SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
Risk Mitigation
Assembler
Mobile Site
Birthday Attack
2. Specific format of technical and physical controls that support the chosen framework and the architecture
Infrastructure
Phishing
File Level Deletion
Permutation /Transposition
3. A temporary public file to inform others of a compromised digital certificate
Certificate Revocation List (CRL)
Hot Spares
Fiber Optics
Durability
4. An event which stops business from continuing.
Remanence
Hot Spares
Backup
Disaster
5. Control category- to record an adversary's actions
Infrastructure
Tort
Detective
Transfer
6. Recognition of an individual's assertion of identity.
Kerberos
Application Programming Interface
Identification
Infrastructure
7. What is will remain - persistence
Concatenation
Coaxial Cable
Durability
Mandatory Vacations
8. An asymmetric cryptography mechanism that provides authentication.
Masked/Interruptible
Parallel Test
Network Attached Storage (NAS)
Digital Signature
9. Recovery alternative - everything needed for the business function - except people and last backup
Durability
Hot Site
Control Type
Emergency Procedures
10. For PKI - to have more than one person in charge of a sensitive function
Multi-Party Control
Administrative Laws
Birthday Attack
Encipher
11. Renders the file inaccessible to the operating system - available to reuse for data storage.
Gateway
File Level Deletion
Authentication
Sampling
12. A state where two subjects can access the same object without proper mediation
Administrative
Incident Handling
Journaling
Race Condition
13. Potentially retrievable data residue that remains following intended erasure of data.
Remote Journaling
Plaintext
Multi-Party Control
Remanence
14. Written internalized or nationalized norms that are internal to an organization
Gateway
Standard
Polyalphabetic
Ethics
15. Forgery of the sender's email address in an email header.
False (False Positive)
E-Mail Spoofing
Rootkit
File Sharing
16. Third party processes used to organize the implementation of an architecture
Virus
Remanence
Notification
Framework
17. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Message Digest
Legacy Data
Mandatory Access Control (MAC)
Entrapment
18. Periodic - automatic and transparent backup of data in bulk.
Protection
Electronic Vaulting
Fault Tolerance
Recovery
19. Deals with discretionary protection
Service Bureau
Orange Book C Classification
Bollard
User Mode (problem or program state)
20. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.
Journaling
False (False Positive)
Burn
System Downtime
21. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities
Checklist Test
Maximum Tolerable Downtime (MTD)
Burn
Polymorphism
22. A device that converts between digital and analog representation of data.
Rollback
Modems
Journaling
Administrative
23. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.
Trojan Horse
Firewall
Bit
SQL Injection
24. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Corrective
Salami
Fault
Containment
25. State of computer - to be running a process
Workaround Procedures
Operating
Smurf
Modification
26. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
TNI (Red Book)
ISO/IEC 27002
Marking
Computer System Evidence
27. Owner directed mediation of access
TNI (Red Book)
Elements of Negligence
Discretionary
Object
28. An alert or alarm that is triggered when no actual attack has taken place
Cipher Text
Security Domain
Mixed Law System
False (False Positive)
29. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
Slack Space
Fire Classes
Packet Filtering
Object Oriented Programming (OOP)
30. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Switches
Blind Testing
TNI (Red Book)
Exposure
31. Recording activities at the keyboard level
Executive Succession
Patent
Lattice
Keystroke Logging
32. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
On-Site
Basics Of Secure Design
Blackout
Critical Functions
33. Asymmetric encryption of a hash of message
Elements of Negligence
Threats
Digital Signature
Mirroring
34. Regular operations are stopped and where processing is moved to the alternate site.
Full-Interruption test
Tactical
Virtual Memory
Data Owner
35. One way encryption
On-Site
Due Care
Virus
Hash Function
36. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
Data Backups
Twisted Pair
Proprietary
Tracking
37. Reduction of voltage by the utility company for a prolonged period of time
Resumption
Due Diligence
Databases
Brownout
38. Pertaining to law - lending it self to one side of an argument
Compensating
Convincing
Need-To-Know
Risk
39. The study of cryptography and cryptanalysis
Cryptology
Residual Risk
Permutation /Transposition
Man-In-The-Middle Attack
40. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.
File Shadowing
Supervisor Mode (monitor - system - privileged)
Access Control Lists
Mantrap (Double Door System)
41. Hardware or software that is part of a larger system
Authentic
Pervasive Computing and Mobile Computing Devices
Embedded
Infrastructure
42. System of law based upon what is good for society
Classification Scheme
Locard's Principle
Contact List
Civil Or Code Law
43. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Recovery
Evidence
Multi-Party Control
IP Address Spoofing
44. Define the way in which the organization operates.
Plan Maintenance Procedures
One Time Pad
Deletion
Proprietary
45. Written suggestions that direct choice to a few alternatives
Transfer
Guidelines
Orange Book B2 Classification
Control Category
46. Object based description of a system or a collection of resources
Access Control Matrix
Containment
Information Technology Security Evaluation Criteria - ITSEC
Emergency
47. Scrambled form of the message or data
Forward Recovery
Quantitative
IP Address Spoofing
Cipher Text
48. A back up type - where the organization has excess capacity in another location.
Distributed Processing
File Server
Internal Use Only
Information Flow Model
49. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Repeaters
Copyright
IDS Intrusion Detection System
Deterrent
50. A type a computer memory that temporarily stores frequently used information for quick access.
Time Of Check/Time Of Use
Residual Risk
Data Backups
Cache