SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Emergency Procedures
Structured Walk-Through Test
Trade Secret
Blind Testing
2. Renders the record inaccessible to the database management system
Record Level Deletion
Electronic Vaulting
Triage
Risk Mitigation
3. A collection of data or information that has a name
File
UPS
Business Impact Assessment (BIA)
Life Cycle of Evidence
4. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Top Secret
Information Risk Management (IRM)
Fire Suppression
Data Owner
5. For PKI - to have more than one person in charge of a sensitive function
Multi-Party Control
Accountability
Private Branch Exchange (PBX)
IDS Intrusion Detection System
6. A secure connection to another network.
Gateway
Key Management
Business Interruption
Reference Monitor
7. Intermediate level - pertaining to planning
Compensating
ISO/IEC 27001
Satellite
Operational
8. Firewalls - encryption - and access control lists
Procedure
Examples of technical security components
Threads
Mock Disaster
9. Is secondhand and usually not admissible in court
False Attack Stimulus
Hearsay Evidence
Checkpoint
Data Marts
10. Vehicle stopping object
CobiT
Classification
Wait
Bollard
11. A back up type - where the organization has excess capacity in another location.
Liability
Pervasive Computing and Mobile Computing Devices
Cross Certification
Distributed Processing
12. System mediation of access with the focus on the context of the request
Vital Record
Database Replication
SQL Injection
Content Dependent Access Control
13. Pertaining to law - accepted by a court
5 Rules Of Evidence
State Machine Model
Admissible
Structured Walkthrough
14. Memory - RAM
HTTP Response Splitting
Primary Storage
Civil Law
Mission-Critical Application
15. Eavesdropping on network communications by a third party.
Custodian
Content Dependent Access Control
Sniffing
Substitution
16. The level and label given to an individual for the purpose of compartmentalization
Security Clearance
Satellite
Remote Journaling
Preemptive
17. Policy or stated actions
Due Care
Security Clearance
Information Owner
Restoration
18. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
HTTP Response Splitting
Information Technology Security Evaluation Criteria - ITSEC
ff Site
Embedded
19. Power surge
Decipher
Electrostatic Discharge
Isolation
Blackout
20. Requirement to take time off
Overlapping Fragment Attack
Mandatory Vacations
Covert Channel
Deletion
21. OOP concept of a taking attributes from the original or parent
Inheritance
Honeynet
Running
Risk Mitigation
22. To assert or claim credentialing to an authentication system
Identification
Rootkit
Noise
Inheritance
23. Mediation of subject and object interactions
Standalone Test
Access Control
On-Site
File Sharing
24. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Multi-Programming
Alarm Filtering
Hash Function
Business Continuity Planning (BCP)
25. People who interact with assets
Archival Data
User
Sequence Attacks
Control
26. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Evidence
Crisis
Control Type
Top Secret
27. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
IP Fragmentation
Disaster Recovery Plan
Proxies
Stopped
28. Program instructions based upon the CPU's specific architecture
Failure Modes and Effect Analysis (FEMA)
Machine Language (Machine Code)
Active Data
Eavesdropping
29. Memory management technique which allows data to be moved from one memory address to another
Relocation
Checkpoint
Chain of Custody
Layering
30. Security policy - procedures - and compliance enforcement
Examples of non-technical security components
Administrative Law
Object Oriented Programming (OOP)
Chain of Custody
31. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Content Dependent Access Control
Monitor
Primary Storage
Least Privilege
32. The study of cryptography and cryptanalysis
Certificate Revocation List (CRL)
Cryptology
Internal Use Only
Byte
33. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Threat Agent
Workaround Procedures
File
Smurf
34. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Life Cycle of Evidence
Operational Impact Analysis
Dangling Pointer
Surveillance
35. The principles a person sets for themselves to follow
Atomicity
Business Records
Ethics
Permutation /Transposition
36. Granular decision by a system of permitting or denying access to a particular resource on the system
Coaxial Cable
Hearsay
Plaintext
Authorization
37. With enough computing power trying all possible combinations
Brute Force
Bit
Encryption
Key Space
38. Requirement of access to data for a clearly defined purpose
UPS
Need-To-Know
Microwave
Encipher
39. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due
Data Integrity
Elements of Negligence
Inrush Current
Overlapping Fragment Attack
40. An administrative unit or a group of objects and subjects controlled by one reference monitor
Convincing
Security Domain
Operating
Polyalphabetic
41. A system designed to prevent unauthorized access to or from a private network.
Business Recovery Timeline
Compression
Firewall
Remote Access Trojan
42. A risk assessment method - measurable real money cost
Fire Detection
Residual Risk
Quantitative
Security Blueprint
43. To move from location to location - keeping the same function
Job Rotation
Territoriality
Binary
Conflict Of Interest
44. A condition in which neither party is willing to stop their activity for the other to complete
Deadlock
Guidelines
Structured Walk-Through Test
Operational
45. Two certificate authorities that trust each other
BCP Testing Drills and Exercises
Investigation
Privacy Laws
Cross Certification
46. State of computer - to be running a process
Total Risk
Backup
Operating
Administrative Law
47. High level design or model with a goal of consistency - integrity - and balance
Architecture
Cross Training
Data Leakage
Threat Agent
48. For PKI - to store another copy of a key
Proxies
Key Escrow
Incident Handling
Worm
49. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Life Cycle of Evidence
Concatenation
Orange Book D Classification
Certification
50. A subnetwork with storage devices servicing all servers on the attached network.
Plaintext
Data Integrity
Storage Area Network (SAN)
Mandatory Access Control (MAC)