SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Access Control
Emanations
Recovery Period
Checkpoint
2. An event which stops business from continuing.
Multiplexers
Running Key
Disaster
Resumption
3. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Kerberos
Mirroring
ff Site
Electronic Vaulting
4. The chance that something negative will occur
5 Rules Of Evidence
Risk
Data Warehouse
Memory Management
5. Written step-by-step actions
Process Isolation
Mantrap (Double Door System)
Procedure
Orange Book B2 Classification
6. Define the way in which the organization operates.
Proprietary
Administrative Laws
Tracking
Alert
7. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
Tar Pits
SQL Injection
False (False Positive)
TNI (Red Book)
8. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Gateway
One Time Pad
Business Continuity Steering Committee
Risk Mitigation
9. Specific format of technical and physical controls that support the chosen framework and the architecture
Infrastructure
Orange Book B2 Classification
Radio Frequency Interference (RFI)
Virtual Memory
10. A set of laws that the organization agrees to be bound by
Territoriality
Record Level Deletion
Administrative Law
Analysis
11. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
System Life Cycle
Fragmented Data
Remanence
Polymorphism
12. A Trojan horse with the express underlying purpose of controlling host from a distance
Remote Access Trojan
Centralized Access Control Technologies
Triage
Multi-Processor
13. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Business Records
Open Mail Relay Servers
Redundant Array Of Independent Drives (RAID)
Administrative
14. A computer designed for the purpose of studying adversaries
Honeypot
Quantitative
Access Control
Liability
15. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.
ISO/IEC 27001
Information Risk Management (IRM)
TEMPEST
Deletion
16. The collection and summation of risk data relating to a particular asset and controls for that asset
Phishing
Electromagnetic Interference (EMI)
Risk Assessment
Call Tree
17. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
User Mode (problem or program state)
Shadowing (file shadowing)
Public Key Infrastructure (PKI)
One Time Pad
18. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Reference Monitor
Dictionary Attack
Reciprocal Agreement
Botnet
19. A system designed to prevent unauthorized access to or from a private network.
Due Care
Firewall
Standard
Simulation Test
20. Control type- that is communication based - typically written or oral
Bumping
Record Level Deletion
Administrative
Radio Frequency Interference (RFI)
21. Responsibility for actions
Liability
Contingency Plan
IDS Intrusion Detection System
Database Shadowing
22. The problems solving state - the opposite of supervisor mode
Business Continuity Program
User Mode (problem or program state)
Bumping
Transients
23. Reprogrammable basic startup instructions
Archival Data
Fault Tolerance
Firmware
Business Unit Recovery
24. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Bollard
Business Continuity Planning (BCP)
Hacker
SYN Flooding
25. A program that waits for a condition or time to occur that executes an inappropriate activity
Radio Frequency Interference (RFI)
Intrusion Prevention Systems
Routers
Logic Bomb
26. Vehicle or tool that exploits a weakness
Information Technology Security Evaluation Criteria - ITSEC
Trojan Horse
Threats
Blackout
27. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Discretionary Access Control (DAC)
BCP Testing Drills and Exercises
IDS Intrusion Detection System
Phishing
28. A race condition where the security changes during the object's access
Asymmetric
Cipher Text
Capability Tables
Time Of Check/Time Of Use
29. Binary decision by a system of permitting or denying access to the entire system
Business Records
Key Management
Authentication
Cache
30. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Twisted Pair
Activation
Cryptography
Integrated Test
31. Periodic - automatic and transparent backup of data in bulk.
Threats
Electronic Vaulting
Copyright
Data Warehouse
32. A process state - (blocked) needing input before continuing
Framework
Wait
Information Flow Model
Business Interruption Insurance
33. To reduce sudden rises in current
Fraggle
Gateway
Firewalls
Surge Suppressor
34. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.
Business Recovery Team
Worm
Man-In-The-Middle Attack
Isolation
35. A process state - to be either be unable to run waiting for an external event or terminated
Stopped
Targeted Testing
JPEG (Joint Photographic Experts Group)
Call Tree
36. System directed mediation of access with labels
Computer System Evidence
Patch Management
Risk
Mandatory
37. A device that converts between digital and analog representation of data.
Modems
Covert Channel
Control Type
System Life Cycle
38. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Journaling
Chain of Custody
Compiler
Deleted File
39. Creation distribution update and deletion
Data Diddler
Shift Cipher (Caesar)
Business Interruption Insurance
Key Management
40. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Modification
Business Interruption
Eavesdropping
Computer Forensics
41. A system that enforces an access control policy between two networks.
Masked/Interruptible
Firewalls
TEMPEST
Mixed Law System
42. Mitigation of system or component loss or interruption through use of backup capability.
File Shadowing
Fault Tolerance
Business Recovery Team
Sniffing
43. Mediation of covert channels must be addressed
Durability
Digital Signature
Business Continuity Steering Committee
Information Flow Model
44. Identification and notification of an unauthorized and/or undesired action
Detection
Fault
Digital Signature
Proprietary
45. Lower frequency noise
Disaster Recovery Teams (Business Recovery Teams)
Radio Frequency Interference (RFI)
EMI
Mitigate
46. A distributed system's transaction control that requires updates to complete or rollback
Business Interruption
2-Phase Commit
Intrusion Prevention Systems
Honeynet
47. Narrow scope examination of a system
Stopped
Targeted Testing
Patch Panels
Side Channel Attack
48. A mobilized resource purchased or contracted for the purpose of business recovery.
Exposure
Checklist Test (desk check)
TCSEC (Orange Book)
Mobile Recovery
49. OOP concept of a class's details to be hidden from object
Fiber Optics
Control Type
Encapsulation
Governance
50. False memory reference
Recovery Time Objectives
Firmware
Privacy Laws
Dangling Pointer