SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Security Kernel
Slack Space
IP Fragmentation
Injection
2. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
BCP Testing Drills and Exercises
Service Bureau
ff Site
Recovery Strategy
3. Sudden rise in voltage in the power supply.
Job Training
Contact List
Critical Infrastructure
Surge
4. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Double Blind Testing
Man-In-The-Middle Attack
Business Impact Analysis
System Life Cycle
5. A layer 2 device that used to connect two or more network segments and regulate traffic.
Structured Walkthrough
Pointer
Certification Authority
Switches
6. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
Basics Of Secure Design
Burn
Brownout
Exposure
7. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities
Common Law
Recovery Point Objective (RPO)
Security Blueprint
Checklist Test
8. Mitigation of system or component loss or interruption through use of backup capability.
EMI
Access Control Lists
5 Rules Of Evidence
Fault Tolerance
9. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Access Control Matrix
Recovery Time Objectives
Watermarking
Exercise
10. For PKI - to have more than one person in charge of a sensitive function
DR Or BC Coordinator
Recovery Time Objectives
Multi-Party Control
War Dialing
11. Is secondhand and usually not admissible in court
Picking
Common Criteria
Hearsay Evidence
Cryptography
12. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Time Of Check/Time Of Use
Multi-Programming
Hard Disk
Digital Signature
13. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Alarm Filtering
Administrative
Event
5 Rules Of Evidence
14. The study of cryptography and cryptanalysis
Interception
Alert/Alarm
Incident Response Team
Cryptology
15. The partial or full duplication of data from a source database to one or more destination databases.
Uninterruptible Power Supply (UPS)
Teardrop
Sag/Dip
Database Replication
16. Information about a particular data set
Structured Walk-Through Test
Least Privilege
Metadata
Key Space
17. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Recovery
Trapdoors (Backdoors) (Maintenance Hooks)
Satellite
Plain Text
18. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Decipher
Procedure
TIFF (Tagged Image File Format)
Guidelines
19. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
Multi-Programming
Residual Risk
Job Rotation
Authentication
20. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Denial Of Service
Phishing
Keystroke Logging
Maximum Tolerable Downtime (MTD)
21. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Deleted File
JPEG (Joint Photographic Experts Group)
DR Or BC Coordinator
Operational Exercise
22. A condition in which neither party is willing to stop their activity for the other to complete
IDS Intrusion Detection System
Durability
JPEG (Joint Photographic Experts Group)
Deadlock
23. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Mixed Law System
Durability
Replication
Forensic Copy
24. Representatives from each functional area or department get together and walk through the plan from beginning to end.
Structured Walk-Through Test
Business Unit Recovery
Governance
Disaster Recovery Teams (Business Recovery Teams)
25. Hiding the fact that communication has occurred
Access Control Attacks
Sharing
Convincing
Steganography
26. Firewalls - encryption - and access control lists
Examples of technical security components
Multi-Tasking
Highly Confidential
Forensic Copy
27. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.
Structured Walkthrough
Orange Book C2 Classification
Administrative
Mock Disaster
28. A unit of execution
Encryption
Public Key Infrastructure (PKI)
Threads
File Extension
29. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas
Incident Response Team
Access Control Matrix
Faraday Cage/ Shield
Remote Journaling
30. High level - pertaining to planning
Strategic
Common Criteria
File Sharing
Interference (Noise)
31. An individuals conduct that violates government laws developed to protect the public
Detective
Criminal Law
Method
Corrective
32. A collection of information designed to reduce duplication and increase integrity
Shielding
Workaround Procedures
Databases
Operational Exercise
33. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.
Business Interruption Insurance
Forensic Copy
Multi-Core
Brute Force
34. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
Fire Prevention
Recovery Time Objectives
Embedded
Object Oriented Programming (OOP)
35. Reduction of voltage by the utility company for a prolonged period of time
Content Dependent Access Control
Algorithm
Brownout
Central Processing Unit (CPU)
36. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc
Algorithm
3 Types of harm Addressed in computer crime laws
Critical Infrastructure
Alert/Alarm
37. More than one CPU on a single board
Life Cycle of Evidence
Multi-Core
Control Type
Walk Though
38. Moving the alphabet intact a certain number spaces
Accurate
File Server
Shift Cipher (Caesar)
Lattice
39. Vehicle or tool that exploits a weakness
On-Site
Threats
Multi-Tasking
Civil Law
40. Hardware or software that is part of a larger system
Top Secret
Embedded
Atomicity
Domain
41. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Acronym for American Standard Code for Information Interchange (ASCII)
Modems
IP Fragmentation
Desk Check Test
42. Unused storage capacity
Strategic
Ethics
Administrative Laws
Slack Space
43. Regular operations are stopped and where processing is moved to the alternate site.
Civil Law
Patch Management
Separation Of Duties
Full-Interruption test
44. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Public Key Infrastructure (PKI)
Interference (Noise)
Education
Business Continuity Steering Committee
45. Try a list of words in passwords or encryption keys
Fault Tolerance
Mandatory Access Control (MAC)
Dictionary Attack
Evidence
46. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Encryption
Warm Site
Supervisor Mode (monitor - system - privileged)
Orange Book D Classification
47. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Recovery Strategy
Recovery Point Objective (RPO)
Containment
Locard's Principle
48. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Access Control Lists
System Life Cycle
Incident Handling
Data Recovery
49. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
Mirroring
ISO/IEC 27002
Wait
File Shadowing
50. Organized group of compromised computers
Privacy Laws
Trusted Computing Base
Botnet
Information Technology Security Evaluation Criteria - ITSEC
