SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The core of a computer that calculates
Central Processing Unit (CPU)
Access Control
Structured Walkthrough
Critical Infrastructure
2. Location where coordination and execution of BCP or DRP is directed
Qualitative
Complete
Tort
Emergency Operations Center (EOC)
3. A legal enforceable agreement between: two people - two organizations - a person and an organization.
Relocation
Tort
Consistency
Trade Secret
4. Collection of data on business functions which determines the strategy of resiliency
Business Impact Assessment (BIA)
Digital Certificate
Multi-Processing
Notification
5. For PKI - to store another copy of a key
Capability Tables
Surveillance
Key Escrow
Work Factor
6. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Exercise
War Dialing
Classification
Radio Frequency Interference (RFI)
7. Encryption system using shared key/private key/single key/secret key
Symmetric
CobiT
Sampling
Database Replication
8. Controls deployed to avert unauthorized and/or undesired actions.
Deletion
Prevention
Analysis
Blackout
9. Low level - pertaining to planning
Convincing
Access Control
Deadlock
Tactical
10. Data or interference that can trigger a false positive
Acronym for American Standard Code for Information Interchange (ASCII)
Mandatory
Discretionary Access Control (DAC)
Noise
11. Methodical research of an incident with the purpose of finding the root cause
Countermeasure
Hub
Disaster
Investigation
12. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.
Deletion
Tracking
Orange Book A Classification
Vital Record
13. A choice in risk management - to implement a control that limits or lessens negative effects
Primary Storage
Contingency Plan
Reciprocal Agreement
Mitigate
14. A system designed to prevent unauthorized access to or from a private network.
Risk Assessment / Analysis
Infrastructure
Firewall
Archival Data
15. Written internalized or nationalized norms that are internal to an organization
Operational Exercise
Event
Standard
System Life Cycle
16. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
System Downtime
Quantitative Risk Analysis
Orange Book C2 Classification
Computer Forensics
17. Real-time data backup ( Data Mirroring)
Kerberos
ISO/IEC 27002
Database Shadowing
Bridge
18. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Executive Succession
Key Management
Steganography
Triage
19. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Multi-Processor
Analysis
Mandatory Vacations
Enticement
20. A design methodology which addresses risk early and often
System Life Cycle
Cross-Site Scripting
3 Types of harm Addressed in computer crime laws
Spiral
21. The hard drive
Secondary Storage
Smurf
Trapdoors (Backdoors) (Maintenance Hooks)
Key Space
22. The collection and summation of risk data relating to a particular asset and controls for that asset
The ACID Test
Risk Assessment
Collisions
Digital Signature
23. Requirement to take time off
Mandatory Vacations
Infrastructure
Control Type
Coaxial Cable
24. A distributed system's transaction control that requires updates to complete or rollback
2-Phase Commit
Cryptanalysis
Multi-Processing
File Server
25. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Mixed Law System
Orange Book B1 Classification
False Negative
Data Backup Strategies
26. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
Triage
Electronic Vaulting
Disaster Recovery Plan
Data Dictionary
27. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
Cookie
Criminal Law
Policy
28. Firewalls - encryption - and access control lists
Stopped
Exposure
Sharing
Examples of technical security components
29. Reprogrammable basic startup instructions
Due Care
Firmware
Transfer
Common Criteria
30. Organized group of compromised computers
Botnet
TCSEC (Orange Book)
Binary
Intrusion Detection Systems
31. A test conducted on one or more components of a plan under actual operating conditions.
Operational Test
Recovery Time Objectives
Radio Frequency Interference (RFI)
Checklist Test
32. Fault tolerance for power
Common Law
SYN Flooding
Identification
Generator
33. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.
Multilevel Security System
Residual Risk
Recovery Point Objective (RPO)
Forensic Copy
34. Potentially retrievable data residue that remains following intended erasure of data.
Business Interruption Insurance
Firewalls
Decipher
Remanence
35. A programming device use in development to circumvent controls
Change Control
System Downtime
Trapdoors (Backdoors) (Maintenance Hooks)
Alert/Alarm
36. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
Bumping
Qualitative
Emanations
MOM
37. A design methodology which executes in a linear one way fashion
Copyright
Business Continuity Planning (BCP)
Waterfall
Operational Exercise
38. A mobilized resource purchased or contracted for the purpose of business recovery.
Mobile Recovery
Discretionary
Life Cycle of Evidence
SQL Injection
39. Prolonged loss of commercial power
Denial Of Service
Blackout
Business Interruption
Examples of non-technical security components
40. Eavesdropping on network communications by a third party.
Evidence
Sniffing
Crisis
Top Secret
41. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Business Recovery Timeline
Intrusion Prevention Systems
Coaxial Cable
Threats
42. Weak evidence
State Machine Model
Compression
Containment
Hearsay
43. Uses two or more legal systems
Asymmetric
Mixed Law System
Total Risk
Application Programming Interface
44. Pertaining to law - verified as real
Kernel
Highly Confidential
Consistency
Authentic
45. A passive network attack involving monitoring of traffic.
Transients
Source Routing Exploitation
Burn
Eavesdropping
46. A secure connection to another network.
Desk Check Test
Gateway
Multi-Core
Teardrop
47. OOP concept of a distinct copy of the class
Honeynet
Territoriality
Object
Copyright
48. Employment education done once per position or at significant change of function
Due Care
Job Training
Plain Text
Residual Data
49. Recovery alternative - a building only with sufficient power - and HVAC
Domain
Spiral
3 Types of harm Addressed in computer crime laws
Cold Site
50. A programming design concept which abstracts one set of functions from another in a serialized fashion
Worldwide Interoperability for Microwave Access (WI-MAX )
User
Inrush Current
Layering
