Packet Level Protocol (PLP), 89
packet (password) sniffing, 62, 268–269, BC19
packet-filtering firewall, 101–102, BC19
packet-switched network, 89–90
passive hub, 81
passive IDS, 108
passphrases, 45
Password Authentication Protocol (PAP), 110, BC19
password (packet) sniffing, BC19
passwords, 45–48, 53, BC19
patch and vulnerability management, 258
patent, 313, BC19
Patriot Act, BC19
P-boxes (Permutation boxes), 193
PBX fraud and abuse, 116
PEAP (Protected Extensible Authentication Protocol), BC19
PEM (Privacy Enhanced Mail), 99, 213, BC19
penetration testing, 67, 267–269, BC19
Permanent Virtual Circuit (PVC), 89–90
permissions, with DAC, 63
Permutation boxes (P-boxes), 193
permutation cipher, 192–193, BC28
personal identification number (PIN), 48, BC19
personnel, loss of, 343
personnel security policies and practices, 133–138
PGP (Pretty Good Privacy), 213, BC20
pharming, 113, BC20
phishing, 113, BC20
photo identification card, 347
phreakers, 183
physical address, 83
physical controls
for biometrics, 48
definition, 41–42, BC20
for Physical (Environmental) Security domain, 345–349
Physical (Environmental) Security domain
administrative controls, 356–357
definition, 24, 339, 357–358
environmental and life safety controls, 351–355
physical access controls, 345–349
prep test questions about, 359–361
resources for, 358
site and facility design, 343–345
technical controls, 349–351
threats, types of, 340–343
physical evidence, 324, BC22
Physical Layer (Layer 1), OSI model, 76–81
physical support, loss of, 254
PIN (personal identification number), 48, BC19
PKI (Public Key Infrastructure), 132–133, 210, BC20
plaintext, 196, BC20
PLP (Packet Level Protocol), 89
point-to-point links, WAN, 86–88
Point-to-Point Protocol (PPP), 87, 110, BC20
Point-to-Point Tunneling Protocol (PPTP), 106, BC20
policy, 130–131, BC20
polling networks, 83–84
polyalphabetic substitution, 192
polyinstantiation, 158, BC20
polymorphism, 158
pornography, 255
port scan, 68, 268, BC20
practice exam on CD-ROM, 13, 15, 367
Pre-Fetch Unit, 224
prep test questions in this book
for Access Control domain, 70–72
for Application Security domain, 185–187
for Business Continuity and Disaster Recovery Planning domain, 300–302
for Cryptography domain, 220–222
for Information Security and Risk Management domain, 149–151
for Legal, Regulations, Compliance, and Investigations domain, 336–338
for Operations Security domain, 274–276
for Physical (Environmental) Security domain, 359–361
practice exam on CD-ROM, 13, 15, 367
for Security Architecture and Design domain, 244–246
for Telecommunications and Network Security domain, 120–122
Presentation Layer (Layer 6), OSI model, 98
Pretty Good Privacy (PGP), 213, BC20
preventive controls, 259, BC20
principles for agents of change, 33
privacy, 124, 250–251, BC20
Privacy Enhanced Mail (PEM), 99, 213, BC19
privacy laws, 314–316
private key (symmetric key cryptography), 198–203, BC27
privileged entity controls, 260
privileged functions, 250
problem management, 271–272
procedures, 130, 132, BC21
process isolation, 169, BC21
processes, single point of failure for, 126
professional ethics, 130, 333–334, BC11
promiscuous mode, BC21
Protected Extensible Authentication Protocol (PEAP), BC19
protection domain, 227, BC21
protection rings, 230, BC21
Protection Test Unit (PTU), 224
proximate causation, 305, BC21
proxy server, BC2
prudent man rule, 305, BC21
pseudo flaw, 178, BC21
public key (asymmetric key cryptography), 203–207, BC3, BC21
Public Key Infrastructure (PKI), 132–133, 210, BC20
publications. See resources
punitive damages, 304–305, BC21
PVC (Permanent Virtual Circuit), 89–90