SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Controls for termination of attempt to access object
Copyright
Security Kernel
Intrusion Prevention Systems
Honeynet
2. A mobilized resource purchased or contracted for the purpose of business recovery.
Rootkit
Declaration
Work Factor
Mobile Recovery
3. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination
Data Hiding
Man-In-The-Middle Attack
Copyright
Object
4. Provides a physical cross connect point for devices.
Executive Succession
Patch Panels
Qualitative
Domain
5. Just enough access to do the job
Access Control Lists
Least Privilege
Firewall
File
6. Induces a crime - tricks a person - and is illegal
Recovery
Integrated Test
Intrusion Prevention Systems
Entrapment
7. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Top Secret
Patent
DR Or BC Coordinator
System Life Cycle
8. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
War Driving
Deletion
Salami
Fraggle
9. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Event
Chain of Custody
E-Mail Spoofing
Shielding
10. Planning with a goal of returning to the normal business function
Simulation Test
Restoration
Virus
Brute Force
11. A process state - to be either be unable to run waiting for an external event or terminated
Lattice
Stopped
Trapdoors (Backdoors) (Maintenance Hooks)
Data Backup Strategies
12. Fault tolerance for power
Recovery Time Objectives
Internal Use Only
Key Management
Generator
13. A covert storage channel on the file attribute
Mobile Recovery
Firmware
Safeguard
Alternate Data Streams (File System Forks)
14. Trading one for another
Bumping
Kerberos
Substitution
Conflict Of Interest
15. Try a list of words in passwords or encryption keys
Dictionary Attack
Interference (Noise)
Acronym for American Standard Code for Information Interchange (ASCII)
Debriefing/Feedback
16. Part of a transaction control for a database which informs the database of the last recorded transaction
Administrative Laws
Checkpoint
Log
Operational
17. Potential danger to information or systems
On-Site
Threats
Ethics
Accurate
18. Outputs within a given function are the same result
Confidence Value
Collisions
Least Privilege
SYN Flooding
19. Malware that subverts the detective controls of an operating system
Malformed Input
Information Risk Management (IRM)
Burn
Rootkit
20. Pertaining to law - accepted by a court
Admissible
Pervasive Computing and Mobile Computing Devices
Race Condition
Multi-Programming
21. Quantity of risk remaining after a control is applied
Inrush Current
Fire Prevention
Residual Risk
Remote Journaling
22. Responsibility of a user for the actions taken by their account which requires unique identification
Site Policy
CobiT
BCP Testing Drills and Exercises
Accountability
23. Using many alphabets
Polyalphabetic
Modems
Prevention
High-Risk Areas
24. Requirement of access to data for a clearly defined purpose
Intrusion Prevention Systems
Information Technology Security Evaluation Criteria - ITSEC
Asymmetric
Need-To-Know
25. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Orange Book C Classification
Key Management
Hot Spares
Resumption
26. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
Trapdoors (Backdoors) (Maintenance Hooks)
Chain Of Custody
Basics Of Secure Design
Denial Of Service
27. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.
Bollard
Workaround Procedures
Simulation Test
Forward Recovery
28. A test conducted on one or more components of a plan under actual operating conditions.
Asymmetric
Operational Test
Digital Signature
Bridge
29. A risk assessment method - measurable real money cost
Quantitative
Compression
High-Risk Areas
Non-Repudiation
30. The chance that something negative will occur
Computer System Evidence
Risk
Rollback
Critical Records
31. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Rootkit
Contact List
Data Backup Strategies
Salami
32. Individuals and departments responsible for the storage and safeguarding of computerized data.
Eavesdropping
Secondary Storage
Total Risk
Data Custodian
33. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Mirrored Site
Bumping
Access Point
Mission-Critical Application
34. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
Mandatory
Operational
ISO/IEC 27001
Pervasive Computing and Mobile Computing Devices
35. Independent malware that requires user interaction to execute
Qualitative
Radio Frequency Interference (RFI)
Virus
Mobile Site
36. Code breaking - practice of defeating the protective properties of cryptography.
Mock Disaster
Forensic Copy
Cryptanalysis
Chain Of Custody
37. Malware that makes many small changes over time to a single data point or system
Business Unit Recovery
Salami
Business Recovery Timeline
Call Tree
38. Joining two pieces of text
Concatenation
The ACID Test
Hot Site
Switches
39. Moving letters around
Permutation /Transposition
Standard
Business Impact Assessment (BIA)
Code
40. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Radio Frequency Interference (RFI)
Separation Of Duties
Restoration
Reference Monitor
41. A type of multitasking that allows for more even distribution of computing time among competing request
Preemptive
File Sharing
Guidelines
Emergency Operations Center (EOC)
42. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Call Tree
Discretionary Access Control (DAC)
Inheritance
Certification
43. Most granular organization of controls
Instance
Overlapping Fragment Attack
Permutation /Transposition
Control Category
44. Narrow scope examination of a system
Targeted Testing
Discretionary Access Control (DAC)
Faraday Cage/ Shield
Checkpoint
45. OOP concept of a taking attributes from the original or parent
Inheritance
Data Owner
War Dialing
Teardrop
46. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
High-Risk Areas
Intrusion Prevention Systems
Threat Agent
Key Management
47. A subnetwork with storage devices servicing all servers on the attached network.
Storage Area Network (SAN)
Method
Routers
Hot Spares
48. Use of specialized techniques for recovery - authentication - and analysis of electronic data
Computer Forensics
Cryptography
File Sharing
Firmware
49. One way encryption
Cryptovariable
The ACID Test
Hash Function
Internal Use Only
50. Short period of low voltage.
Sag/Dip
Alert
Polymorphism
Satellite