SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Define the way in which the organization operates.
Mirrored Site
Civil Or Code Law
Proprietary
Keystroke Logging
2. False memory reference
Cookie
Dangling Pointer
Database Replication
Warm Site
3. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.
Crisis
Bit
Archival Data
Emergency Operations Center (EOC)
4. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Denial Of Service
Firewalls
Encipher
Civil Law
5. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
File Level Deletion
Full Test (Full Interruption)
CobiT
Disaster Recovery Tape
6. A process state - to be executing a process on the CPU
Concatenation
E-Mail Spoofing
Risk Assessment / Analysis
Running
7. A computer designed for the purpose of studying adversaries
Data Recovery
Honeypot
Multiplexers
Boot (V.)
8. The chance that something negative will occur
Risk
Mirroring
Threats
Acronym for American Standard Code for Information Interchange (ASCII)
9. For PKI - to have more than one person in charge of a sensitive function
Network Attached Storage (NAS)
Infrastructure
Multi-Party Control
Hearsay
10. A secure connection to another network.
Generator
Gateway
Logic Bomb
Mirrored Site
11. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
Coaxial Cable
ITSEC
Declaration
Orange Book B2 Classification
12. Evidence must be: admissible - authentic - complete - accurate - and convincing
Data Recovery
Mantrap (Double Door System)
Resumption
5 Rules Of Evidence
13. The connection between a wireless and wired network.
Storage Area Network (SAN)
Access Point
Recovery
Packet Filtering
14. Potential danger to information or systems
Threats
Patent
Vital Record
Fire Classes
15. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Standalone Test
Structured Walkthrough
Proprietary
Reference Monitor
16. Third party processes used to organize the implementation of an architecture
Declaration
Framework
Cold Site
Remanence
17. Control type- that is communication based - typically written or oral
Administrative
CobiT
Data Recovery
Tactical
18. Inference about encrypted communications
Data Marts
Aggregation
Side Channel Attack
Non-Interference
19. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Picking
War Driving
Supervisor Mode (monitor - system - privileged)
Life Cycle of Evidence
20. Planning with a goal of returning to the normal business function
Restoration
Shadowing (file shadowing)
Centralized Access Control Technologies
False Attack Stimulus
21. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
Mock Disaster
Criminal Law
Virtual Memory
Guidelines
22. Hitting a filed down key in a lock with a hammer to open without real key
Smurf
Bumping
Data Owner
Interpreter
23. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.
Redundant Servers
Fault Tolerance
Accountability
Guidelines
24. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
Call Tree
Message Digest
Hearsay
Fire Classes
25. Intellectual property protection for an confidential and critical process
Trade Secret
Business Continuity Steering Committee
Mantrap (Double Door System)
Algorithm
26. An individuals conduct that violates government laws developed to protect the public
Exercise
Maximum Tolerable Downtime (MTD)
Gateway
Criminal Law
27. Statistical probabilities of a collision are more likely than one thinks
Picking
Birthday Attack
Business Continuity Program
Orange Book A Classification
28. Controls for termination of attempt to access object
Restoration
Intrusion Prevention Systems
5 Rules Of Evidence
SQL Injection
29. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Technical Access Controls
Alert
Sampling
Consistency
30. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Multi-Core
Mobile Recovery
Journaling
Kernel
31. Autonomous malware that requires a flaw in a service
Certification
Encryption
Worm
Administrative Access Controls
32. A telephone exchange for a specific office or business.
Information Flow Model
Total Risk
Critical Infrastructure
Private Branch Exchange (PBX)
33. To execute more than one instruction at an instant in time
Private Branch Exchange (PBX)
Multi-Processing
Log
Plain Text
34. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Business Unit Recovery
Inheritance
Forensic Copy
Operational
35. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
Source Routing Exploitation
Information Owner
File Sharing
Data Integrity
36. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
The ACID Test
Classification
Network Attached Storage (NAS)
Deadlock
37. Owner directed mediation of access
Complete
Discretionary
HTTP Response Splitting
Message Digest
38. What is will remain - persistence
Deletion
Durability
Lattice
Legacy Data
39. Those who initiate the attack
Electronic Vaulting
Initialization Vector
Threat Agent
Archival Data
40. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
Moore's Law
Physical Tampering
ff Site
Structured Walkthrough
41. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Exposure
Polymorphism
Business Recovery Team
Plain Text
42. Memory - RAM
Vital Record
Application Programming Interface
Primary Storage
Bridge
43. A world-wide wireless technology
Botnet
Wireless Fidelity (Wi-Fi )
Burn
Open Mail Relay Servers
44. A planned or unplanned interruption in system availability.
Safeguard
System Downtime
Tapping
Recovery Point Objective (RPO)
45. Granular decision by a system of permitting or denying access to a particular resource on the system
Enticement
Examples of technical security components
Authorization
Mandatory
46. System of law based upon precedence - with major divisions of criminal - tort - and administrative
Common Law
Business Continuity Program
Injection
Alert/Alarm
47. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
Orange Book D Classification
MOM
Twisted Pair
ISO/IEC 27001
48. Of a system without prior knowledge by the tester or the tested
Education
Double Blind Testing
Multi-Tasking
ITSEC
49. To evaluate the current situation and make basic decisions as to what to do
Work Factor
Checksum
Triage
Standard
50. Record of system activity - which provides for monitoring and detection.
Byte Level Deletion
Non-Interference
Log
Remote Journaling