SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
Voice Over IP (VOIP)
Switches
Full Test (Full Interruption)
Disk Mirroring
2. Uncheck data input which results in redirection
HTTP Response Splitting
Data Backup Strategies
Accountability
Lattice
3. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
False (False Positive)
Data Recovery
Threat Agent
Polymorphism
4. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Cross-Site Scripting
Cryptovariable
Coaxial Cable
Vulnerability
5. Event(s) that cause harm
Alternate Data Streams (File System Forks)
Near Site
Incident
Protection
6. Pertaining to law - high degree of veracity
Hearsay Evidence
Accurate
IP Address Spoofing
Access Control Attacks
7. Searching for wireless networks in a moving car.
War Driving
Plan Maintenance Procedures
Failure Modes and Effect Analysis (FEMA)
Vulnerability
8. Object reuse protection and auditing
Safeguard
Test Plan
Source Routing Exploitation
Orange Book C2 Classification
9. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Chain Of Custody
Targeted Testing
Smurf
Double Blind Testing
10. Two different keys decrypt the same cipher text
Birthday Attack
Alternate Data Streams (File System Forks)
Electronic Vaulting
Key Clustering
11. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Critical Infrastructure
Standalone Test
Highly Confidential
Running
12. Granular decision by a system of permitting or denying access to a particular resource on the system
Fragmented Data
Brownout
Key Space
Authorization
13. Statistical probabilities of a collision are more likely than one thinks
ISO/IEC 27002
Birthday Attack
False (False Positive)
Site Policy Awareness
14. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Eavesdropping
Man-In-The-Middle Attack
Fraggle
Process Isolation
15. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Authorization
Control Category
Twisted Pair
Civil Law
16. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.
Redundant Servers
Metadata
JPEG (Joint Photographic Experts Group)
Policy
17. More than one processor sharing same memory - also know as parallel systems
Database Shadowing
Discretionary Access Control (DAC)
Contingency Plan
Multi-Processor
18. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas
Operational
ff Site
Covert Channel
Incident Response Team
19. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Electronic Vaulting
Chain Of Custody
UPS
Acronym for American Standard Code for Information Interchange (ASCII)
20. A one way - directed graph which indicates confidentiality or integrity flow
Incident
HTTP Response Splitting
Lattice
Shift Cipher (Caesar)
21. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Codec
Covert Channel
Business Recovery Timeline
Private Branch Exchange (PBX)
22. A secure connection to another network.
Administrative Access Controls
Remote Access Trojan
Mirrored Site
Gateway
23. A type of attack involving attempted insertion - deletion or altering of data.
Cryptology
Twisted Pair
Authorization
Modification
24. Vehicle stopping object
Remote Journaling
Attacker (Black hat - Hacker)
Disk Mirroring
Bollard
25. Intellectual property protection for an invention
Cross Certification
Education
Recovery Time Objectives
Patent
26. The problems solving state - the opposite of supervisor mode
Recovery Strategy
Electronic Vaulting
User Mode (problem or program state)
Compression
27. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.
Masked/Interruptible
Business Recovery Team
Phishing
Debriefing/Feedback
28. Forging of an IP address.
IP Address Spoofing
Complete
Trapdoors (Backdoors) (Maintenance Hooks)
Repeaters
29. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.
Full Test (Full Interruption)
Non-Repudiation
Voice Over IP (VOIP)
Business Unit Recovery
30. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Multi-Processor
Data Integrity
Central Processing Unit (CPU)
Reciprocal Agreement
31. A system designed to prevent unauthorized access to or from a private network.
Data Dictionary
Quantitative Risk Analysis
Method
Firewall
32. Controls for termination of attempt to access object
Business Continuity Steering Committee
Intrusion Prevention Systems
Fraggle
CobiT
33. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
One Time Pad
Modification
Wireless Fidelity (Wi-Fi )
Embedded Systems
34. Subjects will not interact with each other's objects
Non-Interference
Kerberos
Declaration
User Mode (problem or program state)
35. An unintended communication path
Criminal Law
Covert Channel
Restoration
Alert
36. Reduces causes of fire
Sequence Attacks
Protection
Security Kernel
Fire Prevention
37. Evidence must be: admissible - authentic - complete - accurate - and convincing
5 Rules Of Evidence
Recovery Period
Chain of Custody
Multi-Processing
38. OOP concept of a template that consist of attributes and behaviors
IP Address Spoofing
Memory Management
Class
Cross Certification
39. Summary of a communication for the purpose of integrity
Checklist Test (desk check)
Message Digest
Virtual Memory
Concatenation
40. Individuals and departments responsible for the storage and safeguarding of computerized data.
Ethics
Disaster Recovery Teams (Business Recovery Teams)
Attacker (Black hat - Hacker)
Data Custodian
41. Methodical research of an incident with the purpose of finding the root cause
Investigation
Cryptovariable
Mantrap (Double Door System)
Criminal Law
42. Collection of data on business functions which determines the strategy of resiliency
Business Impact Assessment (BIA)
Business Interruption Insurance
Stopped
Change Control
43. Joining two pieces of text
Concatenation
Multi-Processor
Intrusion Detection Systems
Metadata
44. Recovery alternative which includes cold site and some equipment and infrastructure is available
Information Owner
Interception
War Driving
Warm Site
45. A backup of data located where staff can gain access immediately
Blind Testing
Birthday Attack
On-Site
Revocation
46. Dedicated fast memory located on the same board as the CPU
Keyed-Hashing For Message Authentication
CPU Cache
True Attack Stimulus
Business Impact Analysis
47. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Rollback
Multi-Tasking
ISO/IEC 27002
Business Records
48. All of the protection mechanism in a computer system
Critical Infrastructure
Risk Assessment
Trusted Computing Base
Rogue Access Points
49. A device that sequentially switches multiple analog inputs to the output.
Multiplexers
Bumping
Checklist Test (desk check)
Byte
50. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware
Information Owner
Cross-Site Scripting
Private Branch Exchange (PBX)
Kerberos