SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Key
File Sharing
Cryptovariable
Threads
File
2. Event(s) that cause harm
Data Owner
Worldwide Interoperability for Microwave Access (WI-MAX )
Fire Classes
Incident
3. A mobilized resource purchased or contracted for the purpose of business recovery.
Deadlock
Data Backups
Concentrator
Mobile Recovery
4. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?
Orange Book C Classification
Checklist Test (desk check)
Business Impact Assessment (BIA)
Discretionary
5. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Sampling
Injection
Masquerading
ff Site
6. High level - pertaining to planning
Strategic
Masquerading
Orange Book A Classification
Chain Of Custody
7. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Phishing
Redundant Servers
Twisted Pair
Application Programming Interface
8. Written suggestions that direct choice to a few alternatives
Authentication
Data Leakage
Business Impact Assessment (BIA)
Guidelines
9. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
Memory Management
Degauss
Structured Walk-Through Test
Data Hiding
10. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Analysis
Time Of Check/Time Of Use
Encryption
Convincing
11. Control category- to record an adversary's actions
Electromagnetic Interference (EMI)
Modems
Recovery Period
Detective
12. Intellectual property protection for an confidential and critical process
State Machine Model
Trade Secret
File Server
Business Recovery Timeline
13. OOP concept of a taking attributes from the original or parent
Recovery
File Level Deletion
Inheritance
Security Clearance
14. A hash that has been further encrypted with a symmetric algorithm
Keyed-Hashing For Message Authentication
Control
Blind Testing
Inrush Current
15. More than one processor sharing same memory - also know as parallel systems
Data Integrity
HTTP Response Splitting
Mission-Critical Application
Multi-Processor
16. Property that data is represented in the same manner at all times
Object Reuse
Consistency
Eavesdropping
Mission-Critical Application
17. A programming design concept which abstracts one set of functions from another in a serialized fashion
Workaround Procedures
Business Continuity Program
Decipher
Layering
18. Low level - pertaining to planning
Multi-Tasking
Tactical
Backup
Recovery Point Objective (RPO)
19. Security policy - procedures - and compliance enforcement
Examples of non-technical security components
Structured Walkthrough
Control
Analysis
20. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
Non-Discretionary Access Control
Data Dictionary
False Negative
Memory Management
21. Subjects will not interact with each other's objects
Intrusion Prevention Systems
Threats
Non-Interference
Inrush Current
22. Unauthorized wireless network access device.
Safeguard
File Level Deletion
Rogue Access Points
Transfer
23. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Hub
Sequence Attacks
On-Site
Entrapment
24. OOP concept of an object at runtime
Multi-Party Control
Instance
Exposure
Man-In-The-Middle Attack
25. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.
Distributed Denial Of Service
Entrapment
System Life Cycle
Multilevel Security System
26. A form of data hiding which protects running threads of execution from using each other's memory
Sniffing
Process Isolation
Coaxial Cable
Metadata
27. A passive network attack involving monitoring of traffic.
File Server
Key Space
Eavesdropping
Computer Forensics
28. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.
Repeaters
Database Shadowing
Vital Record
Archival Data
29. Line by line translation from a high level language to machine code
Interpreter
Memory Management
Corrective
Work Factor
30. Objects or programming that looks the different but act same
Hot Spares
Polymorphism
Control Type
5 Rules Of Evidence
31. The core logic engine of an operating system which almost never changes
Preemptive
Operational Test
Kernel
Residual Risk
32. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Disaster Recovery Tape
Trademark
Concentrator
Information Risk Management (IRM)
33. Less granular organization of controls -
Control Type
Hijacking
Replication
Data Recovery
34. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Administrative Law
Sequence Attacks
CobiT
Disk Mirroring
35. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Recovery Period
Authentication
Locard's Principle
Incident Response
36. Interception of a communication session by an attacker.
Encapsulation
Compiler
Hijacking
Patch Panels
37. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance
Cross Certification
Trusted Computing Base
Business Recovery Timeline
Redundant Array Of Independent Drives (RAID)
38. Code breaking - practice of defeating the protective properties of cryptography.
Network Attached Storage (NAS)
Near Site
Cryptanalysis
Evidence
39. A disturbance that degrades performance of electronic devices and electronic communications.
Near Site
Technical Access Controls
Radio Frequency Interference (RFI)
System Life Cycle
40. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
UPS
Emergency Procedures
Multi-Core
Quantitative
41. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Information Risk Management (IRM)
Remanence
Life Cycle of Evidence
Hearsay Evidence
42. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Information Risk Management (IRM)
Business Continuity Planning (BCP)
User
Processes are Isolated By
43. Maximum tolerance for loss of certain business function - basis of strategy
Method
Access Control Lists
Resumption
Recovery Time Objectives
44. Used to code/decode a digital data stream.
Switches
Keystroke Logging
Codec
Tar Pits
45. OOP concept of a class's details to be hidden from object
Operational Exercise
Key Escrow
Shift Cipher (Caesar)
Encapsulation
46. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Microwave
Time Of Check/Time Of Use
Non-Interference
Enticement
47. A planned or unplanned interruption in system availability.
User Mode (problem or program state)
System Downtime
Modems
Analysis
48. Eight bits.
Non-Discretionary Access Control
Replication
Byte
Cryptanalysis
49. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.
Privacy Laws
Assembler
Work Factor
Key Space
50. Owner directed mediation of access
SYN Flooding
Business Interruption
Discretionary
Stopped