SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Pertaining to law - lending it self to one side of an argument
Convincing
Inference
Activation
Fire Prevention
2. To start business continuity processes
Key Management
Embedded Systems
Primary Storage
Activation
3. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
Cryptanalysis
Custodian
Permutation /Transposition
ITSEC
4. For PKI - to have more than one person in charge of a sensitive function
Disk Mirroring
Asymmetric
Multi-Party Control
Sniffing
5. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?
Civil Law
Security Clearance
Due Care
Checklist Test (desk check)
6. Communicate to stakeholders
Substitution
Debriefing/Feedback
Checklist Test (desk check)
Strategic
7. A collection of data or information that has a name
File
Business Interruption Insurance
Class
Data Hiding
8. Interception of a communication session by an attacker.
Isolation
Stopped
Highly Confidential
Hijacking
9. Short period of low voltage.
Sag/Dip
Classification Scheme
Accurate
File Extension
10. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
Deterrent
Detection
TEMPEST
Source Routing Exploitation
11. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Countermeasure
Assembler
Ring Protection
Incident Response
12. A one way - directed graph which indicates confidentiality or integrity flow
Lattice
Fire Suppression
Mandatory
Domain
13. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Intrusion Prevention Systems
Fraggle
Chain Of Custody
Binary
14. Maintenance procedures outline the process for the review and update of business continuity plans.
Safeguard
Business Interruption
Watermarking
Plan Maintenance Procedures
15. A program with an inappropriate second purpose
Trojan Horse
Network Attached Storage (NAS)
Exposure
Atomicity
16. Converts a high level language into machine language
Journaling
Assembler
File
Data Custodian
17. Security policy - procedures - and compliance enforcement
Test Plan
Noise
ISO/IEC 27001
Examples of non-technical security components
18. Actions measured against either a policy or what a reasonable person would do
Recovery Strategy
Near Site
Embedded
Due Diligence
19. A race condition where the security changes during the object's access
Metadata
Time Of Check/Time Of Use
ISO/IEC 27001
Relocation
20. Mitigation of system or component loss or interruption through use of backup capability.
Fragmented Data
Cipher Text
Fault Tolerance
Operational Test
21. Unauthorized wireless network access device.
Rogue Access Points
Dangling Pointer
Site Policy Awareness
Central Processing Unit (CPU)
22. Substitution at the word or phrase level
Business Recovery Timeline
Code
Business Impact Analysis
IDS Intrusion Detection System
23. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Restoration
Monitor
Risk Assessment
Pointer
24. Using small special tools all tumblers of the lock are aligned - opening the door
Object
Picking
Crisis
Business Continuity Steering Committee
25. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data
Asymmetric
Checkpoint
Desk Check Test
Byte Level Deletion
26. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Revocation
Cross-Site Scripting
Exposure
Least Privilege
27. The principles a person sets for themselves to follow
Security Blueprint
Process Isolation
Ethics
Disaster Recovery Tape
28. To create a copy of data as a precaution against the loss or damage of the original data.
Residual Risk
Backup
Common Law
Corrective
29. Evidence must be: admissible - authentic - complete - accurate - and convincing
5 Rules Of Evidence
Bit
Object
Memory Management
30. Intermediate level - pertaining to planning
DR Or BC Coordinator
2-Phase Commit
Operational
Masked/Interruptible
31. The collection and summation of risk data relating to a particular asset and controls for that asset
Fiber Optics
Risk Assessment
ISO/IEC 27001
Civil Law
32. Trading one for another
Multi-Tasking
Honeynet
Replication
Substitution
33. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
TNI (Red Book)
Radio Frequency Interference (RFI)
Redundant Array Of Independent Drives (RAID)
Relocation
34. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Guidelines
Residual Risk
EMI
SQL Injection
35. Autonomous malware that requires a flaw in a service
Mandatory Access Control (MAC)
Worm
Radio Frequency Interference (RFI)
Backup
36. Scrambled form of the message or data
Cipher Text
Denial Of Service
Revocation
TCSEC (Orange Book)
37. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Access Control Attacks
Near Site
Declaration
Cryptanalysis
38. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
Key Escrow
Mitigate
Denial Of Service
Fire Classes
39. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Risk Mitigation
Critical Records
Layering
Control Type
40. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Data Owner
Due Care
Governance
Stopped
41. Uses two or more legal systems
Wait
Kerberos
Mixed Law System
Logic Bomb
42. A risk assessment method - measurable real money cost
Restoration
Multi-Processing
DR Or BC Coordinator
Quantitative
43. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Life Cycle of Evidence
Intrusion Detection Systems
Blind Testing
Network Attached Storage (NAS)
44. Recovery alternative - complete duplication of services including personnel
Mirrored Site
Aggregation
Multiplexers
Electrostatic Discharge
45. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.
Emergency
Mock Disaster
DR Or BC Coordinator
Redundant Servers
46. The event signaling an IDS to produce an alarm when no attack has taken place
Hash Function
False Attack Stimulus
Residual Risk
Information Risk Management (IRM)
47. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Emergency
Identification
Strategic
Tapping
48. Effort/time needed to overcome a protective measure
Work Factor
Maximum Tolerable Downtime (MTD)
Marking
Checkpoint
49. Pertaining to law - verified as real
Control Category
Authentic
Cryptanalysis
Desk Check Test
50. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Interception
User
Mandatory Access Control (MAC)
War Dialing
