SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To jump to a conclusion
Criminal Law
Civil Law
Inference
E-Mail Spoofing
2. OOP concept of a taking attributes from the original or parent
ITSEC
Inheritance
Threads
Detection
3. Reduction of voltage by the utility company for a prolonged period of time
Access Control Matrix
Brownout
Keystroke Logging
Boot (V.)
4. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Shielding
Authorization
Surge Suppressor
Orange Book D Classification
5. Key
Covert Channel
Cross Training
Bumping
Cryptovariable
6. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Transients
IP Address Spoofing
Primary Storage
Business Records
7. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.
Sampling
Damage Assessment
Risk Mitigation
Analysis
8. Asymmetric encryption of a hash of message
Sniffing
Change Control
Digital Signature
Fire Detection
9. OOP concept of an object at runtime
Instance
Elements of Negligence
Bollard
Disk Mirroring
10. Employment education done once per position or at significant change of function
Database Replication
Mobile Recovery
Job Training
Uninterruptible Power Supply (UPS)
11. Act of luring an intruder and is legal.
TNI (Red Book)
Structured Walkthrough
Enticement
Access Point
12. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.
Electronic Vaulting
Electromagnetic Interference (EMI)
Brownout
Disaster
13. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.
Work Factor
Integrated Test
Voice Over IP (VOIP)
Internal Use Only
14. A running key using a random key that is never used again
One Time Pad
Fiber Optics
Initialization Vector
Custodian
15. A choice in risk management - to implement a control that limits or lessens negative effects
Criminal Law
Worm
Patch Panels
Mitigate
16. The problems solving state - the opposite of supervisor mode
TNI (Red Book)
Business Interruption
User Mode (problem or program state)
Workaround Procedures
17. Actions measured against either a policy or what a reasonable person would do
Standalone Test
Desk Check Test
Discretionary Access Control (DAC)
Due Diligence
18. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Access Control Matrix
Tar Pits
Framework
Virus
19. A state for operating system tasks only
Supervisor Mode (monitor - system - privileged)
Top Secret
System Life Cycle
Technical Access Controls
20. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Integrated Test
Remote Access Trojan
Vulnerability
Legacy Data
21. To reduce sudden rises in current
Surge Suppressor
UPS
DR Or BC Coordinator
Brownout
22. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
Computer Forensics
Phishing
High-Risk Areas
Initialization Vector
23. Total number of keys available that may be selected by the user of a cryptosystem
Key Space
Logic Bomb
TNI (Red Book)
Data Backup Strategies
24. OOP concept of a distinct copy of the class
Threat Agent
Classification Scheme
Object
Business Impact Assessment (BIA)
25. Recovery alternative which outsources a business function at a cost
Fiber Optics
Record Level Deletion
Transients
Service Bureau
26. A secure connection to another network.
Cryptanalysis
Gateway
Data Marts
Non-Interference
27. Subject based description of a system or a collection of resources
Capability Tables
Emergency Procedures
Durability
BCP Testing Drills and Exercises
28. A state where two subjects can access the same object without proper mediation
TEMPEST
Process Isolation
Race Condition
Administrative
29. Forgery of the sender's email address in an email header.
E-Mail Spoofing
Fire Suppression
MOM
Deadlock
30. A race condition where the security changes during the object's access
Authorization
Critical Infrastructure
Time Of Check/Time Of Use
Highly Confidential
31. A process state - to be either be unable to run waiting for an external event or terminated
Archival Data
MOM
Picking
Stopped
32. A type of multitasking that allows for more even distribution of computing time among competing request
Cookie
Preemptive
Data Hiding
Incident Handling
33. An attack involving the hijacking of a TCP session by predicting a sequence number.
Centralized Access Control Technologies
Corrective
Sequence Attacks
Content Dependent Access Control
34. Hitting a filed down key in a lock with a hammer to open without real key
Multi-Processor
Bumping
Hot Site
Storage Area Network (SAN)
35. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Due Care
Mandatory Access Control (MAC)
Business Records
Mobile Recovery
36. Controls deployed to avert unauthorized and/or undesired actions.
Prevention
Archival Data
BCP Testing Drills and Exercises
Decipher
37. Consume resources to a point of exhaustion - loss of availability
Steganography
Multi-Processor
Non-Discretionary Access Control
Denial Of Service
38. Sphere of influence
Domain
Business Recovery Team
File Shadowing
Network Attached Storage (NAS)
39. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.
Bit
Electronic Vaulting
Fire Classes
Countermeasure
40. Binary decision by a system of permitting or denying access to the entire system
Authentication
Simulation Test
The ACID Test
Key Escrow
41. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Common Criteria
Metadata
Information Flow Model
Tar Pits
42. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.
Education
Routers
Complete
Contact List
43. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Computer System Evidence
Maximum Tolerable Downtime (MTD)
Multi-Party Control
Business Interruption
44. Data or interference that can trigger a false positive
Alarm Filtering
Separation Of Duties
Algorithm
Noise
45. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Fragmented Data
Intrusion Detection Systems
Information Risk Management (IRM)
Test Plan
46. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
Residual Risk
TCSEC (Orange Book)
Digital Signature
Chain Of Custody
47. Quantity of risk remaining after a control is applied
Residual Risk
Intrusion Detection Systems
Convincing
Control
48. A signal suggesting a system has been or is being attacked.
Shadowing (file shadowing)
Alert/Alarm
Byte
Intrusion Prevention Systems
49. OOP concept of a template that consist of attributes and behaviors
Life Cycle of Evidence
Reference Monitor
Class
Encipher
50. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Microwave
Interception
Open Mail Relay Servers
Asymmetric