SSCP (ISC)2 Systems Security Certified Practitioner Official Study Guide E-Book

Table of Contents

Title Page

Copyright

Series

Dedication

Acknowledgments

About the Author

About the Technical Editor

Introduction

Who Should Read This Book?

What Is Covered in This Book

How Do I Use This Book?

Assessment Test

Assessment Test

Answers to Assessment Test

Chapter 1: Information Security: The Systems Security Certified Practitioner Certification

About the (ISC)

2

Organization

Exams, Testing, and Certification

The SSCP Exam

Summary

Exam Essentials

Chapter 2: Security Basics: A Foundation

The Development of Security Techniques

Understanding Security Terms and Concepts

Security Foundation Concepts

Participating in Security Awareness Education

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 3: Domain 1: Access Controls

What Are Controls?

Types of Access Controls

Identification

Authentication

System-Level Access Controls

Discretionary Access Control (DAC)

Nondiscretionary Access Control

Mandatory Access Control

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 4: Domain 2: Security Operations and Administration

Security Administration Concepts and Principles

Data Management Policies

Endpoint Device Security

Security Education and Awareness Training

Business Continuity Planning

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 5: Domain 3: Risk Identification, Monitoring, and Analysis

Understanding the Risk Management Process

Risk Management Frameworks and Guidance for Managing Risks

Risk Analysis and Risk Assessment

Managing Risks

Risk Visibility and Reporting

Analyzing Monitoring Results

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 6: Domain 4: Incident Response and Recovery

Event and Incident Handling Policy

Creating and Maintaining an Incident Response Plan

Understanding and Supporting Forensic Investigations

Understanding and Supporting the Business Continuity Plan and the Disaster Recovery Plan

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 7: Domain 5: Cryptography

Concepts and Requirements of Cryptography

Key Management

Secure Protocols

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 8: Domain 6: Networks and Communications

Network Models

Network Design Topographies

Ports and Protocols

Converged Network Communications

Network Monitoring and Control

Access Control Protocols and Standards

Remote User Authentication Services

Local User Authentication Services

Network Segmentation

Securing Devices

Security Posture

Firewall and Proxy Implementation

Network Routers and Switches

Intrusion Detection and Prevention Devices

Telecommunications Remote Access

Wireless & Cellular Technologies

Wireless Networks

Traffic Shaping Techniques and Devices

Quality of Service

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 9: Domain 7: Systems and Application Security

Understand Malicious Code and Apply Countermeasures

Malicious Add-Ons

User Threats and Endpoint Device Security

Understand and Apply Cloud Security

Secure Data Warehouse and Big Data Environments

Secure Software-Defined Networks and Virtual Environments

Summary

Exam Essentials

Written Lab

Review Questions

Appendix A: Answers to Written Labs

Chapter 2

Chapter 3

Chapter 4

Chapter 5

Chapter 6

Chapter 7

Chapter 8

Chapter 9

Appendix B: Answers to Review Questions

Chapter 2

Chapter 3

Chapter 4

Chapter 5

Chapter 6

Chapter 7

Chapter 8

Chapter 9

Appendix C: Diagnostic Tools

Microsoft Baseline Security Analyzer

Microsoft Password Checker

Internet Explorer Phishing and Malicious Software Filter

Manage Internet Cookies

Observing Logs with Event Viewer

Viewing a Digital Certificate

Monitoring PC Activities with Windows Performance Monitor

Analyzing Error Messages in Event Viewer

Calculate Hash Values

Comprehensive Online Learning Environment

End User License Agreement

Pages

iii

v

vii

ix

xi

xxv

xxvi

xxvii

xxviii

xxix

xxx

xxxi

xxxii

xxxiii

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

465

466

467

468

469

470

471

473

474

475

476

477

478

479

480

481

482

483

484

485

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

539

Guide

Cover

Table of Contents

Introduction

Begin Reading

List of Illustrations

Chapter 1: Information Security: The Systems Security Certified Practitioner Certification

Figure 1.1 The DODD 8140 chart

Figure 1.2 A typical framed SSCP certification

Figure 1.3 An example of a hand-drawn rough sketch

Figure 1.4 An example of a Google Images search on the term

IPsec

Chapter 2: Security Basics: A Foundation

Figure 2.1 This Figure illustrates a notepad drawing of a remote user logon

Figure 2.2 A typical 15-pin D-shaped connector

Figure 2.3 The CIA triad

Figure 2.4 An access process illustrating the three AAAs, known as authentication, authorization, and accounting

Figure 2.5 A typical job rotation scheme

Chapter 3: Domain 1: Access Controls

Figure 3.1 The relationships between subjects and objects

Figure 3.2 A typical authorized use policy screen

Figure 3.3 A typical login screen

Figure 3.4 User entering PIN into a reader device

Figure 3.5 Typical login verification question

Figure 3.6 This Figure illustrates CAPTCHA characters

Figure 3.7 Toll authority RFID device

Figure 3.8 Standard ID badge with proximity chip

Figure 3.9 Retina scanning technique

Figure 3.10 The crossover error rate (CER) is where the FAR and FRR intersect. The lower the CER, the better the biometric system.

Figure 3.11 An example of a token

Figure 3.12 The reference monitor mediates all transactions between subjects and objects.

Figure 3.13 Warning screen

Figure 3.14 Various groups under role-based access control

Chapter 4: Domain 2: Security Operations and Administration

Figure 4.1 The relationship between corporate policies, security policies, and supporting policies

Figure 4.2 Illustration of the hierarchy from general corporate policies to guidelines

Figure 4.3 The business continuity plan and support plans and documents

Figure 4.4 An illustration of the relationship between maximum tolerable downtime and the recovery time objective

Figure 4.5 The relationship between recovery point objective and recovery time objective

Figure 4.6 An illustration of restoration priorities based upon the importance of the asset or department to the organization and the impact to the organization if it is unavailable or lost during a disaster

Chapter 5: Domain 3: Risk Identification, Monitoring, and Analysis

Figure 5.1 The process of risk management

Figure 5.2

NIST SP 800-37 Revision 1

risk management framework

Figure 5.3 The four risk assessment process steps from the

NIST SP 800-37 Revision 1

risk management framework

Figure 5.4 Typical risk treatment schedule

Figure 5.5 A typical security operations center

Figure 5.6 Data visualization

Chapter 6: Domain 4: Incident Response and Recovery

Figure 6.1 A hard drive attached to a Tableau portable forensic write blocker

Figure 6.2 A cost/timeline graph Illustrating the relationship between MTD, RTO, and RPO

Figure 6.3 A typical disaster classification system

Figure 6.4 An illustration of a differential backup

Figure 6.5 An illustration of an incremental backup

Chapter 7: Domain 5: Cryptography

Figure 7.1 Electronic codebook (ECB) mode

Figure 7.2 Cipher block chaining (CBC) mode

Figure 7.3 Cipher feedback (CFB) mode

Figure 7.4 Output feedback (OFB) mode

Figure 7.5 Counter (CTR) mode

Figure 7.6 Symmetric cryptography using one shared key

Figure 7.7 The relationships of public and private keys in an asymmetric cryptographic system

Figure 7.8 Proof of origin encrypted message with a private asymmetric key

Figure 7.9 The creation of a digital signature by encrypting a hash of a message

Figure 7.10 The process of steganography

Figure 7.11 Comparison of hash values

Figure 7.12 A typical digital certificate

Figure 7.13 A certificate warning banner

Chapter 8: Domain 6: Networks and Communications

Figure 8.1 The Open Systems Interconnection model

Figure 8.2 The OSI model mapped to the TCP/IP model

Figure 8.3 Categories of twisted-pair cable

Figure 8.4 TCP three-way handshake

Figure 8.5 A bus topology

Figure 8.6 A tree topology

Figure 8.7 A ring topology

Figure 8.8 A mesh topology

Figure 8.9 A star topology

Figure 8.10 A virtual private network

Figure 8.12 IPsec in tunnel mode

Figure 8.11 IPsec in transport mode

Figure 8.13 Kerberos diagram

Figure 8.14 Single sign-on with federated access

Figure 8.15 Example of a three-segment network

Figure 8.16 Illustration of a demilitarized zone

Figure 8.17 Illustration of a baseline and a clipping level

Figure 8.18 Illustration of an ad hoc mode wireless network

Figure 8.19 Illustration of the infrastructure mode wireless network zone

Figure 8.20 Illustration of a home network using a wireless router

Figure 8.21 A cellular network illustrating geographical cells served by cellular base stations

Chapter 9: Domain 7: Systems and Application Security

Figure 9.1 Threat source and threat action as illustrated in

NIST SP 800-30 revision 1

Figure 9.2 The APISID cookie from Google.com

Figure 9.3 A Wireshark packet capture

Figure 9.4 A Microsoft Baseline Security Analyzer scan showing several problems that were found

Figure 9.5 A typical password change policy advisory pop-up

Appendix C: Diagnostic Tools

Figure C.1 Select an MBSA download version

Figure C.2 MBSA selection choices

Figure C.3 Select a device to scan.

Figure C.4 Scanning report with errors

Figure C.5 Using Microsoft Password Checker

Figure C.6 Internet Options advanced settings

Figure C.7 Internet Options Privacy tab

Figure C.8 Advanced Privacy Settings dialog

Figure C.9 Windows Control Panel

Figure C.10 Event Viewer

Figure C.11 Event Viewer showing events and errors

Figure C.12 Certificate properties

Figure C.13 Windows Certificate Manager

Figure C.14 Certificates of trusted root certification authorities

Figure C.15 Performance Monitor

Figure C.16 Resource Monitor indicating usage levels

Figure C.17 Performance Monitor expanded view

Figure C.18 Selecting Event Viewer from Control Panel

Figure C.19 Event Viewer Overview and Summary

Figure C.20 Windows Logs

Figure C.21 Summary of the system event errors

Figure C.22 Event properties

Figure C.23 Event details

Figure C.24 The MD2 Hash Calculator in text mode

Figure C.25 Choosing a hash algorithm

Figure C.26 Hash Calculator creating a hash value from a message

List of Tables

Chapter 6: Domain 4: Incident Response and Recovery

Table 6.1 Alert levels

Chapter 7: Domain 5: Cryptography

Table 7.1 The XOR truth table

Table 7.2 Block cipher algorithms

Table 7.3 Hashing functions and their hash value lengths

Chapter 8: Domain 6: Networks and Communications

Table 8.1 Well-known TCP ports

Table 8.2 Well-known UDP ports

Table 8.3 802.11 Standards and amendments

SSCP® Systems Security Certified Practitioner

Study Guide

Development Editor: Tom Cirtin

Technical Editors: Brian D. McCarthy and John Gilleland

Production Editor: Christine O'Connor

Copy Editor: Judy Flynn

Editorial Manager: Mary Beth Wakefield

Production Manager: Kathleen Wisor

Associate Publisher: Jim Minatel

Media Supervising Producer: Richard Graves

Book Designers: Judy Fung and Bill Gibson

Proofreader: Kim Wimpsett

Indexer: Ted Laux

Project Coordinator, Cover: Brent Savage

Cover Designer: Wiley

Cover Image: ©Getty Images Inc./Jeremy Woodhouse

Copyright © 2015 by John Wiley & Sons, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-1-119-05965-3

ISBN: 978-1-119-05968-4 (ebk.)

ISBN: 978-1-119-05995-0 (ebk.)

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2015947763

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. SSCP, the SSCP logo, and the (ISC)2 logo are registered trademarks or service marks of the International Information Systems Security Certification Consortium. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Disclaimer: Wiley Publishing, Inc., in association with (ISC)2®, has prepared this study guide for general information and for use as training for the Official (ISC)2 SSCP® CBK® and not as legal or operational advice. This is a study guide only, and does not imply that any questions or topics from this study guide will appear on the actual (ISC)2 SSCP® certification examination. The study guide was not prepared with writers or editors associated with developing the (ISC)2® SSCP® certification examination. The study guide may contain errors and omissions. (ISC)2® does not guarantee a passing score on the exam or provide any assurance or guarantee relating to the use of this study guide and preparing for the (ISC)2® SSCP® certification examination.

The users of the Official SSCP®: Systems Security Certified Practitioner Study Guide agree that Wiley Publishing, Inc. and (ISC)2® are not liable for any indirect, special, incidental, or consequential damages up to and including negligence that may arise from use of these materials. Under no circumstances, including negligence, shall Wiley Publishing Inc. or (ISC)2®, its officers, directors, agents, author or anyone else involved in creating, producing or distributing these materials be liable for any direct, indirect, incidental, special or consequential damages that may result from the use of this study guide.

Attacks on organizations' information assets and infrastructure continue to escalate while attackers refine and improve their tactics. The best way to combat these assaults starts with qualified information security staff armed with proven technical skills and practical security knowledge. Practitioners who have proven hands-on technical ability would do well to include the (ISC)2 Systems Security Certified Practitioner (SSCP®) credential in their arsenal of tools to competently handle day-to-day responsibilities and secure their organization's data and IT infrastructure.

The SSCP certification affirms the breadth and depth of practical security knowledge expected of those in hands-on operational IT roles. The SSCP provides industry-leading confirmation of a practitioner's ability to implement, monitor and administer policies and procedures that ensure data confidentiality, integrity and availability (CIA).

Reflecting the most relevant topics in our ever-changing field, this new SSCP Study Guide is a learning tool for (ISC)2 certification exam candidates. This comprehensive study guide of the seven SSCP domains draws from a global body of knowledge, and prepares you to join thousands of practitioners worldwide who have obtained the (ISC)2 SSCP credential. The SSCP Study Guide will help facilitate the practical knowledge you need to assure a strong security posture for your organization's daily operations.

As the information security industry continues to transition, and cybersecurity becomes a global focus, the SSCP Common Body of Knowledge (CBK®) is even more relevant to the challenges faced by today's frontline information security practitioner. While our Official Guides to the CBK are the authoritative references, the new study guides are focused on educating the reader in preparation for exams. As an ANSI accredited certification body under the ISO/IEC 17024 standard, (ISC)2 does not teach the SSCP exam. Rather, we strive to generate or endorse content that teaches the SSCP's CBK. Candidates who have a strong understanding of the CBK are best prepared for success with the exam and within the profession.

Advancements in technology bring about the need for updates, and we work to ensure that our content is always relevant to the industry. (ISC)2 is breaking new ground by partnering with Wiley, a recognized industry-leading brand. Developing a partnership with renowned content provider Wiley allows (ISC)2 to grow its offerings on the scale required to keep our content fresh and aligned with the constantly changing environment. The power of combining the expertise of our two organizations benefits certification candidates and the industry alike.

For more than 26 years, (ISC)2 has been recognized worldwide as a leader in the field of information security education and certification. Earning an (ISC)2 credential also puts you in great company with a global network of professionals who echo (ISC)2's focus to inspire a safe a secure cyber world.

Congratulations on taking the first step toward earning your certification. Good luck with your studies!

Regards,

David P. ShearerCEO(ISC)2

To my beautiful wife, Cathy—thank you for your patience, understanding, and especially your encouragement. You are and always will be my angel. With much love.

Acknowledgments

It's always amazing how many people are involved in the production of a book like this. Everyone involved deserves a world of thanks for all of their hard work and efforts. I especially want to thank Carol Long, who was executive acquisitions editor for Wiley & Sons when we started this project. I genuinely appreciate the opportunity that she afforded me. I also owe so much to many others, especially Tom Cirtin, for keeping everything on track, as well as Christine O'Connor, who tied together all of the production efforts. I want to thank Jim Minatel for herding all of the cats and keeping it all running. Many thanks to Judy Flynn for her tireless efforts in making sure all of the copy worked, as well as the entire team of layout editors, graphic design folks, and others, all of whom provided their expertise to make this project come together. I would like to express a big thanks to Brian McCarthy for his knowledge and his wonderful work as technical editor. I would also like to express my appreciation to both Mike Siok and Willie Williams for their friendship and inspiration through a great many projects over the years. They have always been there to lend an ear and offer encouragement. I want to recognize Chuck Easttom for giving me my break into the world of publishing a few years ago. And, I want to especially thank all of the wonderful folks at (ISC)2 for their ongoing assistance in this and many other projects. Thank you all very much.

About the Author

George (Buzz) Murphy, CISSP, SSCP, CASP, is a public speaker, corporate trainer, author, and cybersecurity evangelist who, over the past three decades, has touched the lives of thousands of adult learners around the world through hundreds of speaking and training events covering a variety of technical and cybersecurity topics. A former Dell technology training executive and U.S. Army IT networking security instructor, he has addressed audiences at national conferences, major corporations, and educational institutions, including Princeton University, and he has trained network and cybersecurity operators for the U.S. military branches, various U.S. government security agencies, and foreign military personnel.

As a military data center manager in Europe, he held a top-secret security clearance in both U.S. and NATO intelligence and through the years has earned 26 IT and cybersecurity certifications from such prestigious organizations as (ISC)2, CompTIA, PMI, and Microsoft. He is an (ISC)2 Authorized Instructor specializing in CISSP and Cloud Security certification training. He has authored, coauthored, and contributed to more than a dozen books on a wide range of topics, including network engineering, industrial technology, and IT security, and recently served as technical editor for the (ISC)2 CCFP – Certified Cyber Forensics Professional Certification Guide by Chuck Easttom (McGraw Hill, 2014) as well as for the recent publication CASP: CompTIA Advanced Security Practitioner Study Guide by Michael Greg (Sybex, 2014).

About the Technical Editor

Brian D. McCarthy, founder and director of 327 Solutions, Inc., has been involved in placement, consulting, and training since 1992. Brian is an entrepreneur, IT trainer, operations leader, certification expert, recruiter, instructional designer, sales executive, formally trained project manager (PMP), and e-learning guru. He has more than 20 years of talent development expertise, has been working in building technical competency for decades, and has held multiple positions in operations, training facilitation, and sales with increasing responsibility for building a world-class national network of performance experts. Brian has worked hand in hand with the Department of Defense to enable information assurance compliance for cybersecurity workers (8570.1-M / 8140). He also has experience working with cutting-edge e-learning, workshops, immersive environments, gamification/contest design, method-of-action 3D animations, LMS tracking, portal systems, and other learning assets to accelerate world-class corporate teams.

Introduction

What a wonderful time to be involved with IT security. The role of security practitioner is expanding almost on a daily basis. Challenges abound as we all try to get our arms around not only traditional hardwired networks but also everything involved with wireless communication and the virtualization of everything in the cloud. There is so much to know and understand, and the growth potential seemingly has no bounds. Keeping up with this pace is (ISC)2, the creators of the Certified Information Systems Security Professional (CISSP) certification, along with several other certifications.

(ISC)2 is renowned for offering industry-leading cybersecurity and other types of training courses around the world. Achieving the Systems Security Certified Practitioner (SSCP) from (ISC)2 indicates mastery of a broad-based body of knowledge in IT security. From network engineering to application development and from cybersecurity to physical security, the prestigious SSCP certification indicates that an individual is an accomplished and knowledgeable security practitioner. The certification is not a vendor-specific certification but a comprehensive broad-based certification.

Candidates for this certification will take a 125-question exam over a period of three hours. The exam covers questions from seven separate and distinct areas of knowledge called domains. Upon passing the examination with a score of 700 or better out of a possible 1,000, successful candidates also must agree to adhere to the (ISC) Code of Ethics. Applications must also be endorsed by a current (ISC) member or by the organization. This sets SSCP certification holders apart because they are true accomplished professionals who adhere to a clear set of standards of conduct and are in the forefront of the IT security industry.

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!