SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.
Plan Maintenance Procedures
Business Unit Recovery
Dictionary Attack
Strategic
2. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
TIFF (Tagged Image File Format)
Key Space
Analysis
Structured Walkthrough
3. Written step-by-step actions
File Shadowing
Procedure
Warm Site
Certification Authority
4. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities
Modems
Distributed Processing
Digital Signature
Checklist Test
5. A BCP testing type - (structured walkthrough) - a test that answers the question: Is everything need for recovery available?
Walk Though
Central Processing Unit (CPU)
Education
Electronic Vaulting
6. Summary of a communication for the purpose of integrity
Message Digest
Event
IP Fragmentation
War Dialing
7. Written internalized or nationalized norms that are internal to an organization
Disaster Recovery Tape
Standard
Multi-Processing
Recovery Point Objective (RPO)
8. Narrow scope examination of a system
Checklist Test (desk check)
Administrative Law
Targeted Testing
Access Control Lists
9. Descrambling the encrypted message with the corresponding key
Decipher
Interception
Risk Assessment
Multilevel Security System
10. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Multiplexers
Boot (V.)
Compartmentalize
Incident Response
11. A backup of data located where staff can gain access immediately
Firewall
On-Site
Monitor
Tracking
12. Weak evidence
Adware
Hearsay
Security Kernel
Detection
13. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
DR Or BC Coordinator
Binary
Transients
Encryption
14. Uses two or more legal systems
Network Attached Storage (NAS)
Encipher
Mixed Law System
State Machine Model
15. A process state - (blocked) needing input before continuing
Patch Panels
Control Category
Orange Book A Classification
Wait
16. One way encryption
Hash Function
Reference Monitor
Cryptography
Alternate Data Streams (File System Forks)
17. Subjects will not interact with each other's objects
Rogue Access Points
True Attack Stimulus
Business Continuity Steering Committee
Non-Interference
18. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.
Safeguard
2-Phase Commit
Data Leakage
Accountability
19. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Simulation
Strong Authentication
Examples of technical security components
Analysis
20. Object based description of a single resource and the permission each subject
Kernel
Certification Authority
Access Control Lists
Structured Walkthrough
21. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Crisis
Security Blueprint
Strategic
Disaster
22. Consume resources to a point of exhaustion - loss of availability
Denial Of Service
Shadowing (file shadowing)
Consistency
Code
23. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
ITSEC
Least Privilege
Preemptive
Pervasive Computing and Mobile Computing Devices
24. Third party processes used to organize the implementation of an architecture
Framework
Degauss
Wireless Fidelity (Wi-Fi )
Distributed Processing
25. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Administrative Law
Sniffing
Incident Handling
Residual Risk
26. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Revocation
Liability
Emergency Procedures
Analysis
27. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Twisted Pair
Time Of Check/Time Of Use
Authorization
Incident Response
28. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
Patch Management
Mixed Law System
System Life Cycle
Mandatory Vacations
29. Moving letters around
Privacy Laws
Desk Check Test
Incident Handling
Permutation /Transposition
30. Information about data or records
Hearsay
Full Test (Full Interruption)
Metadata
Mandatory Access Control (MAC)
31. Highest level of authority at EOC with knowledge of the business process and the resources available
Incident Manager
Prevention
Collisions
Symmetric
32. A process state - to be executing a process on the CPU
Concentrator
Site Policy Awareness
Running
Botnet
33. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Injection
Basics Of Secure Design
Structured Walkthrough
Multiplexers
34. A set of laws that the organization agrees to be bound by
Administrative Law
Business Records
BCP Testing Drills and Exercises
Basics Of Secure Design
35. A group or network of honeypots
Covert Channel
Central Processing Unit (CPU)
Fraggle
Honeynet
36. The collection and summation of risk data relating to a particular asset and controls for that asset
Business Recovery Timeline
Central Processing Unit (CPU)
Multi-Processing
Risk Assessment
37. For PKI - to have more than one person in charge of a sensitive function
Shadowing (file shadowing)
Multi-Party Control
Cipher Text
Security Domain
38. A copy of transaction data - designed for querying and reporting
Hub
Data Warehouse
Kernel
Inrush Current
39. A secure connection to another network.
Recovery Point Objective (RPO)
Interpreter
Hot Spares
Gateway
40. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Checklist Test (desk check)
Forensic Copy
Noise
Orange Book C Classification
41. Unauthorized wireless network access device.
Denial Of Service
Administrative
Rogue Access Points
Emanations
42. Uncheck data input which results in redirection
HTTP Response Splitting
Incident
Encipher
Hash Function
43. State of computer - to be running a process
Residual Risk
Non-Repudiation
Operating
Fragmented Data
44. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Smurf
Transfer
Containment
Backup
45. Location to perform the business function
Codec
Uninterruptible Power Supply (UPS)
Alternate Site
Discretionary
46. Controls for logging and alerting
Data Integrity
Hash Function
Control
Intrusion Detection Systems
47. One entity with two competing allegiances
Governance
Conflict Of Interest
ISO/IEC 27001
Packet Filtering
48. A control before attack
Eavesdropping
Classification Scheme
Safeguard
Electronic Vaulting
49. A backup type - for databases at a point in time
Primary Storage
Shadowing (file shadowing)
Fraggle
User Mode (problem or program state)
50. Recovery alternative - short-term - high cost movable processing location
Content Dependent Access Control
Authentic
Mobile Site
Site Policy Awareness