SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress
True Attack Stimulus
Fire Suppression
Alarm Filtering
Mirrored Site
2. Inference about encrypted communications
Remote Journaling
Side Channel Attack
Hard Disk
Mandatory Access Control (MAC)
3. Tool which mediates access
Certificate Revocation List (CRL)
Control
MOM
Denial Of Service
4. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
Object Oriented Programming (OOP)
Method
Entrapment
Liability
5. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Deterrent
TIFF (Tagged Image File Format)
Identification
Remote Journaling
6. People protect their domain
Multi-Programming
Territoriality
Tracking
Microwave
7. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Evidence
False (False Positive)
Binary
Microwave
8. Mitigation of system or component loss or interruption through use of backup capability.
Waterfall
Memory Management
Accountability
Fault Tolerance
9. Intellectual property protection for an confidential and critical process
Hash Function
Mixed Law System
System Life Cycle
Trade Secret
10. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Chain of Custody
Class
Critical Records
Masked/Interruptible
11. A physical enclosure for verifying identity before entry to a facility
On-Site
Countermeasure
Mantrap (Double Door System)
Object Reuse
12. Transaction controls for a database - a return to a previous state
Computer Forensics
Business Interruption
Rollback
Threats
13. OOP concept of an object's abilities - what it does
Message Digest
Replication
Structured Walk-Through Test
Method
14. Highest level of authority at EOC with knowledge of the business process and the resources available
Incident Manager
5 Rules Of Evidence
Workaround Procedures
False Negative
15. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Asymmetric
Teardrop
Decipher
CobiT
16. High degree of visual control
Trade Secret
Surveillance
Lattice
Trapdoors (Backdoors) (Maintenance Hooks)
17. Some systems are actually run at the alternate site
Data Marts
Framework
Debriefing/Feedback
Parallel Test
18. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Certification
Incident Response
Investigation
Mirroring
19. Record history of incident
Privacy Laws
Tracking
Preemptive
Modification
20. Low level - pertaining to planning
Tactical
Remanence
Keyed-Hashing For Message Authentication
Databases
21. Something that happened
Event
Alert
Keystroke Logging
Contact List
22. A state for operating system tasks only
CobiT
Firmware
Preemptive
Supervisor Mode (monitor - system - privileged)
23. Short period of low voltage.
Sag/Dip
Security Kernel
Orange Book A Classification
Access Control Matrix
24. A Trojan horse with the express underlying purpose of controlling host from a distance
Critical Functions
Denial Of Service
Remote Access Trojan
Standard
25. Communicate to stakeholders
Debriefing/Feedback
Data Backup Strategies
Policy
Business Recovery Timeline
26. Business and technical process of applying security software updates in a regulated periodic way
Symmetric
Patch Management
Common Criteria
Plaintext
27. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
Prevention
Embedded Systems
Surveillance
Distributed Denial Of Service
28. To segregate for the purposes of labeling
Brownout
Compartmentalize
Spiral
Brouter
29. A electronic attestation of identity by a certificate authority
Risk Assessment / Analysis
Asymmetric
Digital Certificate
MOM
30. Identification and notification of an unauthorized and/or undesired action
System Downtime
Detection
Confidence Value
Slack Space
31. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Tort
File Sharing
Corrective
Access Control
32. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Transients
Data Integrity
Administrative Access Controls
MOM
33. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
Embedded
Forward Recovery
Fire Suppression
Total Risk
34. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components
Collisions
Encapsulation
User
Masked/Interruptible
35. Communication of a security incident to stakeholders and data owners.
Backup
Notification
Cross Certification
Noise
36. Control category- to give instructions or inform
Bollard
Cipher Text
Separation Of Duties
Directive
37. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Remote Journaling
Virtual Memory
DR Or BC Coordinator
Recovery Strategy
38. Information about data or records
Metadata
War Driving
Data Custodian
False (False Positive)
39. Weakness or flaw in an asset
Mandatory Vacations
Vulnerability
Multi-Processing
Multi-Tasking
40. A backup type - for databases at a point in time
Worldwide Interoperability for Microwave Access (WI-MAX )
Orange Book B1 Classification
Layering
Shadowing (file shadowing)
41. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Multi-Tasking
Event
Analysis
Fire Classes
42. Hiding the fact that communication has occurred
Steganography
Brouter
Gateway
File Sharing
43. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Shadowing (file shadowing)
Data Leakage
Satellite
Debriefing/Feedback
44. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.
Restoration
Chain of Custody
Need-To-Know
Botnet
45. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Classification
File Sharing
Guidelines
Legacy Data
46. Organization way of classifying data by factors such as criticality - sensitivity and ownership.
Alert
Classification Scheme
Running
Mandatory
47. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.
Business Interruption Insurance
Test Plan
Mandatory
Collisions
48. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
TIFF (Tagged Image File Format)
Firmware
Cross-Site Scripting
Emergency
49. Unused storage capacity
Data Integrity
Walk Though
Slack Space
Examples of non-technical security components
50. To reduce fire
Critical Functions
Multi-Programming
Interference (Noise)
Fire Suppression