SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A world-wide wireless technology
Malformed Input
DR Or BC Coordinator
Wireless Fidelity (Wi-Fi )
Certification Authority
2. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
Substitution
Residual Data
Full Test (Full Interruption)
Computer System Evidence
3. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
Shielding
Information Owner
Protection
Malformed Input
4. System mediation of access with the focus on the context of the request
Fault Tolerance
Content Dependent Access Control
Injection
Maximum Tolerable Downtime (MTD)
5. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.
Alert
Privacy Laws
Hot Spares
Archival Data
6. A computer designed for the purpose of studying adversaries
Burn
Pervasive Computing and Mobile Computing Devices
Least Privilege
Honeypot
7. A group or network of honeypots
Honeynet
Man-In-The-Middle Attack
Application Programming Interface
System Life Cycle
8. A system that enforces an access control policy between two networks.
Surge
Keyed-Hashing For Message Authentication
Stopped
Firewalls
9. People protect their domain
Parallel Test
Fire Classes
Territoriality
Contingency Plan
10. Ertaining to a number system that has just two unique digits.
Initialization Vector
Remote Journaling
Data Warehouse
Binary
11. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Compiler
ITSEC
Database Shadowing
Twisted Pair
12. Recovery alternative - complete duplication of services including personnel
Orange Book B2 Classification
Multi-Core
Mirrored Site
Call Tree
13. Process of statistically testing a data set for the likelihood of relevant information.
Multi-Processor
Bit
Sampling
Disk Mirroring
14. To break a business process into separate functions and assign to different people
Shadowing (file shadowing)
Separation Of Duties
Architecture
Redundant Array Of Independent Drives (RAID)
15. Power surge
Emergency Operations Center (EOC)
Attacker (Black hat - Hacker)
Electrostatic Discharge
Information Owner
16. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
Certification Authority
ISO/IEC 27001
Slack Space
Wireless Fidelity (Wi-Fi )
17. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.
Isolation
Fiber Optics
Key Space
Central Processing Unit (CPU)
18. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
ff Site
Containment
Smurf
Residual Risk
19. Deals with discretionary protection
Sag/Dip
Information Technology Security Evaluation Criteria - ITSEC
Orange Book C Classification
Checklist Test (desk check)
20. A process state - to be either be unable to run waiting for an external event or terminated
Dangling Pointer
Rollback
Stopped
Data Diddler
21. Control category- to give instructions or inform
Criminal Law
Data Hiding
Directive
Chain of Custody
22. Unsolicited commercial email
Isolation
Convincing
Exercise
Spam
23. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Database Shadowing
Life Cycle of Evidence
Initialization Vector
Reciprocal Agreement
24. Object based description of a single resource and the permission each subject
Mirroring
Public Key Infrastructure (PKI)
Access Control Lists
Multi-Processor
25. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Plaintext
Tar Pits
Cryptanalysis
Digital Certificate
26. A shield against leakage of electromagnetic signals.
Brouter
Fault Tolerance
Administrative Law
Faraday Cage/ Shield
27. Used to code/decode a digital data stream.
DR Or BC Coordinator
Codec
Information Technology Security Evaluation Criteria - ITSEC
Network Attached Storage (NAS)
28. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Common Criteria
Disaster
Common Law
TNI (Red Book)
29. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
MOM
Cipher Text
Workaround Procedures
Honeypot
30. Pertaining to law - no omissions
Parallel Test
Computer Forensics
Complete
Cold Site
31. The level and label given to an individual for the purpose of compartmentalization
Instance
Checklist Test
Noise
Security Clearance
32. A documented battle plan for coordinating response to incidents.
Incident Handling
Metadata
Voice Over IP (VOIP)
Initialization Vector
33. Hardware or software that is part of a larger system
Embedded
Cipher Text
Incident
Notification
34. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Quantitative Risk Analysis
Virus
High-Risk Areas
Business Interruption Insurance
35. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Business Continuity Program
Top Secret
ff Site
Trusted Computing Base
36. May be responsible for overall recovery of an organization or unit(s).
Botnet
Accurate
Interpreter
DR Or BC Coordinator
37. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
Administrative Law
Intrusion Detection Systems
Activation
Object Oriented Programming (OOP)
38. Evaluation of a system without prior knowledge by the tester
Authentic
Coaxial Cable
Mandatory
Blind Testing
39. Guidelines within an organization that control the rules and configurations of an IDS
Embedded Systems
High-Risk Areas
Complete
Site Policy
40. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Ethics
Application Programming Interface
Cross Training
Security Blueprint
41. Inference about encrypted communications
Hijacking
Side Channel Attack
Confidence Value
One Time Pad
42. A state for operating system tasks only
Repeaters
Supervisor Mode (monitor - system - privileged)
Object
Electrostatic Discharge
43. A type of multitasking that allows for more even distribution of computing time among competing request
Triage
Preemptive
Inheritance
Maximum Tolerable Downtime (MTD)
44. Location where coordination and execution of BCP or DRP is directed
Backup
Infrastructure
Emergency Operations Center (EOC)
Domain
45. To move from location to location - keeping the same function
Radio Frequency Interference (RFI)
Civil Or Code Law
Authentication
Job Rotation
46. Control category - more than one control on a single asset
Authentication
Compensating
Deleted File
Tactical
47. A distributed system's transaction control that requires updates to complete or rollback
2-Phase Commit
Control
Guidelines
ISO/IEC 27002
48. For PKI - decertify an entities certificate
Sharing
Debriefing/Feedback
Kerckhoff's Principle
Revocation
49. A design methodology which executes in a linear one way fashion
Access Point
Permutation /Transposition
War Driving
Waterfall
50. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Threats
Decipher
Least Privilege
Data Owner
