SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Recovery alternative - a building only with sufficient power - and HVAC
Cold Site
Certification
Durability
Modems
2. Trading one for another
Certificate Revocation List (CRL)
Substitution
Complete
Embedded Systems
3. Calculation encompassing threats - vulnerabilities and assets
Deleted File
Total Risk
Contingency Plan
Birthday Attack
4. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
War Dialing
Sharing
Disaster Recovery Plan
Disaster Recovery Tape
5. Control category - more than one control on a single asset
Recovery Time Objectives
Accreditation
Compensating
Fire Suppression
6. A technology that reduces the size of a file.
Executive Succession
Compression
Access Control Matrix
Record Level Deletion
7. Vehicle stopping object
Bollard
True Attack Stimulus
Denial Of Service
Job Training
8. Those who initiate the attack
Detective
Blackout
Investigation
Threat Agent
9. More than one process in the middle of executing at a time
Faraday Cage/ Shield
Multi-Tasking
Orange Book B1 Classification
Reciprocal Agreement
10. A group or network of honeypots
Multi-Core
Education
Honeynet
Firewall
11. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Compression
Interception
Exposure
Warm Site
12. Recording activities at the keyboard level
Overlapping Fragment Attack
Keystroke Logging
Information Technology Security Evaluation Criteria - ITSEC
Business Continuity Planning (BCP)
13. Data or interference that can trigger a false positive
Proxies
Noise
IDS Intrusion Detection System
Targeted Testing
14. Periodic - automatic and transparent backup of data in bulk.
Quantitative Risk Analysis
Electronic Vaulting
Targeted Testing
Sampling
15. Interception of a communication session by an attacker.
Embedded Systems
Complete
Open Mail Relay Servers
Hijacking
16. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions
Kernel
Aggregation
Architecture
Resumption
17. A race condition where the security changes during the object's access
Transients
Sequence Attacks
Time Of Check/Time Of Use
Safeguard
18. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.
CPU Cache
Business Recovery Team
Cryptology
Open Mail Relay Servers
19. High level - pertaining to planning
Machine Language (Machine Code)
Strategic
Information Technology Security Evaluation Criteria - ITSEC
Countermeasure
20. Outputs within a given function are the same result
Criminal Law
Intrusion Prevention Systems
Collisions
Parallel Test
21. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Operational Exercise
Information Technology Security Evaluation Criteria - ITSEC
Analysis
Satellite
22. Unsolicited commercial email
Distributed Denial Of Service
Pointer
Surveillance
Spam
23. Evidence must be: admissible - authentic - complete - accurate - and convincing
5 Rules Of Evidence
Collisions
IP Address Spoofing
Due Diligence
24. To know more than one job
Database Shadowing
Multiplexers
Threat Agent
Cross Training
25. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services
Ring Protection
Administrative
Double Blind Testing
Access Control Lists
26. A form of data hiding which protects running threads of execution from using each other's memory
Process Isolation
Life Cycle of Evidence
Interference (Noise)
Forward Recovery
27. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
High-Risk Areas
Data Hiding
Orange Book C Classification
Business Continuity Program
28. Is secondhand and usually not admissible in court
Database Replication
Total Risk
Keystroke Logging
Hearsay Evidence
29. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Corrective
Side Channel Attack
Picking
Administrative Law
30. Prolonged loss of commercial power
Corrective
Admissible
Discretionary
Blackout
31. To stop damage from spreading
Business Impact Assessment (BIA)
Containment
Databases
Revocation
32. Objects or programming that looks the different but act same
Polymorphism
Infrastructure
Residual Data
Access Control
33. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Bollard
Life Cycle of Evidence
Discretionary Access Control (DAC)
Blind Testing
34. Claiming another's identity at a physical level
Data Hiding
Masquerading
Identification
Microwave
35. Control type- that is communication based - typically written or oral
Uninterruptible Power Supply (UPS)
Alarm Filtering
Administrative
Electronic Vaulting
36. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Full Test (Full Interruption)
Repeaters
Basics Of Secure Design
Reciprocal Agreement
37. Induces a crime - tricks a person - and is illegal
Entrapment
Dictionary Attack
The ACID Test
Privacy Laws
38. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Recovery Strategy
Corrective
Metadata
Discretionary Access Control (DAC)
39. A basic level of network access control that is based upon information contained in the IP packet header.
Race Condition
Packet Filtering
Business Continuity Planning (BCP)
Mirroring
40. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Open Mail Relay Servers
Residual Risk
Business Continuity Steering Committee
Eavesdropping
41. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Smurf
Physical Tampering
Total Risk
Residual Risk
42. Renders the record inaccessible to the database management system
Critical Infrastructure
Fire Classes
Record Level Deletion
Mobile Recovery
43. A physical enclosure for verifying identity before entry to a facility
Security Clearance
Steganography
Mantrap (Double Door System)
Exercise
44. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance
Authentic
Redundant Array Of Independent Drives (RAID)
Adware
Legacy Data
45. Substitution at the word or phrase level
Critical Records
Code
Disaster
Recovery Point Objective (RPO)
46. Third party processes used to organize the implementation of an architecture
Object Oriented Programming (OOP)
Chain Of Custody
Framework
File Server
47. A collection of information designed to reduce duplication and increase integrity
Targeted Testing
Databases
Encipher
TEMPEST
48. DoS - Spoofing - dictionary - brute force - wardialing
Business Continuity Program
Convincing
Cryptanalysis
Access Control Attacks
49. Natural occurrence in circuits that are in close proximity
Interference (Noise)
Surge
Triage
Multi-Processor
50. A process state - (blocked) needing input before continuing
Burn
Vital Record
Hearsay
Wait