SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Residual Data
Tar Pits
Plan Maintenance Procedures
Interpreter
2. A electronic attestation of identity by a certificate authority
Waterfall
File Level Deletion
Digital Certificate
Surge
3. To smooth out reductions or increases in power
Mirrored Site
Common Law
Information Risk Management (IRM)
UPS
4. Weakness or flaw in an asset
True Attack Stimulus
SQL Injection
IP Fragmentation
Vulnerability
5. Written core statements that rarely change
Policy
Executive Succession
Business Unit Recovery
Incident Response
6. With enough computing power trying all possible combinations
Business Recovery Timeline
Brute Force
Business Impact Analysis
Territoriality
7. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Kerberos
Trojan Horse
Cross Certification
CPU Cache
8. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Sequence Attacks
Discretionary
Copyright
Incident Response
9. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Aggregation
Data Backup Strategies
Operational
Buffer Overflow
10. Short period of low voltage.
Kernel
Standalone Test
Private Branch Exchange (PBX)
Sag/Dip
11. Vehicle or tool that exploits a weakness
IP Address Spoofing
Cryptanalysis
Reference Monitor
Threats
12. Subject based description of a system or a collection of resources
Marking
Gateway
Capability Tables
Highly Confidential
13. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.
Aggregation
Strategic
Risk Assessment / Analysis
Sampling
14. Inference about encrypted communications
Side Channel Attack
Control Type
Compiler
Monitor
15. A state where two subjects can access the same object without proper mediation
Detection
Race Condition
Replication
Life Cycle of Evidence
16. Intellectual property protection for an confidential and critical process
Exposure
Trade Secret
Hub
Database Replication
17. More than one process in the middle of executing at a time
Convincing
Concatenation
Multi-Tasking
Forensic Copy
18. DoS - Spoofing - dictionary - brute force - wardialing
Brute Force
Hearsay Evidence
Information Flow Model
Access Control Attacks
19. The first rating that requires security labels
Orange Book B1 Classification
Access Control Lists
Man-In-The-Middle Attack
Business Continuity Steering Committee
20. Sudden rise in voltage in the power supply.
Capability Tables
Multi-Processor
Classification Scheme
Surge
21. Try a list of words in passwords or encryption keys
Dictionary Attack
Targeted Testing
Double Blind Testing
Record Level Deletion
22. Intermediate level - pertaining to planning
Authentication
Digital Signature
Operational
Total Risk
23. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
Job Rotation
Sag/Dip
Virtual Memory
Computer System Evidence
24. One of the key benefits of a network is the ability to share files stored on the server among several users.
Administrative Access Controls
Fragmented Data
Tar Pits
File Sharing
25. A system that enforces an access control policy between two networks.
IP Fragmentation
Enticement
Firewalls
Covert Channel
26. More than one CPU on a single board
Multi-Core
Fiber Optics
Privacy Laws
Qualitative
27. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
Satellite
Initialization Vector
TNI (Red Book)
ff Site
28. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.
Side Channel Attack
Redundant Servers
Binary
Damage Assessment
29. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
IP Address Spoofing
Buffer Overflow
Private Branch Exchange (PBX)
Risk Mitigation
30. To assert or claim credentialing to an authentication system
DR Or BC Coordinator
Identification
5 Rules Of Evidence
Mandatory Access Control (MAC)
31. Line by line translation from a high level language to machine code
Concatenation
Interpreter
Birthday Attack
Change Control
32. Deals with discretionary protection
Business Interruption
Tracking
Orange Book C Classification
Mandatory Vacations
33. A system designed to prevent unauthorized access to or from a private network.
Business Interruption Insurance
Code
Quantitative Risk Analysis
Firewall
34. Two certificate authorities that trust each other
Electrostatic Discharge
Threats
Cross Certification
Triage
35. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.
File Server
Control Category
Shadowing (file shadowing)
Basics Of Secure Design
36. For PKI - to store another copy of a key
Privacy Laws
Access Control Attacks
Key Escrow
Burn
37. The guardian of asset(s) - a maintenance activity
Custodian
Compartmentalize
Business Impact Analysis
Multi-Processor
38. Something that happened
Event
Overlapping Fragment Attack
Salami
Patch Management
39. A software design technique for abstraction of a process
Emergency
Detection
Access Control Lists
Data Hiding
40. OOP concept of a class's details to be hidden from object
Database Shadowing
Declaration
Tapping
Encapsulation
41. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
MOM
Denial Of Service
Business Continuity Planning (BCP)
Patent
42. A BCP testing type - (structured walkthrough) - a test that answers the question: Is everything need for recovery available?
Recovery Strategy
Basics Of Secure Design
Walk Though
File Shadowing
43. Recovery alternative - a building only with sufficient power - and HVAC
Worldwide Interoperability for Microwave Access (WI-MAX )
IP Address Spoofing
Cold Site
Hash Function
44. Narrow scope examination of a system
Preemptive
Orange Book C2 Classification
Targeted Testing
Accountability
45. Someone who wants to cause harm
Masquerading
Forward Recovery
Attacker (Black hat - Hacker)
Workaround Procedures
46. Program instructions based upon the CPU's specific architecture
Key Escrow
Machine Language (Machine Code)
Business Unit Recovery
Inheritance
47. Eight bits.
Disaster
Threat Agent
Non-Repudiation
Byte
48. The event signaling an IDS to produce an alarm when no attack has taken place
Deadlock
False Attack Stimulus
Open Mail Relay Servers
Spyware
49. Intellectual property protection for marketing efforts
Risk Assessment
Bridge
Trademark
Orange Book C2 Classification
50. A layer 3 device that used to connect two or more network segments and regulate traffic.
Processes are Isolated By
Routers
Trapdoors (Backdoors) (Maintenance Hooks)
Policy