SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.
Business Recovery Team
Business Impact Analysis
Detective
Algorithm
2. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Business Records
Trapdoors (Backdoors) (Maintenance Hooks)
Brownout
Classification Scheme
3. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Alert
Declaration
Complete
Business Records
4. System mediation of access with the focus on the context of the request
High-Risk Areas
Emergency Operations Center (EOC)
Content Dependent Access Control
Non-Discretionary Access Control
5. A template for the designing the architecture
Remote Journaling
Databases
Security Blueprint
TNI (Red Book)
6. Using small special tools all tumblers of the lock are aligned - opening the door
Deterrent
Cipher Text
Picking
Structured Walk-Through Test
7. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
Security Domain
Mandatory
SQL Injection
Bumping
8. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Mission-Critical Application
Analysis
Prevention
Polyalphabetic
9. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination
Degauss
Call Tree
Operating
Man-In-The-Middle Attack
10. Most granular organization of controls
Coaxial Cable
Cache
Microwave
Control Category
11. A state where two subjects can access the same object without proper mediation
Supervisor Mode (monitor - system - privileged)
Control
Race Condition
High-Risk Areas
12. Final purpose or result
Incident Handling
Message Digest
Payload
Business Recovery Timeline
13. To segregate for the purposes of labeling
Authentic
Pervasive Computing and Mobile Computing Devices
Compartmentalize
Rootkit
14. Requirement to take time off
Mandatory Vacations
Interpreter
Wait
Patch Panels
15. Control category- to discourage an adversary from attempting to access
Deterrent
Life Cycle of Evidence
False Attack Stimulus
Monitor
16. Statistical probabilities of a collision are more likely than one thinks
Deletion
Certificate Revocation List (CRL)
Recovery Period
Birthday Attack
17. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Business Continuity Planning (BCP)
Need-To-Know
Attacker (Black hat - Hacker)
Accountability
18. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Fire Classes
Control Type
Wireless Fidelity (Wi-Fi )
Residual Risk
19. To set the clearance of a subject or the classification of an object
Labeling
Cache
Education
Remote Access Trojan
20. One way encryption
Due Diligence
Locard's Principle
Hash Function
Assembler
21. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Governance
Orange Book A Classification
Data Recovery
Honeynet
22. Data or interference that can trigger a false positive
Noise
Mock Disaster
Multi-Core
Checkpoint
23. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Risk Mitigation
Transfer
Firmware
Business Recovery Timeline
24. A copy of transaction data - designed for querying and reporting
Orange Book D Classification
Strategic
Secondary Storage
Data Warehouse
25. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur
Failure Modes and Effect Analysis (FEMA)
Revocation
Alternate Data Streams (File System Forks)
Attacker (Black hat - Hacker)
26. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.
Locard's Principle
Job Rotation
Burn
Log
27. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Business Recovery Timeline
CobiT
MOM
Test Plan
28. Narrow scope examination of a system
Targeted Testing
False Negative
Key Clustering
Generator
29. Substitution at the word or phrase level
Strong Authentication
Code
3 Types of harm Addressed in computer crime laws
Custodian
30. A group or network of honeypots
Plain Text
Honeynet
IP Address Spoofing
Instance
31. Binary decision by a system of permitting or denying access to the entire system
Authentication
Waterfall
Critical Infrastructure
Disaster
32. Forgery of the sender's email address in an email header.
Blind Testing
Remanence
E-Mail Spoofing
Faraday Cage/ Shield
33. Weak evidence
Hearsay
Trojan Horse
Private Branch Exchange (PBX)
Multi-Programming
34. Organization way of classifying data by factors such as criticality - sensitivity and ownership.
Coaxial Cable
Mixed Law System
Classification
Classification Scheme
35. A database that contains the name - type - range of values - source and authorization for access for each data element
Information Risk Management (IRM)
Concatenation
Data Dictionary
Class
36. Vehicle or tool that exploits a weakness
Embedded
Threats
Aggregation
Cryptanalysis
37. The problems solving state - the opposite of supervisor mode
Centralized Access Control Technologies
Revocation
User Mode (problem or program state)
Disaster Recovery Plan
38. RADIUS - TACACS+ - Diameter
Copyright
Threat Agent
Centralized Access Control Technologies
Mobile Recovery
39. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.
Mock Disaster
Copyright
3 Types of harm Addressed in computer crime laws
Fire Suppression
40. Malware that makes small random changes to many data points
Orange Book B1 Classification
Preemptive
Decipher
Data Diddler
41. The partial or full duplication of data from a source database to one or more destination databases.
Operational Exercise
Multi-Programming
Declaration
Database Replication
42. An event which stops business from continuing.
Authorization
Resumption
Authentic
Disaster
43. What is will remain - persistence
Codec
File Extension
Durability
Proxies
44. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
File Level Deletion
Data Dictionary
Denial Of Service
Non-Discretionary Access Control
45. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
Waterfall
Non-Repudiation
Payload
ff Site
46. A process state - to be either be unable to run waiting for an external event or terminated
Stopped
Multilevel Security System
Patch Management
Exercise
47. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Civil Or Code Law
Mobile Recovery
Archival Data
Orange Book D Classification
48. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.
Instance
Tactical
Embedded Systems
Redundant Servers
49. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Key Space
Interception
Denial Of Service
Business Continuity Planning (BCP)
50. Transaction controls for a database - a return to a previous state
Multilevel Security System
Rollback
Marking
Logic Bomb