SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Collection of data on business functions which determines the strategy of resiliency
Discretionary Access Control (DAC)
Patent
Storage Area Network (SAN)
Business Impact Assessment (BIA)
2. A control before attack
Prevention
Safeguard
Recovery Period
Databases
3. Communicate to stakeholders
Patent
Debriefing/Feedback
Inheritance
Examples of non-technical security components
4. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.
Prevention
Restoration
Alternate Data Streams (File System Forks)
Contact List
5. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
Administrative Law
Logic Bomb
TCSEC (Orange Book)
Exposure
6. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.
Incident Handling
Complete
Enticement
TEMPEST
7. Of a system without prior knowledge by the tester or the tested
Symmetric
Double Blind Testing
Orange Book C Classification
Private Branch Exchange (PBX)
8. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Monitor
JPEG (Joint Photographic Experts Group)
Faraday Cage/ Shield
False Negative
9. Intellectual property protection for an confidential and critical process
Trade Secret
Method
Emergency Procedures
Security Domain
10. More than one process in the middle of executing at a time
Multi-Tasking
Exposure
Operational Exercise
Certification
11. Pertaining to law - accepted by a court
Total Risk
Compiler
Admissible
Authentication
12. Vehicle stopping object
Information Owner
Content Dependent Access Control
Mantrap (Double Door System)
Bollard
13. Binary decision by a system of permitting or denying access to the entire system
Security Kernel
Entrapment
Authentication
Critical Functions
14. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
Masked/Interruptible
Polymorphism
Mirroring
Computer System Evidence
15. May be responsible for overall recovery of an organization or unit(s).
Entrapment
Generator
Phishing
DR Or BC Coordinator
16. Two different keys decrypt the same cipher text
Modification
Transfer
Key Clustering
CPU Cache
17. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
Blind Testing
Memory Management
Site Policy Awareness
Orange Book B1 Classification
18. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions
Moore's Law
Data Owner
Resumption
Business Impact Assessment (BIA)
19. Part of a transaction control for a database which informs the database of the last recorded transaction
Hot Site
Plain Text
Checkpoint
Security Kernel
20. Line noise that is superimposed on the supply circuit.
Risk Mitigation
Transients
Patent
Repeaters
21. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
Evidence
Rollback
SQL Injection
Infrastructure
22. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Hot Spares
Site Policy
User Mode (problem or program state)
Chain Of Custody
23. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Concentrator
Primary Storage
Kernel
Exposure
24. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Exercise
Packet Filtering
Prevention
Attacker (Black hat - Hacker)
25. OOP concept of a class's details to be hidden from object
Encapsulation
False (False Positive)
File Server
Smurf
26. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.
Plaintext
Procedure
Business Unit Recovery
Asymmetric
27. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
Civil Or Code Law
State Machine Model
Boot (V.)
Multi-Programming
28. A telephone exchange for a specific office or business.
Key Escrow
Pointer
Rogue Access Points
Private Branch Exchange (PBX)
29. Recognition of an individual's assertion of identity.
Private Branch Exchange (PBX)
File
Hard Disk
Identification
30. High degree of visual control
Surveillance
Central Processing Unit (CPU)
Business Records
Sequence Attacks
31. To start business continuity processes
Liability
Polyalphabetic
Key Escrow
Activation
32. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Containment
Orange Book A Classification
ISO/IEC 27001
Declaration
33. Claiming another's identity at a physical level
Investigation
Masquerading
Business Records
Incident Response
34. A choice in risk management - to convince another to assume risk - typically by payment
Consistency
CPU Cache
Transfer
Multi-Party Control
35. Mathematical function that determines the cryptographic operations
Cryptanalysis
Algorithm
Directive
Keyed-Hashing For Message Authentication
36. Outputs within a given function are the same result
Collisions
War Driving
Polymorphism
IP Fragmentation
37. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Accreditation
Mock Disaster
Hub
Job Rotation
38. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
Object Oriented Programming (OOP)
Boot (V.)
Data Recovery
Exposure
39. Power surge
Disaster Recovery Tape
Rogue Access Points
Mirrored Site
Electrostatic Discharge
40. Pertaining to law - lending it self to one side of an argument
Plain Text
Data Backups
Convincing
Encapsulation
41. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Reciprocal Agreement
Redundant Array Of Independent Drives (RAID)
Remote Access Trojan
Honeynet
42. A structured group of teams ready to take control of the recovery operations if a disaster should occur.
Triage
Surge Suppressor
Operational Exercise
Disaster Recovery Teams (Business Recovery Teams)
43. Controls for logging and alerting
Damage Assessment
Qualitative
Intrusion Detection Systems
ITSEC
44. Communication of a security incident to stakeholders and data owners.
Authentic
Radio Frequency Interference (RFI)
Notification
Control Type
45. Potential danger to information or systems
Watermarking
Running
Threats
Steganography
46. Evidence must be: admissible - authentic - complete - accurate - and convincing
Coaxial Cable
Change Control
Sniffing
5 Rules Of Evidence
47. Malware that makes many small changes over time to a single data point or system
Disaster
Infrastructure
Salami
False (False Positive)
48. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Salami
Race Condition
Phishing
File Extension
49. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Standalone Test
Algorithm
Fragmented Data
Ethics
50. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Redundant Servers
Cryptanalysis
Common Criteria
Business Impact Analysis