SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. OOP concept of a distinct copy of the class
Orange Book B2 Classification
Ring Protection
Object
Stopped
2. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Interception
Data Backup Strategies
Site Policy Awareness
Orange Book B2 Classification
3. The chance that something negative will occur
Eavesdropping
Risk
Alert
Structured Walkthrough
4. Actions measured against either a policy or what a reasonable person would do
Recovery Strategy
Polyalphabetic
Due Diligence
Desk Check Test
5. To set the clearance of a subject or the classification of an object
Total Risk
Guidelines
Emergency
Labeling
6. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Fault
Uninterruptible Power Supply (UPS)
On-Site
Access Control Lists
7. Methodical research of an incident with the purpose of finding the root cause
Investigation
Information Owner
Hot Spares
Vital Record
8. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.
Steganography
TEMPEST
Kernel
Exercise
9. A hash that has been further encrypted with a symmetric algorithm
Emergency
Keyed-Hashing For Message Authentication
Separation Of Duties
Sag/Dip
10. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Notification
Access Point
Maximum Tolerable Downtime (MTD)
Desk Check Test
11. Eavesdropping on network communications by a third party.
Malformed Input
Mock Disaster
Threat Agent
Tapping
12. A distributed system's transaction control that requires updates to complete or rollback
Complete
Embedded
Data Backup Strategies
2-Phase Commit
13. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Technical Access Controls
ITSEC
Forward Recovery
Warm Site
14. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
Containment
Payload
Computer System Evidence
IDS Intrusion Detection System
15. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
File Level Deletion
Rootkit
Basics Of Secure Design
Stopped
16. Tool which mediates access
Enticement
Control
Hijacking
Brouter
17. An asymmetric cryptography mechanism that provides authentication.
Business Continuity Planning (BCP)
Digital Signature
File Level Deletion
Investigation
18. Uses two or more legal systems
Data Custodian
Interception
Mixed Law System
Cookie
19. Induces a crime - tricks a person - and is illegal
Data Hiding
Entrapment
Encryption
Fire Prevention
20. To execute more than one instruction at an instant in time
Multi-Processing
Operational Test
Content Dependent Access Control
Symmetric
21. To load the first piece of software that starts a computer.
Boot (V.)
Plaintext
Workaround Procedures
Fault Tolerance
22. Intellectual property protection for marketing efforts
Trademark
Contact List
Debriefing/Feedback
Memory Management
23. Control category- to discourage an adversary from attempting to access
Business Unit Recovery
Radio Frequency Interference (RFI)
Deterrent
Fire Detection
24. Recovery alternative - short-term - high cost movable processing location
Public Key Infrastructure (PKI)
Mobile Site
Permutation /Transposition
Incident Response
25. Scrambled form of the message or data
Tapping
Non-Interference
Cipher Text
Spam
26. Object based description of a single resource and the permission each subject
Business Impact Analysis
Access Control Lists
Cryptography
Privacy Laws
27. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services
Sequence Attacks
Directive
Access Control Lists
Intrusion Prevention Systems
28. High level design or model with a goal of consistency - integrity - and balance
Cipher Text
Mirroring
Architecture
Message Digest
29. Outputs within a given function are the same result
Countermeasure
Collisions
Education
Infrastructure
30. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Deterrent
Information Technology Security Evaluation Criteria - ITSEC
Inrush Current
Cross Certification
31. What is will remain - persistence
Countermeasure
Durability
Discretionary
Key Space
32. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Operational Impact Analysis
Degauss
Control Type
War Driving
33. Return to a normal state
Data Hiding
Recovery
TNI (Red Book)
Botnet
34. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
TIFF (Tagged Image File Format)
Blackout
Dangling Pointer
Least Privilege
35. Intermediate level - pertaining to planning
Operational
Bollard
False (False Positive)
Proprietary
36. Descrambling the encrypted message with the corresponding key
Decipher
Substitution
Discretionary Access Control (DAC)
Dangling Pointer
37. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
Reciprocal Agreement
Custodian
Damage Assessment
High-Risk Areas
38. Planning with a goal of returning to the normal business function
Full Test (Full Interruption)
Access Control
User
Restoration
39. To move from location to location - keeping the same function
Method
Checksum
Mantrap (Double Door System)
Job Rotation
40. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Bridge
Workaround Procedures
Electrostatic Discharge
Data Custodian
41. A program with an inappropriate second purpose
Data Dictionary
Double Blind Testing
Critical Infrastructure
Trojan Horse
42. State of computer - to be running a process
Operating
Orange Book A Classification
Simulation Test
Machine Language (Machine Code)
43. Final purpose or result
Checksum
Sharing
Payload
Revocation
44. Data or interference that can trigger a false positive
Smurf
Framework
Mantrap (Double Door System)
Noise
45. To smooth out reductions or increases in power
Message Digest
Modems
Checkpoint
UPS
46. A signal suggesting a system has been or is being attacked.
Boot (V.)
Alert/Alarm
Primary Storage
Electronic Vaulting
47. More than one CPU on a single board
Routers
Multi-Core
Elements of Negligence
Encryption
48. Control category- to record an adversary's actions
Civil Or Code Law
Data Dictionary
Detective
Symmetric
49. Code breaking - practice of defeating the protective properties of cryptography.
Active Data
Multi-Tasking
Near Site
Cryptanalysis
50. Binary decision by a system of permitting or denying access to the entire system
Orange Book A Classification
Disaster Recovery Plan
Authentication
Encipher