SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Measures followed to restore critical functions following a security incident.
Incident
Security Blueprint
Recovery
Policy
2. Highest level of authority at EOC with knowledge of the business process and the resources available
Algorithm
Conflict Of Interest
EMI
Incident Manager
3. Scrambled form of the message or data
Operational Impact Analysis
Cipher Text
Operational Test
Operational
4. Control type- that is communication based - typically written or oral
Embedded
Total Risk
Administrative
Non-Interference
5. Effort/time needed to overcome a protective measure
Work Factor
Buffer Overflow
Total Risk
Masquerading
6. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
Control
Digital Signature
IP Fragmentation
True Attack Stimulus
7. High frequency noise
Ring Protection
The ACID Test
Security Clearance
Electromagnetic Interference (EMI)
8. OOP concept of a template that consist of attributes and behaviors
Discretionary Access Control (DAC)
Operational
Data Recovery
Class
9. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Critical Records
Cryptology
Key Space
Multi-Core
10. Low level - pertaining to planning
Lattice
Tactical
Moore's Law
Non-Repudiation
11. Define the way in which the organization operates.
Proprietary
Concentrator
3 Types of harm Addressed in computer crime laws
Running Key
12. Event(s) that cause harm
Cookie
Orange Book A Classification
Incident
Entrapment
13. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
Stopped
Brownout
ISO/IEC 27001
File Extension
14. Consume resources to a point of exhaustion - loss of availability
Operational Exercise
Denial Of Service
Concentrator
Deadlock
15. Object reuse protection and auditing
Eavesdropping
Hard Disk
Orange Book C2 Classification
Method
16. A choice in risk management - to convince another to assume risk - typically by payment
Transfer
Detective
Classification
Microwave
17. A control before attack
Safeguard
False Negative
Threat Agent
Disaster Recovery Plan
18. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Distributed Processing
Call Tree
IP Fragmentation
ISO/IEC 27002
19. Object based description of a system or a collection of resources
Access Control Matrix
Standard
Service Bureau
Desk Check Test
20. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Workaround Procedures
TNI (Red Book)
Voice Over IP (VOIP)
Reciprocal Agreement
21. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas
Polyalphabetic
Byte Level Deletion
Permutation /Transposition
Incident Response Team
22. Long term knowledge building
Education
False Attack Stimulus
Surveillance
War Dialing
23. To evaluate the current situation and make basic decisions as to what to do
Internal Use Only
Life Cycle of Evidence
Transients
Triage
24. A template for the designing the architecture
Security Blueprint
Discretionary
Consistency
Burn
25. Initial surge of current
Inrush Current
Firewalls
JPEG (Joint Photographic Experts Group)
Access Control Matrix
26. Act of luring an intruder and is legal.
Enticement
Binary
File Server
Burn
27. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
False Attack Stimulus
Forward Recovery
Emergency Procedures
Assembler
28. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.
File Shadowing
TEMPEST
Object
Data Warehouse
29. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Business Unit Recovery
Open Mail Relay Servers
Object
Concentrator
30. Just enough access to do the job
Code
Hot Spares
Masquerading
Least Privilege
31. Trading one for another
Substitution
Authentication
Discretionary
Strong Authentication
32. OOP concept of a taking attributes from the original or parent
Sequence Attacks
Full-Interruption test
Inheritance
Shadowing (file shadowing)
33. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.
Site Policy Awareness
Business Interruption Insurance
Security Blueprint
Sag/Dip
34. Try a list of words in passwords or encryption keys
Residual Risk
Dictionary Attack
Degauss
Computer Forensics
35. To reduce fire
Transients
Transfer
Fire Suppression
Polymorphism
36. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.
Twisted Pair
Common Law
File Shadowing
Vulnerability
37. Data or interference that can trigger a false positive
Noise
War Driving
Honeynet
Multilevel Security System
38. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
Vital Record
Bridge
Computer System Evidence
Event
39. Lower frequency noise
Phishing
Radio Frequency Interference (RFI)
Polymorphism
Labeling
40. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Vital Record
Domain
Business Records
Emergency Operations Center (EOC)
41. A form of data hiding which protects running threads of execution from using each other's memory
Fiber Optics
Hot Spares
File Extension
Process Isolation
42. Potential danger to information or systems
Lattice
System Downtime
Threats
Mixed Law System
43. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
Restoration
Criminal Law
Directive
Proxies
44. More than one CPU on a single board
Multi-Core
Primary Storage
TEMPEST
Coaxial Cable
45. Policy or stated actions
Due Care
Virtual Memory
Threats
Decipher
46. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
Risk Mitigation
Mitigate
Full-Interruption test
Security Domain
47. An image compression standard for photographs
Digital Certificate
JPEG (Joint Photographic Experts Group)
Generator
Administrative Law
48. Written internalized or nationalized norms that are internal to an organization
Concatenation
Assembler
Standard
Stopped
49. Real-time - automatic and transparent backup of data.
Remote Journaling
Business Interruption
Territoriality
Critical Records
50. To start business continuity processes
One Time Pad
Activation
Business Impact Assessment (BIA)
Proprietary
