SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due
Elements of Negligence
Integrated Test
Incident Response
Disaster Recovery Plan
2. A running key using a random key that is never used again
Durability
Authentication
Analysis
One Time Pad
3. Wrong against society
Checksum
Code
Hearsay Evidence
Criminal Law
4. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Digital Signature
Interception
Attacker (Black hat - Hacker)
Time Of Check/Time Of Use
5. OOP concept of a class's details to be hidden from object
Attacker (Black hat - Hacker)
Administrative Law
Legacy Data
Encapsulation
6. Converts a high level language into machine language
Detection
Assembler
Multi-Processing
Change Control
7. A hash that has been further encrypted with a symmetric algorithm
Incident Response
Incident Handling
Maximum Tolerable Downtime (MTD)
Keyed-Hashing For Message Authentication
8. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Plain Text
Redundant Array Of Independent Drives (RAID)
Chain of Custody
Brouter
9. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.
Mobile Site
Aggregation
Repeaters
Archival Data
10. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Total Risk
Record Level Deletion
Remote Journaling
Encryption
11. Someone who want to know how something works - typically by taking it apart
Running Key
Hacker
Intrusion Prevention Systems
Liability
12. An administrative unit or a group of objects and subjects controlled by one reference monitor
Fire Suppression
Physical Tampering
HTTP Response Splitting
Security Domain
13. Sudden rise in voltage in the power supply.
Threats
Confidence Value
Checklist Test
Surge
14. Real-time - automatic and transparent backup of data.
Criminal Law
Remote Journaling
Total Risk
Brute Force
15. A backup type - for databases at a point in time
Virus
Evidence
Desk Check Test
Shadowing (file shadowing)
16. Short period of low voltage.
Internal Use Only
Encapsulation
Sag/Dip
Mixed Law System
17. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
Monitor
Shielding
Business Recovery Timeline
Detective
18. To reduce sudden rises in current
Crisis
Record Level Deletion
Hot Site
Surge Suppressor
19. Mitigate damage by isolating compromised systems from the network.
Generator
Security Domain
Assembler
Containment
20. Location to perform the business function
Modification
Alternate Site
Patch Management
Threats
21. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
Computer System Evidence
Covert Channel
Monitor
Mirroring
22. State of computer - to be running a process
Operating
True Attack Stimulus
Covert Channel
Key Escrow
23. Malware that subverts the detective controls of an operating system
Rootkit
On-Site
Dangling Pointer
Proxies
24. Maintenance procedures outline the process for the review and update of business continuity plans.
Cryptanalysis
TEMPEST
MOM
Plan Maintenance Procedures
25. For PKI - decertify an entities certificate
Revocation
Education
Debriefing/Feedback
Data Leakage
26. Less granular organization of controls -
Standalone Test
Business Recovery Timeline
Event
Control Type
27. Lower frequency noise
Radio Frequency Interference (RFI)
Brownout
Voice Over IP (VOIP)
Consistency
28. Vehicle or tool that exploits a weakness
Full Test (Full Interruption)
User Mode (problem or program state)
Electrostatic Discharge
Threats
29. Memory - RAM
Criminal Law
Non-Repudiation
Primary Storage
Certificate Revocation List (CRL)
30. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Admissible
Disaster Recovery Tape
Method
Detection
31. Recognition of an individual's assertion of identity.
Identification
Off-Site Storage
Hearsay
Boot (V.)
32. Maximum tolerance for loss of certain business function - basis of strategy
Surveillance
Recovery Time Objectives
Access Control
Processes are Isolated By
33. Reduces causes of fire
IP Address Spoofing
Trade Secret
Replication
Fire Prevention
34. An availability attack - to consume resources to the point of exhaustion from multiple vectors
Authentication
Encipher
Method
Distributed Denial Of Service
35. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Sequence Attacks
Enticement
Business Records
Data Leakage
36. A control after attack
TNI (Red Book)
Security Kernel
Countermeasure
Event
37. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas
Man-In-The-Middle Attack
Electrostatic Discharge
Security Clearance
Incident Response Team
38. Amount of time for restoring a business process or function to normal operations without major loss
Residual Data
Mixed Law System
Maximum Tolerable Downtime (MTD)
Uninterruptible Power Supply (UPS)
39. Written step-by-step actions
Monitor
Wait
Procedure
Fiber Optics
40. Claiming another's identity at a physical level
Architecture
Data Hiding
Open Mail Relay Servers
Masquerading
41. A choice in risk management - to convince another to assume risk - typically by payment
Isolation
Locard's Principle
Declaration
Transfer
42. A electronic attestation of identity by a certificate authority
Basics Of Secure Design
Alternate Data Streams (File System Forks)
Standalone Test
Digital Certificate
43. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
User
Processes are Isolated By
Emergency Operations Center (EOC)
Forensic Copy
44. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Supervisor Mode (monitor - system - privileged)
Quantitative Risk Analysis
Message Digest
Service Bureau
45. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Evidence
Operating
Checklist Test (desk check)
Burn
46. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance
Analysis
Fire Detection
Redundant Array Of Independent Drives (RAID)
Embedded Systems
47. An image compression standard for photographs
Operating
Business Records
JPEG (Joint Photographic Experts Group)
Total Risk
48. Guidelines within an organization that control the rules and configurations of an IDS
Investigation
Adware
Site Policy
File Server
49. Can be statistical (monitor behavior) or signature based (watch for known attacks)
IDS Intrusion Detection System
Maximum Tolerable Downtime (MTD)
Aggregation
TIFF (Tagged Image File Format)
50. Narrow scope examination of a system
Processes are Isolated By
Firewalls
Targeted Testing
Cache
