SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To start business continuity processes
Activation
Public Key Infrastructure (PKI)
Control Type
Examples of non-technical security components
2. Dedicated fast memory located on the same board as the CPU
Marking
Active Data
Mobile Recovery
CPU Cache
3. Renders the record inaccessible to the database management system
Maximum Tolerable Downtime (MTD)
File Shadowing
Record Level Deletion
Locard's Principle
4. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due
Incident Handling
Elements of Negligence
Criminal Law
Hacker
5. A state for operating system tasks only
Voice Over IP (VOIP)
Data Dictionary
Supervisor Mode (monitor - system - privileged)
Covert Channel
6. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.
Certification
Cache
Business Continuity Program
E-Mail Spoofing
7. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Deterrent
Satellite
Rootkit
Key Management
8. Written step-by-step actions
Procedure
Test Plan
Routers
Separation Of Duties
9. Control category- to discourage an adversary from attempting to access
User
Total Risk
Chain of Custody
Deterrent
10. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
IP Fragmentation
5 Rules Of Evidence
Maximum Tolerable Downtime (MTD)
Business Recovery Team
11. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Coaxial Cable
Tracking
Certificate Revocation List (CRL)
Mock Disaster
12. The partial or full duplication of data from a source database to one or more destination databases.
Processes are Isolated By
Database Replication
Application Programming Interface
Standalone Test
13. The collection and summation of risk data relating to a particular asset and controls for that asset
Machine Language (Machine Code)
Chain of Custody
Risk Mitigation
Risk Assessment
14. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Business Impact Assessment (BIA)
TIFF (Tagged Image File Format)
Education
Basics Of Secure Design
15. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Recovery Point Objective (RPO)
Alternate Data Streams (File System Forks)
Electrostatic Discharge
Security Kernel
16. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
War Dialing
Processes are Isolated By
Hijacking
Remote Access Trojan
17. Real-time data backup ( Data Mirroring)
Database Shadowing
Pointer
Hacker
Mobile Recovery
18. Threats x Vulnerability x Asset Value = Total Risk
Data Integrity
Total Risk
Permutation /Transposition
Service Bureau
19. Vehicle or tool that exploits a weakness
Threats
Access Control Lists
Desk Check Test
Supervisor Mode (monitor - system - privileged)
20. Small data files written to a user's hard drive by a web server.
Multi-Core
Access Control Lists
Cookie
Forensic Copy
21. Control category - more than one control on a single asset
Pervasive Computing and Mobile Computing Devices
Databases
Intrusion Prevention Systems
Compensating
22. An availability attack - to consume resources to the point of exhaustion from multiple vectors
Executive Succession
Simulation
Detection
Distributed Denial Of Service
23. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.
Business Impact Analysis
Codec
Pointer
Switches
24. Reprogrammable basic startup instructions
Authorization
Key Management
Firmware
Operational Impact Analysis
25. OOP concept of a distinct copy of the class
Remote Journaling
Blackout
Object
Alert
26. Third party processes used to organize the implementation of an architecture
Control Type
Framework
Computer System Evidence
Countermeasure
27. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Lattice
Governance
Declaration
Digital Signature
28. Potential danger to information or systems
Threats
Incident Response
Alert
Redundant Array Of Independent Drives (RAID)
29. Total number of keys available that may be selected by the user of a cryptosystem
Key Space
Dictionary Attack
Incident Response Team
EMI
30. Business and technical process of applying security software updates in a regulated periodic way
Patch Management
Discretionary
Deletion
Denial Of Service
31. A programming device use in development to circumvent controls
Physical Tampering
Sniffing
Side Channel Attack
Trapdoors (Backdoors) (Maintenance Hooks)
32. A computer designed for the purpose of studying adversaries
Shift Cipher (Caesar)
Copyright
Honeypot
Structured Walk-Through Test
33. Hardware or software that is part of a larger system
Embedded
Mock Disaster
Radio Frequency Interference (RFI)
Honeypot
34. Lower frequency noise
Source Routing Exploitation
Intrusion Prevention Systems
Radio Frequency Interference (RFI)
Data Owner
35. To set the clearance of a subject or the classification of an object
Threads
Labeling
Polyalphabetic
Pointer
36. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
File Level Deletion
Sharing
Call Tree
Non-Interference
37. A control after attack
Countermeasure
Control Category
Walk Though
Certificate Revocation List (CRL)
38. Hitting a filed down key in a lock with a hammer to open without real key
Encapsulation
Bumping
Log
Parallel Test
39. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.
Orange Book B1 Classification
Data Leakage
E-Mail Spoofing
Deleted File
40. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Hard Disk
Keystroke Logging
Blind Testing
Forensic Copy
41. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
Containment
High-Risk Areas
Call Tree
2-Phase Commit
42. To load the first piece of software that starts a computer.
State Machine Model
Boot (V.)
Fault
Off-Site Storage
43. A planned or unplanned interruption in system availability.
Encapsulation
Privacy Laws
System Downtime
Site Policy Awareness
44. Controls deployed to avert unauthorized and/or undesired actions.
Prevention
Rollback
5 Rules Of Evidence
Declaration
45. A design methodology which addresses risk early and often
Data Leakage
Non-Interference
Spiral
Identification
46. Moving letters around
Cryptography
Dictionary Attack
Machine Language (Machine Code)
Permutation /Transposition
47. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Civil Or Code Law
CobiT
Databases
Information Flow Model
48. Power surge
Decipher
Residual Risk
Slack Space
Electrostatic Discharge
49. Someone who wants to cause harm
Attacker (Black hat - Hacker)
Race Condition
Adware
War Dialing
50. Inappropriate data
Central Processing Unit (CPU)
Mobile Recovery
Security Kernel
Malformed Input