SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A backup type - for databases at a point in time
Need-To-Know
Shadowing (file shadowing)
Honeynet
Privacy Laws
2. Recovery alternative - everything needed for the business function - except people and last backup
Hot Site
Multi-Programming
Examples of technical security components
ff Site
3. A distributed system's transaction control that requires updates to complete or rollback
Recovery Period
2-Phase Commit
Class
Processes are Isolated By
4. Unauthorized wireless network access device.
Rogue Access Points
Business Recovery Team
Assembler
Compiler
5. To collect many small pieces of data
Logic Bomb
Symmetric
Internal Use Only
Aggregation
6. Another subject cannot see an ongoing or pending update until it is complete
Isolation
Public Key Infrastructure (PKI)
Stopped
Concentrator
7. Wrong against society
Workaround Procedures
Message Digest
Liability
Criminal Law
8. Malware that subverts the detective controls of an operating system
Surge Suppressor
File Extension
Rootkit
Shadowing (file shadowing)
9. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept
Ring Protection
File Level Deletion
Salami
Business Continuity Steering Committee
10. A back up type - where the organization has excess capacity in another location.
Business Unit Recovery
Distributed Processing
Disk Mirroring
Integrated Test
11. Lower frequency noise
Overlapping Fragment Attack
Radio Frequency Interference (RFI)
Examples of non-technical security components
Cryptanalysis
12. Written internalized or nationalized norms that are internal to an organization
Business Impact Assessment (BIA)
Bridge
Emergency
Standard
13. Potentially retrievable data residue that remains following intended erasure of data.
Remanence
Multilevel Security System
Highly Confidential
Concentrator
14. Most granular organization of controls
Control Category
Polymorphism
Boot (V.)
False Negative
15. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Crisis
Off-Site Storage
Operational Impact Analysis
Tar Pits
16. Control category- to give instructions or inform
Directive
Process Isolation
Honeypot
Repeaters
17. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Kerberos
Non-Repudiation
Mobile Recovery
Sag/Dip
18. Inappropriate data
Malformed Input
Encapsulation
Journaling
Network Attached Storage (NAS)
19. Unchecked data which spills into another location in memory
Acronym for American Standard Code for Information Interchange (ASCII)
Recovery Point Objective (RPO)
Buffer Overflow
Overlapping Fragment Attack
20. Substitution at the word or phrase level
Bridge
Total Risk
Code
Data Marts
21. A software design technique for abstraction of a process
Data Hiding
Data Custodian
Data Owner
Keystroke Logging
22. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Encryption
Coaxial Cable
Collisions
Object Oriented Programming (OOP)
23. Memory management technique which allows data to be moved from one memory address to another
Compression
Relocation
Compensating
Message Digest
24. Sudden rise in voltage in the power supply.
Surge
Electrostatic Discharge
Non-Repudiation
3 Types of harm Addressed in computer crime laws
25. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Domain
Cross Training
Encipher
Exposure
26. Third party processes used to organize the implementation of an architecture
Stopped
Concatenation
Adware
Framework
27. A system that enforces an access control policy between two networks.
Firewalls
Legacy Data
Object Reuse
3 Types of harm Addressed in computer crime laws
28. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Architecture
Centralized Access Control Technologies
Hearsay
Crisis
29. Someone who want to know how something works - typically by taking it apart
Criminal Law
Running Key
E-Mail Spoofing
Hacker
30. Eavesdropping on network communications by a third party.
Framework
Data Backup Strategies
Fiber Optics
Sniffing
31. Record history of incident
Adware
Convincing
Guidelines
Tracking
32. Pertaining to law - high degree of veracity
Incident Response Team
Fire Detection
File Shadowing
Accurate
33. A process state - to be either be unable to run waiting for an external event or terminated
Stopped
Radio Frequency Interference (RFI)
Emergency Procedures
Trademark
34. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Business Interruption Insurance
Surge
Network Attached Storage (NAS)
Detection
35. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Reference Monitor
Central Processing Unit (CPU)
Trade Secret
Tort
36. Memory - RAM
Surveillance
Primary Storage
Authentic
Threat Agent
37. A Trojan horse with the express underlying purpose of controlling host from a distance
Routers
Remote Access Trojan
Threats
Plain Text
38. Encryption system using shared key/private key/single key/secret key
Examples of non-technical security components
The ACID Test
Worldwide Interoperability for Microwave Access (WI-MAX )
Symmetric
39. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Class
Multi-Party Control
Evidence
Journaling
40. Periodic - automatic and transparent backup of data in bulk.
Alternate Data Streams (File System Forks)
Electronic Vaulting
Layering
Service Bureau
41. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Alert
Critical Infrastructure
Exercise
Payload
42. Actions measured against either a policy or what a reasonable person would do
Operational Test
Due Diligence
Tapping
Mobile Site
43. Control category - more than one control on a single asset
Compensating
Isolation
Cross Certification
Business Interruption Insurance
44. Memory management technique that allows two processes to run concurrently without interaction
Emergency Procedures
Acronym for American Standard Code for Information Interchange (ASCII)
Protection
Database Replication
45. Dedicated fast memory located on the same board as the CPU
Mandatory Vacations
Fiber Optics
Bridge
CPU Cache
46. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Atomicity
Analysis
Highly Confidential
Buffer Overflow
47. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
BCP Testing Drills and Exercises
Digital Certificate
Database Replication
Liability
48. A passive network attack involving monitoring of traffic.
Deadlock
Access Control Lists
Eavesdropping
Intrusion Detection Systems
49. Impossibility of denying authenticity and identity
Authentication
Non-Repudiation
Evidence
Decipher
50. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
False Attack Stimulus
Spyware
High-Risk Areas
Inference
