SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A planned or unplanned interruption in system availability.
Bridge
E-Mail Spoofing
System Downtime
Open Mail Relay Servers
2. Claiming another's identity at a physical level
Masquerading
Machine Language (Machine Code)
Polymorphism
Replication
3. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Infrastructure
Waterfall
Critical Records
Botnet
4. A signal suggesting a system has been or is being attacked.
Backup
Alert/Alarm
Concatenation
Firewall
5. To reduce fire
Fire Suppression
Sag/Dip
Ring Protection
Integrated Test
6. Hiding the fact that communication has occurred
Recovery Time Objectives
Inheritance
Cross Training
Steganography
7. People protect their domain
Territoriality
Inference
File
IDS Intrusion Detection System
8. Recording the Who What When Where How of evidence
Permutation /Transposition
Chain Of Custody
TCSEC (Orange Book)
Criminal Law
9. A covert storage channel on the file attribute
Hot Site
Phishing
Mission-Critical Application
Alternate Data Streams (File System Forks)
10. Written step-by-step actions
Procedure
Disaster Recovery Teams (Business Recovery Teams)
Site Policy
Radio Frequency Interference (RFI)
11. A risk assessment method - measurable real money cost
Fault
Fault Tolerance
Quantitative
Examples of non-technical security components
12. Location where coordination and execution of BCP or DRP is directed
Emergency Operations Center (EOC)
Total Risk
Mobile Site
Emergency Procedures
13. Uses two or more legal systems
Open Mail Relay Servers
Fiber Optics
Mixed Law System
Exercise
14. A form of data hiding which protects running threads of execution from using each other's memory
Access Point
Process Isolation
Access Control Lists
Cache
15. Potentially compromising leakage of electrical or acoustical signals.
Journaling
Containment
Emanations
Critical Functions
16. A device that converts between digital and analog representation of data.
Orange Book B1 Classification
Modems
Repeaters
Machine Language (Machine Code)
17. Mitigation of system or component loss or interruption through use of backup capability.
Fault Tolerance
Preemptive
Degauss
Key Clustering
18. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas
Incident Response Team
Quantitative Risk Analysis
Central Processing Unit (CPU)
Routers
19. Key
ISO/IEC 27002
On-Site
Routers
Cryptovariable
20. People who interact with assets
User
Multi-Programming
Sniffing
Durability
21. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Hot Spares
Highly Confidential
Integrated Test
Layering
22. Memory management technique that allows two processes to run concurrently without interaction
Hub
Mobile Site
Exercise
Protection
23. Lower frequency noise
Initialization Vector
Radio Frequency Interference (RFI)
Shadowing (file shadowing)
Double Blind Testing
24. Subjects will not interact with each other's objects
Non-Interference
War Driving
Spam
False Negative
25. A process state - to be executing a process on the CPU
Interference (Noise)
Binary
Running
Due Diligence
26. Pertaining to law - no omissions
Complete
Remote Journaling
Technical Access Controls
Computer Forensics
27. A design methodology which addresses risk early and often
Spiral
Shift Cipher (Caesar)
File Server
Permutation /Transposition
28. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Botnet
Monitor
Public Key Infrastructure (PKI)
Data Integrity
29. Highest level of authority at EOC with knowledge of the business process and the resources available
Incident Manager
File
Governance
Hot Site
30. Information about a particular data set
Initialization Vector
Metadata
Phishing
Hot Spares
31. A design methodology which executes in a linear one way fashion
Waterfall
Relocation
Keyed-Hashing For Message Authentication
Generator
32. Granular decision by a system of permitting or denying access to a particular resource on the system
Critical Records
System Downtime
Authorization
Life Cycle of Evidence
33. Line by line translation from a high level language to machine code
Risk Assessment / Analysis
Business Interruption Insurance
Threads
Interpreter
34. Converts source code to an executable
Backup
ITSEC
Primary Storage
Compiler
35. Small data warehouse
Due Diligence
Data Marts
Reference Monitor
Rogue Access Points
36. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
File
Source Routing Exploitation
Need-To-Know
Virtual Memory
37. A type of attack involving attempted insertion - deletion or altering of data.
Critical Records
Control Type
Modification
Data Backups
38. An administrative unit or a group of objects and subjects controlled by one reference monitor
Hijacking
Security Domain
Surge
Faraday Cage/ Shield
39. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Access Control Matrix
Journaling
Exercise
Hard Disk
40. Is secondhand and usually not admissible in court
Hearsay Evidence
Concentrator
Log
Custodian
41. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
SYN Flooding
Test Plan
Certificate Revocation List (CRL)
Structured Walk-Through Test
42. Code breaking - practice of defeating the protective properties of cryptography.
Operational Impact Analysis
Cryptanalysis
Database Replication
Bumping
43. OOP concept of a class's details to be hidden from object
Integrated Test
Data Integrity
Encapsulation
HTTP Response Splitting
44. A state where two subjects can access the same object without proper mediation
Race Condition
Mock Disaster
Contingency Plan
Aggregation
45. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Cache
Virtual Memory
Integrated Test
CobiT
46. A type a computer memory that temporarily stores frequently used information for quick access.
Detective
Substitution
Cache
Brute Force
47. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
Worm
5 Rules Of Evidence
Conflict Of Interest
ISO/IEC 27001
48. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Covert Channel
Rollback
Business Recovery Timeline
Memory Management
49. To smooth out reductions or increases in power
Mobile Site
UPS
Simulation
Entrapment
50. Real-time - automatic and transparent backup of data.
Method
Machine Language (Machine Code)
Remote Journaling
Modems
