SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Control category- to discourage an adversary from attempting to access
Injection
Legacy Data
Deterrent
Data Diddler
2. Natural occurrence in circuits that are in close proximity
Microwave
Interference (Noise)
Data Owner
Total Risk
3. Provides a physical cross connect point for devices.
Patch Panels
Quantitative Risk Analysis
Restoration
Threats
4. More than one process in the middle of executing at a time
Brouter
Supervisor Mode (monitor - system - privileged)
Multi-Tasking
Security Clearance
5. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
Forensic Copy
Transients
Smurf
ITSEC
6. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Vital Record
Plaintext
Business Continuity Steering Committee
Masked/Interruptible
7. To create a copy of data as a precaution against the loss or damage of the original data.
Spyware
Backup
Decipher
Switches
8. Momentary loss of power
Encipher
Fault
Double Blind Testing
Entrapment
9. A state where two subjects can access the same object without proper mediation
Damage Assessment
Digital Signature
Disaster Recovery Teams (Business Recovery Teams)
Race Condition
10. Communicate to stakeholders
Debriefing/Feedback
Capability Tables
Checksum
Plain Text
11. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Administrative Access Controls
Emanations
Disaster Recovery Tape
Covert Channel
12. One entity with two competing allegiances
Business Recovery Team
Trusted Computing Base
Recovery Point Objective (RPO)
Conflict Of Interest
13. Requirement of access to data for a clearly defined purpose
Plaintext
Need-To-Know
ISO/IEC 27002
Governance
14. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
Moore's Law
Data Backups
Proxies
Operational Impact Analysis
15. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
Checklist Test
TNI (Red Book)
Restoration
Kerberos
16. Power surge
Strategic
Cross Training
Electrostatic Discharge
Bollard
17. Planning with a goal of returning to the normal business function
Orange Book D Classification
Restoration
Application Programming Interface
Key Management
18. A protocol for the efficient transmission of voice over the Internet
Running
Storage Area Network (SAN)
Polyalphabetic
Voice Over IP (VOIP)
19. Pertaining to law - accepted by a court
Containment
Ring Protection
Admissible
Worm
20. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.
Tactical
Alert
Simulation Test
Emergency
21. A collection of data or information that has a name
Framework
Service Bureau
File
Life Cycle of Evidence
22. A design methodology which executes in a linear one way fashion
Mitigate
Waterfall
Strong Authentication
Threads
23. Small data files written to a user's hard drive by a web server.
Monitor
Keystroke Logging
Cookie
Territoriality
24. Converts source code to an executable
Algorithm
Control Type
Compiler
Control
25. For PKI - decertify an entities certificate
Common Criteria
Detection
Revocation
Burn
26. Statistical probabilities of a collision are more likely than one thinks
Replication
Control
Birthday Attack
Emergency Operations Center (EOC)
27. Of a system without prior knowledge by the tester or the tested
CPU Cache
Surge Suppressor
Double Blind Testing
CobiT
28. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Alarm Filtering
Shadowing (file shadowing)
Encapsulation
Interception
29. Forging of an IP address.
Atomicity
Mobile Site
IP Address Spoofing
Containment
30. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
High-Risk Areas
Business Recovery Timeline
Public Key Infrastructure (PKI)
Compiler
31. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.
Restoration
Critical Records
BCP Testing Drills and Exercises
Common Law
32. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Remote Journaling
Reciprocal Agreement
Critical Records
Substitution
33. Descrambling the encrypted message with the corresponding key
Decipher
Coaxial Cable
Mandatory Access Control (MAC)
Security Domain
34. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Blackout
Decipher
Kerberos
Information Technology Security Evaluation Criteria - ITSEC
35. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
Degauss
Orange Book C Classification
Mixed Law System
Critical Functions
36. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Time Of Check/Time Of Use
Worm
Fault
Technical Access Controls
37. A type a computer memory that temporarily stores frequently used information for quick access.
System Life Cycle
Access Point
Dangling Pointer
Cache
38. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Binary
Computer Forensics
Network Attached Storage (NAS)
Pervasive Computing and Mobile Computing Devices
39. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Data Diddler
Simulation
Supervisor Mode (monitor - system - privileged)
On-Site
40. A trusted issuer of digital certificates
Bridge
Cookie
Need-To-Know
Certification Authority
41. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Reciprocal Agreement
Classification
Mandatory Vacations
Data Warehouse
42. To jump to a conclusion
Critical Infrastructure
Access Control Matrix
Debriefing/Feedback
Inference
43. A layer 3 device that used to connect two or more network segments and regulate traffic.
Routers
Wireless Fidelity (Wi-Fi )
Multi-Party Control
Patch Management
44. More than one CPU on a single board
Multi-Core
Data Dictionary
Control
Acronym for American Standard Code for Information Interchange (ASCII)
45. Creation distribution update and deletion
Botnet
Key Management
Database Replication
Remanence
46. A form of data hiding which protects running threads of execution from using each other's memory
Binary
Process Isolation
Identification
Residual Data
47. Two certificate authorities that trust each other
Exposure
Electrostatic Discharge
E-Mail Spoofing
Cross Certification
48. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Least Privilege
Picking
Common Criteria
Cryptanalysis
49. A control before attack
Operational Impact Analysis
Mobile Site
Safeguard
Database Shadowing
50. A group or network of honeypots
Honeynet
Failure Modes and Effect Analysis (FEMA)
Mirrored Site
Data Backup Strategies
