SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Recovery alternative - complete duplication of services including personnel
Remote Journaling
Mirrored Site
Fire Suppression
Risk Assessment / Analysis
2. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
Recovery
Forward Recovery
Active Data
Compartmentalize
3. A design methodology which addresses risk early and often
Operational Exercise
Spiral
Desk Check Test
Recovery Strategy
4. Organized group of compromised computers
Radio Frequency Interference (RFI)
Infrastructure
Mandatory Access Control (MAC)
Botnet
5. A type a computer memory that temporarily stores frequently used information for quick access.
Cryptography
Wait
Cache
Cross-Site Scripting
6. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
Content Dependent Access Control
Fire Suppression
BCP Testing Drills and Exercises
Mobile Recovery
7. Record history of incident
Administrative
Criminal Law
Tracking
Record Level Deletion
8. An administrative unit or a group of objects and subjects controlled by one reference monitor
Salami
Key Management
Exercise
Security Domain
9. Moving the alphabet intact a certain number spaces
Sampling
Walk Though
Basics Of Secure Design
Shift Cipher (Caesar)
10. A program that waits for a condition or time to occur that executes an inappropriate activity
Common Law
Lattice
Method
Logic Bomb
11. Eight bits.
2-Phase Commit
Data Warehouse
System Downtime
Byte
12. Specific format of technical and physical controls that support the chosen framework and the architecture
Infrastructure
Encryption
Fire Suppression
Overlapping Fragment Attack
13. Key
User
Cryptovariable
Access Control
Criminal Law
14. Code making
Cryptography
Non-Interference
Plan Maintenance Procedures
Rogue Access Points
15. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Data Backup Strategies
Primary Storage
Resumption
Mandatory
16. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Protection
Database Shadowing
Hot Spares
Interpreter
17. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Business Recovery Team
Business Impact Analysis
Orange Book C Classification
IDS Intrusion Detection System
18. Encryption system using a pair of mathematically related unequal keys
Fire Suppression
Tactical
Asymmetric
Electronic Vaulting
19. Reduction of voltage by the utility company for a prolonged period of time
TCSEC (Orange Book)
Active Data
Brownout
Security Domain
20. The chance that something negative will occur
Routers
Business Recovery Timeline
Risk
The ACID Test
21. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Operating
Business Continuity Steering Committee
Class
Shielding
22. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Cipher Text
Discretionary Access Control (DAC)
IDS Intrusion Detection System
Trademark
23. Power surge
Electrostatic Discharge
Binary
Plaintext
War Driving
24. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.
Firewalls
Containment
Orange Book A Classification
Monitor
25. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Checksum
Detection
Record Level Deletion
Initialization Vector
26. Total number of keys available that may be selected by the user of a cryptosystem
Mobile Recovery
Exposure
Key Space
On-Site
27. Written suggestions that direct choice to a few alternatives
Multiplexers
Guidelines
Sag/Dip
ISO/IEC 27002
28. Control category- to record an adversary's actions
Detective
Asymmetric
Alert/Alarm
Codec
29. To know more than one job
Cross Training
Computer System Evidence
Hot Spares
Disk Mirroring
30. Guidelines within an organization that control the rules and configurations of an IDS
Site Policy
Triage
Operational Exercise
Business Impact Assessment (BIA)
31. Employment education done once per position or at significant change of function
Metadata
Job Training
True Attack Stimulus
Symmetric
32. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Entrapment
Cryptovariable
Governance
Education
33. An image compression standard for photographs
Hearsay Evidence
Machine Language (Machine Code)
JPEG (Joint Photographic Experts Group)
Warm Site
34. Hiding the fact that communication has occurred
Education
Steganography
Proprietary
Supervisor Mode (monitor - system - privileged)
35. Converts a high level language into machine language
Assembler
Criminal Law
Data Leakage
War Dialing
36. A temporary public file to inform others of a compromised digital certificate
Administrative Access Controls
Deterrent
Certificate Revocation List (CRL)
User Mode (problem or program state)
37. Physical description on the exterior of an object that communicates the existence of a label
Network Attached Storage (NAS)
Marking
Man-In-The-Middle Attack
Civil Or Code Law
38. A design methodology which executes in a linear one way fashion
Spam
Waterfall
Data Leakage
Buffer Overflow
39. A device that provides the functions of both a bridge and a router.
Disaster Recovery Teams (Business Recovery Teams)
UPS
Near Site
Brouter
40. Natural or human-readable form of message
Lattice
Operational Test
Data Warehouse
Plain Text
41. Potentially compromising leakage of electrical or acoustical signals.
UPS
Multi-Processing
Emanations
Marking
42. OOP concept of a class's details to be hidden from object
Encapsulation
Risk
Radio Frequency Interference (RFI)
Patch Management
43. A planned or unplanned interruption in system availability.
System Downtime
Databases
Checklist Test (desk check)
Business Recovery Team
44. Return to a normal state
Recovery Period
Satellite
Entrapment
Recovery
45. To assert or claim credentialing to an authentication system
Binary
Identification
Phishing
Encryption
46. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Cross Certification
Running Key
Alert
Business Recovery Timeline
47. A risk assessment method - intrinsic value
Qualitative
Data Marts
Birthday Attack
Contingency Plan
48. The one person responsible for data - its classification and control setting
Information Owner
Fire Classes
War Driving
Non-Discretionary Access Control
49. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Digital Signature
Mandatory Access Control (MAC)
Chain of Custody
Key Space
50. A programming design concept which abstracts one set of functions from another in a serialized fashion
Convincing
Uninterruptible Power Supply (UPS)
Data Dictionary
Layering