arm,
anxiously restraining her; and Agnes looked up into the sullen cloud
on Harry’s face, whispering, “Do not be angry; she does not mean it,
Harry.”
“Is it because I am in your power that you taunt me, Martha?” he
said, fiercely.
Martha compressed her lips till they grew white; she did not answer.
After the first outburst, not even the cruel injustice of this received a
reply. She had herself to subdue before she could again approach
him.
And the two peacemakers, hovering between them, endeavoured,
with anxious pains, to heal the breach again. The young wife
whispered deprecatory words in Harry’s ear, while she laid her hand
on Martha: but pitiful looks were all the artillery of Rose; they
softened both the belligerents.
“I don’t care what happens to us out of the house, Martha,” said
Rose at last; “but surely we may be at peace within. There are not so
many of us in the world; we should be always friends.”
And Martha’s anger was shortlived. “I spoke rashly,” she said, with
strange humility; “let us say no more of this now.”
And there was little more said that night.
But Harry would not go to the office again to see Mr. Buchanan;
and, poor as they were, none of them desired to subject him to this
humiliation. So he went out instead the next morning to make
bootless inquiries and write bootless letters—exertions in which
there was no hope and little spirit; went out gloomily, and in gloom
returned, seeking comfort which they had not to bestow.
But while poor Harry was idle perforce, a spasmodic industry had
fallen upon the rest. They scarcely paused to take the simple meals
of necessary life; and the pleasant hour of family talk at tea was
abridged to-night to ten minutes, sadly grudged by the eager
labourers, on whose toil alone depended now the maintenance of
the family. Little Violet stood by the table with a clean towel in her
hand, preparing, with some importance, to wash the cups and
saucers when they had finished. But Harry lingered over the table,
leaning his head on his hand, and trifling with something which lay
by him. Violet, in housewifely impatience, moved about among the
cups, and rung them against each other to rouse his attention, and
let him see he retarded her; but Harry’s mind was too much occupied
to notice that.
“Harry,” cried Agnes, rather tremulously from the inner room, “I see
Mr. Gilchrist on the road. He is coming here. What can it be?”
Harry started and put away his cup. They all became anxious and
nervous; and Agnes hastily drew her seat close to the door of the
room, that she might hear what the visitor said, though her baby, half
dressed, lay on her knee, very sleepy and impatient, and she could
not make her appearance till she had laid him in his little crib for the
night.
Thus announced, Mr. Gilchrist entered the room. He was a massy
large man, with grizzled hair, which had been reddish in his younger
days, and kindly grey eyes gleaming out from under shaggy
eyebrows. His linen was spotless; but his dress, though quite
appropriate and respectable, was not very trim; little layers of snuff
encumbered the folds of his black waistcoat; and from a steel chain
of many complicated links, attached to the large round silver watch in
his fob, hung two massy gold seals, one of them engraven with an
emphatic “J. G.” of his own, the other an inheritance from his father.
There was no mistaking the character and standing of this good and
honourable man; his father before him had been head clerk in an
extensive mercantile house in Glasgow; his sons after him might be
that, or greater than that. With his two hundred pounds a-year, he
was bringing up such a family as should hereafter do honour and
service to their country and community; and for himself, no better
citizen did his endeavour for the prosperity of the town, or prayed
with a warmer heart, “Let Glasgow flourish.”
 “Harry, my man,” said Mr. Gilchrist, as he held Harry’s hand in his
own, and shook it slowly, “I am very sorry about this.”
“Well, it cannot be helped,” said Harry with a little assumed
carelessness, “we must make the best we can of it now.”
“Ay, no doubt,” said the Cashier, as he turned to shake hands with
Rose and Martha, “to sit down and brood over a misfortune, is not
the way to mend it; but it may not be so bad as you think. Angry folk
will cool down, Harry, if ye leave them to themselves a little.”
Harry’s heart began to beat high with anxiety—and Rose cast
furtive glances at Mr. Gilchrist, as she went on nervously with her
work, almost resenting Martha’s calmness. But Agnes had entered
just then from the inner room, and the kindly greeting, which the
visitor gave her, occupied another moment, during which the
excitable Harry sat on thorns, and little Violet, holding the last cup
which she had washed in her hands, polished it round and round
with her towel, turning solemn wide open eyes all the time upon this
messenger of fate.
“I have a letter from Mr. Buchanan,” said Mr. Gilchrist, drawing
slowly from his pocket a note written on the blue office paper. Harry
took it with eager fingers. Agnes came to the back of his chair, and
looked over his shoulder. Rose, trying to be very quiet, bent her head
over her work with a visible tremor, and Martha suffered the piece of
muslin she had been working at, to fall on her knee, and looked with
grave anxiety at Harry.
Round and round went the glancing tea-cup in the snowy folds of
the towel which covered Lettie’s little hands—for she too forgot what
she was doing in curious interest about this; a slight impatient
exclamation concluded the interval of breathless silence. “No, I
cannot take it—it is very kind, I daresay, of Mr. Buchanan; but I
cannot accept this,” exclaimed Harry as he handed the letter across
the table to Martha.
But the visitor saw, that in spite of Harry’s quick decision, he looked
at his sister almost as if he wished her opinion to be different. Agnes
too changed her position, and came to Martha’s side. The letter was
very short.
“Sir,
My son has informed me of the circumstances under
which you have left the office. I regret the loss for your
sake, as well as my own, but I cannot feel myself justified
in doing what I hear my son threatened to do,
consequently if you will call at the office in the course of
to-morrow, Mr. Gilchrist has instructions to pay you the full
amount of your quarter’s salary, due on the 1st proximo.
I am, Sir,
Your obedient Servant,
George Buchanan.”
“I cannot take it—I do not see how I can take it,” said Harry,
irresolutely, as he sought Martha’s eye.
“It’s nonsense, that,” said Mr. Gilchrist, taking out a large silver
snuff-box and tapping slowly on its lid, with his great forefinger, “you
must look at the thing coolly, Harry, my man. It’s no fault of yours that
you lost the money; no sensible person would blame you for that—a
thing which has happened to many a one before. I mind very well
being once robbed myself. I was a lad then, about your years, and
the sum was thirty pounds; but by good fortune twenty of it was in an
English note, and not being very sure whether it was canny or not, I
had taken its number—so off I set to all the banks and stopped it. It
was a July day, and I was new married, and had no superabundance
of notes, let alone twenty-pounders—such a race I had,” said Mr.
Gilchrist with a smile, raising his red and brown handkerchief to his
brow in sympathetic recollection, “I believe I was a stone lighter that
night. I succeeded, however, and got back my English note very
soon; but Mr. Buchanan would not hear of deducting the other ten
from my salary; and he’s better able to stand the loss of a few
pounds now than he was then. Think better of it, Harry.”
“I think Mr. Gilchrist is right,” said Martha, “no one could possibly
blame you for such a misfortune, Harry—and Mr. Buchanan is very
good—you have no right to reject his kindness; it is as ungenerous
to turn away from a favour frankly offered, as it is to withhold more
than is meet.”
“It is very well said, Miss Muir,” said Mr. Gilchrist, contemplating the
long inscription upon the heavy chased lid of his snuff-box, with quiet
satisfaction. “I really think it would be an unkindly thing to throw back
this, which was meant for a kindness, into the hands that offer it. He
is not an ill man, George Buchanan; ’for one ye’ll get better, there’s
waur ye’ll get ten,’ as the song says; and besides, Harry, I was
young once myself, and so was my wife. I mind when our James
was in his cradle like that youngster there, we had just little enough
to come and go on; and for any pride of your own, you must see and
not scrimp your wife. Touts man, you are not going to take ill what I
say. Do you think, if I lost a quarter’s salary just now, it would not
scrimp my wife? and I think no shame of it.”
“Neither do I think shame—certainly not,” said Harry, “we have only
what we work for. But I have actually lost Mr. Buchanan’s money—I
don’t see—”
“Harry,” interrupted Mr. Gilchrist, “never mind telling me what you
don’t see—come down to the office to-morrow, and hear what Mr.
Buchanan sees—he has older eyes than you, and knows the world
better, and there’s no saying what may come of it; for you see, Mrs.
Muir,” continued the Cashier, casting down his kindly eyes again
upon the grandiloquent inscription which testified that his snuff-box
had been presented to him by young men trained in the office under
his auspices, as a token of esteem and respect, “it is wonderful what
a kindness everybody has for this lad. I myself have been missing
his laugh this whole day, and scarcely knowing what ailed me—so
maybe something better may turn up if he comes down to-morrow.”
“And Martha thinks you should go—and mind all that we have to do,
Harry,” whispered Agnes.
A glow of pleasure was on Harry’s face—he liked to be praised, and
felt in it an innocent kindly satisfaction—but still he hesitated. To go
back again among those who knew that he had been dismissed and
disgraced—to humiliate himself so far as again to recognise Dick
Buchanan as his superior—to present himself humbly before Dick
Buchanan’s father, and propitiate his favour. It was very unpalatable
to Harry, who after his own fashion had no lack of pride.
“I will see about it. I will think it over,” said Harry doubtfully.
“I think I must send our Tom to you in his red gown,” said Mr.
Gilchrist; “where he got it, I cannot say, but they tell me the lad is a
metaphysical man—if he ever gets the length to be a preacher, we
will have to send him East, I’m thinking, for metaphysics seldom
flourish here away; but now my wife will be redding me up for being
so late. Mind, Harry, I will expect to see you at the office to-morrow.”
The good man rose to go away. “By-the-bye,” he added as he
shook hands with Rose—and Rose felt herself look guilty under his
smiling glance. “I saw a friend of yours coming off the Ayr coach as I
came up—the advocate lad, Mr. Buchanan’s nephew. You are sure
of his good word, Harry, or else I am much mistaken.”
“Mr. Charteris!—he has come back very soon. Good night Mr.
Gilchrist, I will think about it,” said Harry, as he went to the door with
his sister.
Mr. Gilchrist left some excitement behind him. Agnes had risen into
tremulous high spirits. Rose was touched with some tremor of
anticipation, and Martha, watchful and jealous, looked at her sister
now and then with scrutinising looks; for Mr. Gilchrist’s last words
had awakened Martha’s fears for another of her children; while in the
meantime little Violet had polished all the cups and saucers, and was
now putting them with much care away.
“Harry will go—do you not think he must go, Martha?” said Agnes.
“Mr. Gilchrist says they miss him in the office. I don’t wonder at that.
He will go back again, Martha?”
“I think he should—I think he will,” said Martha with a slight sigh.
“There might have been something better in a change—one has
always fantastic foolish hopes from a change—but I believe this is
best.”
Agnes was a little damped; for she saw nothing but the highest
good fortune in this unlooked-for overture of Mr. Buchanan.
 Harry lingered at the outer door in a very different mood. He, too,
had been indulging in some indefinite hope from change. He could
not see that the former evils lay in himself—poor Harry! He thought if
the circumstances were altered, that happier results might follow—
and while he was not unwilling to return to his former situation, and
had even a certain pleasure in the thought that it was open to him,
the submission which it would be necessary to make, galled him
beyond measure. He stood there at the door, moody and uneasy; not
weighing his own feelings against the well-being of the family,
certainly, for Harry was not given to any such process of deliberation
—but conscious that the two were antagonistic, and moodily letting
his own painful share in the matter bulk largest in his mind.
Just then a hackney coach drew up at a little distance from the
door, and Cuthbert Charteris leaped out. He was a good deal
heated, as Harry thought, and looked as if he had taken little time to
rest, or put his dress in order since he finished his journey—but he
carried nothing except a little paper parcel. He came up at once to
Harry and shook hands with him cordially—they went upstairs
together.
“I have just come from Ayr,” said Cuthbert with some
embarrassment, as he took his old place at the window—“you must
pardon my traveller’s costume, Mrs. Muir, for it is not half an hour
since I arrived.”
“You have had little time to see the town,” said Harry. “Did you find
my uncle? Has he sent any message with you, Mr. Charteris?”
“I have a message,” said Cuthbert, clearing his throat, and
becoming flushed, “but before I deliver it, Mr. Muir, you must hear a
long preface.”
“Is my uncle ill?” exclaimed Martha. “Has anything happened?”
“Nothing has happened. He is quite well,” said Cuthbert, “only I
have been making some enquiries about your family concerns, for
which I need to excuse myself by a long story.”
Harry was still standing. He drew himself up with great hauteur, and
coldly said, “Indeed!”
 Rose lifted her head for a moment with timid anxiety; the light was
beginning to fail, but Rose still sat in her corner holding the work
which at present made little progress. Martha had laid down hers.
Agnes had withdrawn to the sofa with her baby, who, already asleep,
would very soon be disposed of in the cradle; while Harry, with
unusual stateliness, leaned against the table, looking towards
Cuthbert.
“I think I mentioned before I went away,” said Charteris, “that my
errand to Ayr was connected with one of those stories of family pride
and romance and misfortune which sometimes lighten our legal
labours. This story you must let me tell you, before I can explain how
my motives for searching out these, were neither curiosity nor
impertinence.”
As Cuthbert spoke, he opened his parcel, placed the old Bible on
the table, and handed to Harry a little roll of papers. They were
formal extracts from the registers of the old church at Ayr, attested
by the session clerk, proving the marriage of Rose Allenders with
John Calder, and of Violet Calder with James Muir, together with the
register of Harry’s own birth.
Harry was quite bewildered; he turned over the papers, half curious,
half angry, and tried to look cool and haughty; but wonder and
interest defeated his pride, and impatiently calling for the candle,
which Violet, with much care, was just then bringing into the room,
Harry threw himself into the arm chair, and resting his elbows on the
table, leaned his head upon both his hands, and fixed his eyes, with
a half defiance in them, full upon Cuthbert.
The others drew near the light with interest and curiosity as great as
his; but though they held their breath while they listened, they did not
restrain their fingers—the necessity of work was too great to be
conquered by a passing wonder.
“Not much short of a century since,” said Cuthbert, becoming
excited in spite of himself, “a family in the neighbourhood of Stirling
had their composure disturbed by what seemed to them the very
foolish marriage of one of their sons. There were six sons in the
family: this one was the fourth, and at that time had very little visible
prospect of ever being heir. They were but small gentry, and I do not
very well know why they were so jealous of their gentility; but
however that might be, this marriage was followed by effects as
tragic as if the offender had been a prince’s son instead of a country
laird’s.
His father disinherited and disowned him; he was cut off from all
intercourse with his family; but in his own affairs he seems to have
been prosperous enough until his wife died. That event closed the
brighter side of life for this melancholy man. He had two daughters,
then children, and with them he left Stirling.”
A slight start moved the somewhat stiff figure of Martha; Rose
unconsciously let her work fall and turned her head towards
Cuthbert; Harry remained in the same position, fixedly gazing at him;
while Agnes, rocking the cradle gently with her foot, looked on a little
amused, a little interested, and not a little curious, wondering what
the story could mean.
“After this,” continued Cuthbert, “my hero, we suppose went to
London (another strange start as if of one half asleep, testified some
recognition, on Martha’s part, of the story), but there I lose trace of
him. It is only for a short time, however, for immediately afterwards I
find him at Ayr.”
“At Ayr?” Harry too, started now, and again turned over the papers,
which he still held in his hand, as if looking for a clue.
“In the meantime,” said Cuthbert, “all the other members of the
family are dead; there is no one remaining of the blood but this man
—the children of this man.”
“And his name?” said Martha, with a slight hoarseness in her voice.
“His name,” said Cuthbert, drawing a long breath of relief, as his
story ended, “was John Allenders.”
There was a momentary silence. They looked at each other with
bewildered faces. “What does it mean?” said Harry, becoming very
red and hot as the papers fell from his shaking fingers; “I cannot see
—it is so great a surprise—tell us what it means.”
 “It means,” said Cuthbert, quickly, “that you are the heir of John
Allenders of Allenders, and of an estate which has been in the family
for centuries, worth more than four hundred pounds a year.”
Harry looked round for a moment almost unmeaningly—he was
stupified; but Agnes stole, as she always did in every emergency, to
the back of his chair, and laid her hand softly on his shoulder. It
seemed to awake him as from a dream. With one hand he grasped
hers, with the other he snatched the work from Martha’s fingers and
tossed it to the other end of the room. “Agnes! Martha!”
Poor Harry! A sob came between the two names, and his eyes
were swimming in sudden tears. He did not know what to say in the
joyful shock of this unlooked-for fortune; he could only grasp their
hands and repeat their names again.
Cuthbert rose to withdraw, feeling himself a restraint on their joy,
but Martha disengaged herself from the grasp of Harry, and would
not suffer him to move.
“No, no; share with us the pleasure you bring. You have seen us in
trouble, stay with us now.”
“Is it true, Mr. Charteris, is it true?” said Agnes, while Harry, still
perfectly tremulous and unsteady, threw Rose’s work after Martha’s,
and shaded his eyes with his hands, lest they should see how near
weeping he was—“Tell us if it is true.”
Harry started to his feet. “True! do you think he would tell us
anything that was not true? Mr. Charteris, if they were not all better
than me, I would think it was a delusion—that neither such an
inheritance nor such a friend could come to my lot. But it’s for them
—it’s for them! and a new beginning, a new life—Martha, we shall
not be worsted this time—it is God has sent us this other battle-field.”
And Harry, with irrestrainable emotion, lifted up his voice and wept.
His little wife clung to his shoulder, his stern sister bent over him with
such an unspeakable tenderness and yearning hope in her face, that
it became glorified with sudden beauty—and Cuthbert remembered
uncle Sandy’s thanksgiving, and himself could have wept in
sympathy for the solemn trembling of this joy; for not the sudden
wealth and ease, but the prospect of a new life it was which called
forth those tears.
“And what did my uncle say, Mr. Charteris,” said Rose, when the
tumult had in some degree subsided. No one but Rose remembered
that Cuthbert had spoken of a message from uncle Sandy.
“He bade me repeat to you a homely proverb,” said Cuthbert, who
was quite as unsteady as the rest, and had been a good deal at a
loss how to get rid of some strange drops which moistened his
eyelashes. “It takes a strong hand to hold a full cup steady; that is
the philosophy I brought from your uncle.”
“No fear,” said Harry, looking up once more with the bright clear
loveable face, which no one could frown upon. “No fear—what could
I do with my arms bound? What could I do in yon office? but now,
Martha, now!”
And Martha once more believed and hoped, ascending out of the
depths of her dreary quietness into a very heaven. Few have ever
felt, and few could understand this glorious revulsion. With an
impatient bound she sprang out of the abyss, and scorned it with her
buoyant foot. It might not last—perhaps it could not last—but one
hour of such exulting certain hope, almost worth a lifetime’s trial.
“And I will get a little room all to mysel, and Katie Calder will come
and sleep with me,” said Violet.
They all laughed unsteadily. It brought them down to an easier
level.
“I think, Mr. Muir you should come at once with me to Edinburgh,”
said Cuthbert, “and see your lawyer, who has been hunting for you
for some time, and get the proof and your claim established. I begin
to think it was very fortunate he broke his leg, Miss Muir—for
otherwise I might never have seen you.”
“And what made you think of us? how did you guess?” said Harry.
“Rose and Violet,” said Cuthbert, with a little shyness. “It was a
happy chance which gave these names.”
 Rose drew back a little. There was something unusual, it seemed,
in Cuthbert’s pronunciation of her pretty name, for it made her blush;
and by a strange sympathy Mr. Charteris blushed too.
“When shall we start? for I suppose you will go with me to
Edinburgh,” continued Charteris.
Harry hesitated a moment. “I must go down to the office to-morrow,”
he said, with his joyous face unclouded. “Your cousin Dick and I had
something which I thought a quarrel. It was nothing but a few angry
words after all. I will go down to-morrow.”
Harry had entirely forgotten how angry he was—entirely forgotten
the insulting things Dick Buchanan said, and what a humiliation he
had felt it would be, to enter that office again. Poor Harry was
humble now. He had such a happy ease of forgetting, that he did not
feel it necessary to forgive. Bright, sanguine, overflowing with
generous emotions, Harry in his new wealth and happiness that
night could not remember that there was any one in the world other
than a friend.
end of vol. i.

LONDON:
Printed by Schulze and Co., 13, Poland Street.

FOOTNOTE:
[1]Another feminine craft peculiar to the “west
country,” where many young girls, of a class inferior to
the workers of embroidery and opening, are employed
to clip the loose threads from webs of worked muslin.

Corrections

The first line indicates the original, the second the correction.
p. 198
 that Nature, in learning to make the lily, turned out the convolvolus.
that Nature, in learning to make the lily, turned out the convolvulus.

p. 213

but its postcript

but its postscript

p. 264

to make bootless nquiries

to make bootless inquiries
*** END OF THE PROJECT GUTENBERG EBOOK HARRY MUIR
***

Updated editions will replace the previous one—the old editions

will be renamed.

Creating the works from print editions not protected by U.S.

copyright law means that no one owns a United States copyright
in these works, so the Foundation (and you!) can copy and
distribute it in the United States without permission and without
paying copyright royalties. Special rules, set forth in the General
Terms of Use part of this license, apply to copying and
distributing Project Gutenberg™ electronic works to protect the
PROJECT GUTENBERG™ concept and trademark. Project
Gutenberg is a registered trademark, and may not be used if
you charge for an eBook, except by following the terms of the
trademark license, including paying royalties for use of the
Project Gutenberg trademark. If you do not charge anything for
copies of this eBook, complying with the trademark license is
very easy. You may use this eBook for nearly any purpose such
as creation of derivative works, reports, performances and
research. Project Gutenberg eBooks may be modified and
printed and given away—you may do practically ANYTHING in
the United States with eBooks not protected by U.S. copyright
law. Redistribution is subject to the trademark license, especially
commercial redistribution.

START: FULL LICENSE