SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Technical Access Controls
File Extension
Concatenation
Detection
2. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.
Log
Pointer
File Shadowing
Encapsulation
3. A race condition where the security changes during the object's access
Time Of Check/Time Of Use
Top Secret
Double Blind Testing
Cache
4. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
Object Reuse
Cold Site
Backup
ISO/IEC 27002
5. Collection of data on business functions which determines the strategy of resiliency
One Time Pad
Business Impact Assessment (BIA)
Recovery
Checklist Test
6. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Cache
Hub
JPEG (Joint Photographic Experts Group)
War Driving
7. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Directive
TEMPEST
Waterfall
Data Backup Strategies
8. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Voice Over IP (VOIP)
Discretionary
Education
Uninterruptible Power Supply (UPS)
9. Subjects will not interact with each other's objects
Pervasive Computing and Mobile Computing Devices
One Time Pad
Message Digest
Non-Interference
10. A program with an inappropriate second purpose
Recovery Time Objectives
Acronym for American Standard Code for Information Interchange (ASCII)
Trojan Horse
Prevention
11. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Site Policy Awareness
Incident Response
Chain of Custody
Orange Book B1 Classification
12. A design methodology which addresses risk early and often
Byte Level Deletion
BCP Testing Drills and Exercises
Collisions
Spiral
13. Vehicle stopping object
Bollard
Strong Authentication
Centralized Access Control Technologies
Architecture
14. Searching for wireless networks in a moving car.
Permutation /Transposition
War Driving
Hearsay Evidence
Payload
15. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.
Patch Management
Framework
Business Continuity Program
Service Bureau
16. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.
Data Custodian
Assembler
Exercise
Redundant Servers
17. Total number of keys available that may be selected by the user of a cryptosystem
Locard's Principle
Patch Panels
Digital Signature
Key Space
18. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
Disaster Recovery Plan
Fiber Optics
Guidelines
Admissible
19. A backup of data located where staff can gain access readily and a localized disaster will not cause harm
Preemptive
Near Site
Common Law
Moore's Law
20. To create a copy of data as a precaution against the loss or damage of the original data.
Disaster Recovery Plan
Physical Tampering
Object Reuse
Backup
21. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Microwave
Uninterruptible Power Supply (UPS)
Steganography
Accurate
22. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Processes are Isolated By
Data Marts
Redundant Servers
Recovery Period
23. Identification and notification of an unauthorized and/or undesired action
Pointer
IP Fragmentation
Detection
Application Programming Interface
24. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Maximum Tolerable Downtime (MTD)
Multi-Processing
Debriefing/Feedback
Corrective
25. A unit of execution
Threads
File Server
Least Privilege
Exposure
26. To reduce sudden rises in current
Surge Suppressor
Initialization Vector
Off-Site Storage
Job Training
27. Converts a high level language into machine language
Reciprocal Agreement
Discretionary Access Control (DAC)
Checkpoint
Assembler
28. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Log
Data Warehouse
Coaxial Cable
Business Continuity Planning (BCP)
29. For PKI - to have more than one person in charge of a sensitive function
Workaround Procedures
Multi-Party Control
Code
Secondary Storage
30. Try a list of words in passwords or encryption keys
Alternate Data Streams (File System Forks)
Dictionary Attack
Cross-Site Scripting
Desk Check Test
31. People protect their domain
Emergency Procedures
Spam
Sniffing
Territoriality
32. A choice in risk management - to convince another to assume risk - typically by payment
Authentication
Transfer
Debriefing/Feedback
Checkpoint
33. An availability attack - to consume resources to the point of exhaustion
Faraday Cage/ Shield
Private Branch Exchange (PBX)
Deleted File
Denial Of Service
34. Joining two pieces of text
Message Digest
Concatenation
Identification
Disaster
35. Induces a crime - tricks a person - and is illegal
Data Diddler
Checkpoint
Entrapment
Complete
36. OOP concept of a distinct copy of the class
Supervisor Mode (monitor - system - privileged)
Object
Data Marts
Residual Data
37. A condition in which neither party is willing to stop their activity for the other to complete
Authentic
Interference (Noise)
File Server
Deadlock
38. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress
Encipher
Exercise
True Attack Stimulus
Critical Functions
39. A layer 2 device that used to connect two or more network segments and regulate traffic.
Switches
Stopped
Shift Cipher (Caesar)
Quantitative Risk Analysis
40. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
Residual Data
Hacker
Memory Management
Salami
41. The partial or full duplication of data from a source database to one or more destination databases.
Trapdoors (Backdoors) (Maintenance Hooks)
TIFF (Tagged Image File Format)
Smurf
Database Replication
42. Intermediate level - pertaining to planning
Operational
Non-Repudiation
Bollard
Total Risk
43. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
3 Types of harm Addressed in computer crime laws
Site Policy
Business Continuity Program
Phishing
44. Recording activities at the keyboard level
Business Records
Keystroke Logging
Examples of non-technical security components
Firewalls
45. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Journaling
Highly Confidential
Transfer
Certification Authority
46. To collect many small pieces of data
Failure Modes and Effect Analysis (FEMA)
Aggregation
Alert
Kerberos
47. Provides a physical cross connect point for devices.
Discretionary
Patch Panels
Packet Filtering
Kernel
48. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Exercise
Mandatory Access Control (MAC)
Rollback
Life Cycle of Evidence
49. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Faraday Cage/ Shield
Fragmented Data
Critical Records
Threat Agent
50. A state for operating system tasks only
Access Control Attacks
Consistency
Marking
Supervisor Mode (monitor - system - privileged)