SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Trading one for another
Parallel Test
Permutation /Transposition
Substitution
Databases
2. To load the first piece of software that starts a computer.
Centralized Access Control Technologies
Race Condition
Boot (V.)
Administrative Access Controls
3. A control before attack
Safeguard
Total Risk
Record Level Deletion
Compiler
4. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Multi-Processor
Emanations
Phishing
Accountability
5. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Integrated Test
Interception
Checkpoint
Administrative Law
6. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Orange Book D Classification
Class
Centralized Access Control Technologies
Data Dictionary
7. Inappropriate data
Simulation Test
Residual Risk
Hard Disk
Malformed Input
8. Recovery alternative - a building only with sufficient power - and HVAC
Microwave
Cold Site
Admissible
Cross Training
9. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.
Interception
Business Continuity Program
Alternate Site
Worldwide Interoperability for Microwave Access (WI-MAX )
10. Controls for termination of attempt to access object
Strong Authentication
Proxies
Data Dictionary
Intrusion Prevention Systems
11. Less granular organization of controls -
Control Type
Aggregation
Critical Infrastructure
Hub
12. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Recovery Strategy
Concatenation
Disaster
E-Mail Spoofing
13. Just enough access to do the job
Locard's Principle
Multiplexers
Job Rotation
Least Privilege
14. A program with an inappropriate second purpose
Blackout
Embedded Systems
Memory Management
Trojan Horse
15. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Corrective
War Dialing
Classification Scheme
Data Recovery
16. Substitution at the word or phrase level
Database Shadowing
Business Impact Analysis
Identification
Code
17. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Infrastructure
Certificate Revocation List (CRL)
Data Backup Strategies
Time Of Check/Time Of Use
18. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
SYN Flooding
Infrastructure
Accreditation
Computer System Evidence
19. Hitting a filed down key in a lock with a hammer to open without real key
Business Interruption Insurance
Bumping
Complete
Accountability
20. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
Transfer
Detective
Algorithm
File Extension
21. Eight bits.
Fire Suppression
Bridge
Byte
Race Condition
22. Abstract and mathematical in nature - defining all possible states - transitions and operations
Need-To-Know
Mandatory Access Control (MAC)
State Machine Model
Embedded Systems
23. May be responsible for overall recovery of an organization or unit(s).
Mobile Recovery
DR Or BC Coordinator
Masquerading
Transfer
24. Real-time - automatic and transparent backup of data.
Proprietary
Supervisor Mode (monitor - system - privileged)
Remote Journaling
Cache
25. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions
Resumption
Due Care
Key Management
File Server
26. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Centralized Access Control Technologies
Incident Response
Instance
False (False Positive)
27. Initial surge of current
Inrush Current
Machine Language (Machine Code)
Cache
Directive
28. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Privacy Laws
Top Secret
Access Control Lists
Record Level Deletion
29. A basic level of network access control that is based upon information contained in the IP packet header.
Packet Filtering
Object
Running
MOM
30. Location where coordination and execution of BCP or DRP is directed
Primary Storage
Data Owner
Emergency Operations Center (EOC)
Triage
31. Consume resources to a point of exhaustion - loss of availability
Failure Modes and Effect Analysis (FEMA)
Residual Risk
Denial Of Service
Masked/Interruptible
32. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Remanence
Quantitative Risk Analysis
Risk Mitigation
Business Interruption
33. Granular decision by a system of permitting or denying access to a particular resource on the system
Off-Site Storage
Control Type
Authorization
Physical Tampering
34. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
UPS
Risk Mitigation
Data Dictionary
Business Continuity Program
35. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Business Recovery Timeline
Elements of Negligence
Bit
Declaration
36. Reprogrammable basic startup instructions
Atomicity
Firmware
Honeypot
Threats
37. Using many alphabets
Waterfall
Honeypot
Cryptology
Polyalphabetic
38. The first rating that requires security labels
Standard
Orange Book B1 Classification
Revocation
Threat Agent
39. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Isolation
Business Continuity Steering Committee
Test Plan
Inference
40. Mitigate damage by isolating compromised systems from the network.
Trapdoors (Backdoors) (Maintenance Hooks)
Classification
Phishing
Containment
41. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
Digital Signature
Mirroring
Key Space
Access Control Matrix
42. A passive network attack involving monitoring of traffic.
Brouter
Alternate Data Streams (File System Forks)
Eavesdropping
Radio Frequency Interference (RFI)
43. Highest level of authority at EOC with knowledge of the business process and the resources available
Accurate
Encipher
Incident Manager
Acronym for American Standard Code for Information Interchange (ASCII)
44. Real-time data backup ( Data Mirroring)
Aggregation
Polymorphism
Criminal Law
Database Shadowing
45. Requirement of access to data for a clearly defined purpose
Need-To-Know
Critical Records
Trojan Horse
Total Risk
46. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Disaster
Operational Impact Analysis
Critical Records
Primary Storage
47. Specific format of technical and physical controls that support the chosen framework and the architecture
Electronic Vaulting
Infrastructure
Key Space
Processes are Isolated By
48. Code making
Cryptography
Discretionary Access Control (DAC)
Running
Threat Agent
49. To move from location to location - keeping the same function
Forensic Copy
Job Rotation
DR Or BC Coordinator
Failure Modes and Effect Analysis (FEMA)
50. OOP concept of a distinct copy of the class
Bit
False Negative
Object
Administrative Law