SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An alert or alarm that is triggered when no actual attack has taken place
False (False Positive)
Overlapping Fragment Attack
Threats
Hard Disk
2. Program that inappropriately collects private data or activity
False (False Positive)
Discretionary Access Control (DAC)
Spyware
Cipher Text
3. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
Tactical
Object Oriented Programming (OOP)
Cryptanalysis
On-Site
4. Communicate to stakeholders
Corrective
Debriefing/Feedback
Service Bureau
Chain of Custody
5. Regular operations are stopped and where processing is moved to the alternate site.
Standalone Test
File Extension
Incident Manager
Full-Interruption test
6. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Keystroke Logging
Fire Detection
Encryption
Transients
7. Third party processes used to organize the implementation of an architecture
Framework
Remote Journaling
Aggregation
Need-To-Know
8. Recovery alternative which includes cold site and some equipment and infrastructure is available
Warm Site
Firewall
Injection
Tapping
9. Natural or human-readable form of message
Operational Test
Multi-Party Control
Detective
Plain Text
10. Control type- that is communication based - typically written or oral
One Time Pad
Administrative Law
Risk Assessment / Analysis
Administrative
11. Mediation of covert channels must be addressed
Information Flow Model
Slack Space
2-Phase Commit
Operating
12. Information about data or records
Business Impact Assessment (BIA)
Metadata
Full-Interruption test
Trade Secret
13. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Business Impact Analysis
Patch Management
War Dialing
Adware
14. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
Storage Area Network (SAN)
Virtual Memory
Watermarking
Generator
15. Controls deployed to avert unauthorized and/or undesired actions.
Prevention
Honeynet
Education
Least Privilege
16. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Record Level Deletion
Residual Risk
Executive Succession
Electromagnetic Interference (EMI)
17. Scrambled form of the message or data
Desk Check Test
Cipher Text
Non-Repudiation
Operational Exercise
18. Something that happened
Firewalls
Polymorphism
Event
Trusted Computing Base
19. A layer 3 device that used to connect two or more network segments and regulate traffic.
Hijacking
Application Programming Interface
Ring Protection
Routers
20. Potential danger to information or systems
Inference
Injection
Threats
Acronym for American Standard Code for Information Interchange (ASCII)
21. Intellectual property protection for an invention
Patent
Data Warehouse
Classification Scheme
Forward Recovery
22. Return to a normal state
Recovery
Plaintext
Sequence Attacks
Mitigate
23. Two certificate authorities that trust each other
Certificate Revocation List (CRL)
Double Blind Testing
Cross Certification
Disaster
24. To create a copy of data as a precaution against the loss or damage of the original data.
Standard
Data Dictionary
Backup
Fiber Optics
25. Subject based description of a system or a collection of resources
Administrative Access Controls
Mission-Critical Application
Capability Tables
Hot Site
26. Specific format of technical and physical controls that support the chosen framework and the architecture
Failure Modes and Effect Analysis (FEMA)
Infrastructure
Incident
Archival Data
27. A collection of information designed to reduce duplication and increase integrity
Kernel
Databases
Trade Secret
Archival Data
28. Control category- to record an adversary's actions
Detective
Examples of technical security components
Strong Authentication
Business Records
29. A race condition where the security changes during the object's access
Time Of Check/Time Of Use
Honeypot
Remote Access Trojan
Database Shadowing
30. Recovery alternative - everything needed for the business function - except people and last backup
Race Condition
Mandatory Vacations
Triage
Hot Site
31. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Failure Modes and Effect Analysis (FEMA)
Fraggle
Business Unit Recovery
Top Secret
32. Recovery alternative - complete duplication of services including personnel
Access Control
Mirrored Site
Entrapment
Degauss
33. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware
Cross-Site Scripting
Hash Function
Privacy Laws
Data Dictionary
34. Power surge
Electrostatic Discharge
Metadata
System Downtime
Containment
35. System mediation of access with the focus on the context of the request
Shift Cipher (Caesar)
Burn
Content Dependent Access Control
Remote Journaling
36. A design methodology which executes in a linear one way fashion
Tracking
Recovery Time Objectives
Moore's Law
Waterfall
37. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.
Pointer
Orange Book B1 Classification
Business Impact Analysis
Access Control
38. Substitution at the word or phrase level
Access Control Lists
Code
Running Key
Mobile Site
39. Define the way in which the organization operates.
Shielding
Accurate
Proprietary
Recovery Time Objectives
40. Intellectual property protection for an confidential and critical process
Trade Secret
Deleted File
Accountability
Permutation /Transposition
41. Location to perform the business function
Processes are Isolated By
Business Recovery Team
Asymmetric
Alternate Site
42. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.
Highly Confidential
Method
Restoration
Alert
43. Low level - pertaining to planning
Risk
Archival Data
Tactical
Boot (V.)
44. Just enough access to do the job
Least Privilege
Targeted Testing
Databases
Information Owner
45. Individuals and departments responsible for the storage and safeguarding of computerized data.
Key Escrow
Recovery
Certificate Revocation List (CRL)
Data Custodian
46. Review of data
Exposure
Keyed-Hashing For Message Authentication
Analysis
Entrapment
47. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Bollard
Substitution
Residual Data
Governance
48. Impossibility of denying authenticity and identity
Non-Repudiation
Threats
Data Diddler
Process Isolation
49. Uncleared buffers or media
Object Reuse
TEMPEST
Hijacking
Quantitative Risk Analysis
50. To know more than one job
Recovery
Criminal Law
Tort
Cross Training
