SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Intermediate level - pertaining to planning
Patent
Operational
Basics Of Secure Design
5 Rules Of Evidence
2. Provides a physical cross connect point for devices.
Hijacking
Patch Panels
Orange Book B1 Classification
Exercise
3. Pertaining to law - lending it self to one side of an argument
Convincing
Critical Infrastructure
Cookie
Adware
4. Some systems are actually run at the alternate site
Parallel Test
Byte Level Deletion
Burn
Classification Scheme
5. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Information Risk Management (IRM)
Network Attached Storage (NAS)
Private Branch Exchange (PBX)
Recovery
6. Descrambling the encrypted message with the corresponding key
TEMPEST
Replication
Decipher
Orange Book D Classification
7. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions
Resumption
Firewall
Salami
Alarm Filtering
8. Recovery alternative - complete duplication of services including personnel
Alternate Data Streams (File System Forks)
Mirrored Site
Walk Though
Data Custodian
9. The technical and risk assesment of a system within the context of the operating environment
Certification
Running
Forward Recovery
Business Continuity Planning (BCP)
10. Object reuse protection and auditing
Trademark
Backup
Orange Book C2 Classification
Assembler
11. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Business Interruption Insurance
Bumping
Trojan Horse
Critical Records
12. Threats x Vulnerability x Asset Value = Total Risk
Data Custodian
Total Risk
Distributed Processing
Data Marts
13. Moving letters around
Permutation /Transposition
IDS Intrusion Detection System
Rootkit
Exercise
14. Encryption system using a pair of mathematically related unequal keys
Embedded
Cryptanalysis
Time Of Check/Time Of Use
Asymmetric
15. Memory management technique which allows data to be moved from one memory address to another
3 Types of harm Addressed in computer crime laws
Chain of Custody
Relocation
Durability
16. To smooth out reductions or increases in power
Electronic Vaulting
Trapdoors (Backdoors) (Maintenance Hooks)
Authentic
UPS
17. Record of system activity - which provides for monitoring and detection.
Digital Signature
Log
Running
Change Control
18. DoS - Spoofing - dictionary - brute force - wardialing
Brownout
Access Control Attacks
Critical Functions
Life Cycle of Evidence
19. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Threats
Quantitative Risk Analysis
Teardrop
Call Tree
20. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Embedded Systems
IDS Intrusion Detection System
Work Factor
Investigation
21. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Centralized Access Control Technologies
Pervasive Computing and Mobile Computing Devices
Cache
System Downtime
22. The chance that something negative will occur
Risk
Symmetric
Examples of non-technical security components
Directive
23. Code breaking - practice of defeating the protective properties of cryptography.
Hearsay Evidence
Interference (Noise)
Cryptanalysis
Masked/Interruptible
24. Maximum tolerance for loss of certain business function - basis of strategy
Certification Authority
Uninterruptible Power Supply (UPS)
Recovery Time Objectives
High-Risk Areas
25. Memory - RAM
Labeling
Primary Storage
Transients
2-Phase Commit
26. A control before attack
Safeguard
Operational
Declaration
High-Risk Areas
27. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination
Alternate Site
Orange Book C2 Classification
Man-In-The-Middle Attack
Risk
28. People who interact with assets
Tar Pits
Database Shadowing
Activation
User
29. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Operational Impact Analysis
Coaxial Cable
CobiT
Workaround Procedures
30. A shield against leakage of electromagnetic signals.
Malformed Input
TIFF (Tagged Image File Format)
Backup
Faraday Cage/ Shield
31. Controls for termination of attempt to access object
Confidence Value
Redundant Servers
Intrusion Prevention Systems
Emanations
32. A running key using a random key that is never used again
One Time Pad
Routers
Faraday Cage/ Shield
Basics Of Secure Design
33. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
Embedded
Memory Management
Logic Bomb
Botnet
34. System of law based upon what is good for society
Civil Or Code Law
Polyalphabetic
Total Risk
Replication
35. Unchecked data which spills into another location in memory
Business Interruption
Cross-Site Scripting
Buffer Overflow
Threats
36. Small data files written to a user's hard drive by a web server.
Threats
Cookie
Processes are Isolated By
Metadata
37. To segregate for the purposes of labeling
Evidence
Emergency
Mitigate
Compartmentalize
38. Used to code/decode a digital data stream.
Faraday Cage/ Shield
Active Data
Codec
Hearsay
39. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Declaration
SYN Flooding
Asymmetric
Administrative
40. Review of data
Analysis
Slack Space
Shift Cipher (Caesar)
Bumping
41. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
Concatenation
Instance
Transients
IP Fragmentation
42. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Buffer Overflow
Workaround Procedures
Fault Tolerance
Hash Function
43. Key
ff Site
Cryptovariable
Operating
Total Risk
44. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Business Impact Assessment (BIA)
Journaling
Hot Spares
Mandatory Access Control (MAC)
45. Scrambled form of the message or data
Accurate
Event
Administrative
Cipher Text
46. A planned or unplanned interruption in system availability.
Authentic
Running Key
Deletion
System Downtime
47. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Incident Handling
Rollback
Byte Level Deletion
Hot Spares
48. A test conducted on one or more components of a plan under actual operating conditions.
Plaintext
Operational Test
Network Attached Storage (NAS)
Byte
49. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Sniffing
Boot (V.)
Mixed Law System
Change Control
50. A temporary public file to inform others of a compromised digital certificate
UPS
Certificate Revocation List (CRL)
Tar Pits
Byte Level Deletion