SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.
Strategic
Trade Secret
Fiber Optics
Database Shadowing
2. Try a list of words in passwords or encryption keys
Recovery
Dictionary Attack
Shadowing (file shadowing)
Denial Of Service
3. A trusted issuer of digital certificates
Desk Check Test
Certification Authority
Mixed Law System
Business Recovery Timeline
4. Guidelines within an organization that control the rules and configurations of an IDS
Intrusion Detection Systems
Capability Tables
Site Policy
Fraggle
5. A device that sequentially switches multiple analog inputs to the output.
ISO/IEC 27002
Detection
Classification
Multiplexers
6. Initial surge of current
Deleted File
Event
Entrapment
Inrush Current
7. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
Cryptanalysis
BCP Testing Drills and Exercises
Reciprocal Agreement
Legacy Data
8. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
Instance
Coaxial Cable
Trojan Horse
System Life Cycle
9. Converts a high level language into machine language
Orange Book A Classification
Full Test (Full Interruption)
Assembler
Civil Law
10. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Layering
Rootkit
Exposure
Exercise
11. Controls for termination of attempt to access object
Administrative Laws
EMI
Intrusion Prevention Systems
Common Criteria
12. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur
Failure Modes and Effect Analysis (FEMA)
Spam
Data Integrity
Acronym for American Standard Code for Information Interchange (ASCII)
13. Descrambling the encrypted message with the corresponding key
Site Policy Awareness
Decipher
Digital Certificate
Logic Bomb
14. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Policy
Proxies
Desk Check Test
Coaxial Cable
15. Dedicated fast memory located on the same board as the CPU
Hearsay
Database Replication
CPU Cache
Lattice
16. Object based description of a system or a collection of resources
Access Control Matrix
Data Custodian
Durability
Framework
17. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination
Business Interruption Insurance
Business Records
Byte
Man-In-The-Middle Attack
18. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?
Checklist Test (desk check)
Restoration
Recovery
Steganography
19. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
Forward Recovery
Faraday Cage/ Shield
Trapdoors (Backdoors) (Maintenance Hooks)
Botnet
20. A technology that reduces the size of a file.
Examples of technical security components
Data Warehouse
Compression
On-Site
21. Pertaining to law - accepted by a court
Admissible
Denial Of Service
Recovery Time Objectives
Criminal Law
22. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Fragmented Data
Residual Risk
Data Leakage
Metadata
23. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Access Control
Sniffing
Hard Disk
Codec
24. A control after attack
Mirrored Site
Countermeasure
Deterrent
Botnet
25. Forging of an IP address.
Data Diddler
Service Bureau
JPEG (Joint Photographic Experts Group)
IP Address Spoofing
26. A signal suggesting a system has been or is being attacked.
Virus
Information Flow Model
Alert/Alarm
ff Site
27. Pertaining to law - high degree of veracity
Accurate
Distributed Processing
Access Control Attacks
Source Routing Exploitation
28. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Business Recovery Team
Mission-Critical Application
Kerckhoff's Principle
Accurate
29. Recovery alternative - short-term - high cost movable processing location
Mock Disaster
Mobile Site
Electronic Vaulting
Fiber Optics
30. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Business Recovery Timeline
Polymorphism
Salami
Virus
31. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Concatenation
Strong Authentication
Primary Storage
Total Risk
32. For PKI - decertify an entities certificate
Revocation
E-Mail Spoofing
Orange Book B1 Classification
Metadata
33. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Kernel
ISO/IEC 27001
Coaxial Cable
Monitor
34. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
Embedded
IP Fragmentation
Shadowing (file shadowing)
Trade Secret
35. Written internalized or nationalized norms that are internal to an organization
Standard
Remote Journaling
Binary
Checklist Test
36. Eavesdropping on network communications by a third party.
Sniffing
Incident Handling
Isolation
Elements of Negligence
37. A database backup type which records at the transaction level
Due Diligence
Sharing
Remote Journaling
System Downtime
38. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Cipher Text
Chain of Custody
Business Impact Assessment (BIA)
Mission-Critical Application
39. Requirement of access to data for a clearly defined purpose
Tapping
Need-To-Know
Quantitative Risk Analysis
Certification Authority
40. The core of a computer that calculates
Central Processing Unit (CPU)
Method
CPU Cache
Pointer
41. Pertaining to law - verified as real
Authentic
EMI
Trade Secret
The ACID Test
42. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.
Source Routing Exploitation
Internal Use Only
Hearsay Evidence
Electrostatic Discharge
43. Reduction of voltage by the utility company for a prolonged period of time
Concentrator
Plan Maintenance Procedures
Brownout
Keyed-Hashing For Message Authentication
44. Written step-by-step actions
Information Risk Management (IRM)
Object Oriented Programming (OOP)
Procedure
Microwave
45. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Acronym for American Standard Code for Information Interchange (ASCII)
Disaster Recovery Teams (Business Recovery Teams)
Business Interruption
Sharing
46. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Distributed Processing
Business Records
Data Recovery
Electronic Vaulting
47. Two different keys decrypt the same cipher text
Information Risk Management (IRM)
Key Clustering
Initialization Vector
Digital Signature
48. The principles a person sets for themselves to follow
Disaster Recovery Teams (Business Recovery Teams)
Patch Management
Ethics
Multi-Tasking
49. All of the protection mechanism in a computer system
Layering
Analysis
Trusted Computing Base
Checklist Test
50. A risk assessment method - intrinsic value
Hash Function
Qualitative
Threats
Territoriality