SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Recording activities at the keyboard level
Keystroke Logging
Workaround Procedures
Collisions
Method
2. Recovery alternative - a building only with sufficient power - and HVAC
Denial Of Service
Cold Site
TIFF (Tagged Image File Format)
Disaster Recovery Tape
3. High level design or model with a goal of consistency - integrity - and balance
Architecture
Discretionary
Memory Management
Database Shadowing
4. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
Structured Walkthrough
MOM
Voice Over IP (VOIP)
CobiT
5. Intermediate level - pertaining to planning
Operational
Identification
Brouter
Forensic Copy
6. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Chain of Custody
Waterfall
Encapsulation
Sharing
7. DoS - Spoofing - dictionary - brute force - wardialing
Object
Access Control Attacks
Compensating
Intrusion Prevention Systems
8. With enough computing power trying all possible combinations
Compensating
False Negative
Fire Classes
Brute Force
9. Two certificate authorities that trust each other
Quantitative Risk Analysis
Cross Certification
Fragmented Data
Crisis
10. A BCP testing type - (structured walkthrough) - a test that answers the question: Is everything need for recovery available?
Walk Though
Intrusion Detection Systems
Residual Risk
Database Replication
11. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Operational Impact Analysis
Wait
Event
Digital Signature
12. A database that contains the name - type - range of values - source and authorization for access for each data element
Analysis
Classification
Data Dictionary
Change Control
13. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Framework
Countermeasure
Access Control Lists
Business Interruption
14. System directed mediation of access with labels
Labeling
Trapdoors (Backdoors) (Maintenance Hooks)
Service Bureau
Mandatory
15. To reduce sudden rises in current
Near Site
Firewall
Redundant Servers
Surge Suppressor
16. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Microwave
Business Continuity Program
Recovery Period
JPEG (Joint Photographic Experts Group)
17. More than one processor sharing same memory - also know as parallel systems
Multi-Processor
Procedure
Alternate Site
Recovery
18. More than one process in the middle of executing at a time
Recovery
Fire Suppression
False Attack Stimulus
Multi-Tasking
19. A template for the designing the architecture
Mixed Law System
Patent
Mandatory
Security Blueprint
20. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
Rootkit
Blackout
SQL Injection
Codec
21. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Tar Pits
Cryptovariable
Forensic Copy
Concentrator
22. Is secondhand and usually not admissible in court
Site Policy Awareness
Control
Hearsay Evidence
Remote Journaling
23. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities
TEMPEST
Checklist Test
Substitution
Patch Management
24. Communication of a security incident to stakeholders and data owners.
Private Branch Exchange (PBX)
Notification
Remote Journaling
Collisions
25. Amount of time for restoring a business process or function to normal operations without major loss
Orange Book A Classification
Dangling Pointer
Maximum Tolerable Downtime (MTD)
Operational Impact Analysis
26. A Trojan horse with the express underlying purpose of controlling host from a distance
Forward Recovery
Remote Access Trojan
File Server
Digital Signature
27. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Alert/Alarm
File Level Deletion
Exposure
Trapdoors (Backdoors) (Maintenance Hooks)
28. A state where two subjects can access the same object without proper mediation
E-Mail Spoofing
Legacy Data
Multi-Party Control
Race Condition
29. Control type- that is communication based - typically written or oral
Fiber Optics
Code
Administrative
Privacy Laws
30. A description of a database
Multi-Party Control
Data Dictionary
Strategic
Compiler
31. A group or network of honeypots
Non-Repudiation
ff Site
Honeynet
Isolation
32. A backup type which creates a complete copy
File Sharing
User Mode (problem or program state)
Replication
Due Care
33. Potentially compromising leakage of electrical or acoustical signals.
Ring Protection
Interpreter
UPS
Emanations
34. Actions measured against either a policy or what a reasonable person would do
Total Risk
Patent
Life Cycle of Evidence
Due Diligence
35. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Labeling
Technical Access Controls
Kerberos
One Time Pad
36. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Switches
Debriefing/Feedback
Archival Data
Integrated Test
37. A type of attack involving attempted insertion - deletion or altering of data.
Exposure
Information Risk Management (IRM)
Spiral
Modification
38. Event(s) that cause harm
Labeling
Aggregation
Incident
Education
39. Long term knowledge building
Business Interruption Insurance
Education
Masked/Interruptible
Process Isolation
40. Recovery alternative - short-term - high cost movable processing location
File Server
Atomicity
Radio Frequency Interference (RFI)
Mobile Site
41. Asymmetric encryption of a hash of message
Denial Of Service
Digital Signature
SYN Flooding
Trademark
42. People protect their domain
Object Oriented Programming (OOP)
Incident Manager
Territoriality
Symmetric
43. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
Change Control
Accountability
Processes are Isolated By
Activation
44. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Orange Book D Classification
Emergency Procedures
Disk Mirroring
Business Continuity Planning (BCP)
45. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Recovery
Simulation
Processes are Isolated By
Operational Exercise
46. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Warm Site
Deletion
Acronym for American Standard Code for Information Interchange (ASCII)
Standalone Test
47. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.
Inheritance
Teardrop
Content Dependent Access Control
Highly Confidential
48. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Emergency Procedures
War Dialing
Site Policy
Message Digest
49. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Authentic
Isolation
Business Impact Analysis
Call Tree
50. Prolonged loss of commercial power
Isolation
Recovery Time Objectives
Degauss
Blackout