SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Residual Risk
File Extension
Criminal Law
Top Secret
2. A passive network attack involving monitoring of traffic.
Smurf
Eavesdropping
Brute Force
Inrush Current
3. Momentary loss of power
Service Bureau
Fault
Operational Impact Analysis
Initialization Vector
4. OOP concept of an object's abilities - what it does
Method
Simulation
Isolation
SYN Flooding
5. The principles a person sets for themselves to follow
Change Control
Ethics
Security Blueprint
Compiler
6. A condition in which neither party is willing to stop their activity for the other to complete
Generator
TNI (Red Book)
Deadlock
Call Tree
7. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Interception
State Machine Model
Byte Level Deletion
Hot Spares
8. A temporary public file to inform others of a compromised digital certificate
Remote Journaling
Near Site
Certificate Revocation List (CRL)
Ethics
9. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
TIFF (Tagged Image File Format)
BCP Testing Drills and Exercises
UPS
Fragmented Data
10. Unauthorized access of network devices.
Physical Tampering
Cache
Operational
Switches
11. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
Information Technology Security Evaluation Criteria - ITSEC
Public Key Infrastructure (PKI)
False (False Positive)
Inrush Current
12. Recording activities at the keyboard level
Plain Text
Keystroke Logging
Analysis
Identification
13. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Recovery Period
Investigation
Active Data
Residual Data
14. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials
Administrative Laws
Alert
Standard
Restoration
15. A process state - (blocked) needing input before continuing
Multi-Processor
Wait
Redundant Servers
Job Rotation
16. To stop damage from spreading
Containment
Criminal Law
Active Data
Fiber Optics
17. A world-wide wireless technology
Concatenation
Wireless Fidelity (Wi-Fi )
Database Shadowing
Classification Scheme
18. A program that waits for a condition or time to occur that executes an inappropriate activity
Instance
Honeynet
Backup
Logic Bomb
19. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Tar Pits
Operational Exercise
Accurate
Infrastructure
20. A state for operating system tasks only
Supervisor Mode (monitor - system - privileged)
Layering
System Life Cycle
Restoration
21. A device that provides the functions of both a bridge and a router.
Switches
Brouter
Isolation
Gateway
22. Alerts personnel to the presence of a fire
Compiler
MOM
Restoration
Fire Detection
23. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Checklist Test (desk check)
Administrative Access Controls
Durability
Strategic
24. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.
Residual Risk
Running
Active Data
Control Type
25. A telephone exchange for a specific office or business.
Alert
Structured Walk-Through Test
Private Branch Exchange (PBX)
Electrostatic Discharge
26. Inference about encrypted communications
Sag/Dip
Side Channel Attack
File Server
Cryptovariable
27. RADIUS - TACACS+ - Diameter
Kerckhoff's Principle
TEMPEST
Centralized Access Control Technologies
Cryptology
28. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Journaling
Man-In-The-Middle Attack
SYN Flooding
Certificate Revocation List (CRL)
29. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Trademark
State Machine Model
TIFF (Tagged Image File Format)
Off-Site Storage
30. To execute more than one instruction at an instant in time
Hearsay
Source Routing Exploitation
Multi-Processing
TNI (Red Book)
31. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Technical Access Controls
Pervasive Computing and Mobile Computing Devices
Transfer
Honeynet
32. An unintended communication path
Collisions
Emergency
Covert Channel
Certification Authority
33. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Reciprocal Agreement
Cipher Text
Coaxial Cable
Business Interruption
34. Vehicle or tool that exploits a weakness
Preemptive
Threats
Alarm Filtering
Electromagnetic Interference (EMI)
35. Most granular organization of controls
Trusted Computing Base
Control Category
Interpreter
HTTP Response Splitting
36. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Internal Use Only
False (False Positive)
Application Programming Interface
3 Types of harm Addressed in computer crime laws
37. Fault tolerance for power
Generator
Cross-Site Scripting
Polyalphabetic
EMI
38. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Malformed Input
Checklist Test (desk check)
Lattice
Call Tree
39. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Shielding
Crisis
Patent
Common Law
40. A legal enforceable agreement between: two people - two organizations - a person and an organization.
Object Reuse
Tort
BCP Testing Drills and Exercises
Key Management
41. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
TCSEC (Orange Book)
Rootkit
Malformed Input
Source Routing Exploitation
42. Information about data or records
Salami
Race Condition
Metadata
Recovery
43. Subject based description of a system or a collection of resources
Tort
Transfer
Capability Tables
Mock Disaster
44. All of the protection mechanism in a computer system
Containment
Trusted Computing Base
Prevention
Identification
45. A database backup type which records at the transaction level
Remote Journaling
Fire Suppression
War Driving
Corrective
46. Ertaining to a number system that has just two unique digits.
Binary
Botnet
Incident Response Team
Teardrop
47. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Recovery
Business Recovery Team
Change Control
Intrusion Detection Systems
48. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
EMI
Residual Risk
Brouter
Cross Certification
49. Mediation of subject and object interactions
Classification Scheme
Crisis
Architecture
Access Control
50. With enough computing power trying all possible combinations
Dictionary Attack
Brute Force
Cryptanalysis
TEMPEST