SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Consume resources to a point of exhaustion - loss of availability
Emergency Operations Center (EOC)
Framework
Primary Storage
Denial Of Service
2. Weakness or flaw in an asset
Routers
Plain Text
Cipher Text
Vulnerability
3. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Coaxial Cable
Cross-Site Scripting
Switches
Declaration
4. Two certificate authorities that trust each other
High-Risk Areas
Compression
Byte
Cross Certification
5. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.
Bit
HTTP Response Splitting
Event
Mobile Site
6. Just enough access to do the job
Least Privilege
Orange Book B1 Classification
Certification
File Server
7. To know more than one job
Isolation
Surge Suppressor
Cross Training
Threads
8. A BCP testing type - (structured walkthrough) - a test that answers the question: Is everything need for recovery available?
Denial Of Service
IP Address Spoofing
Patch Panels
Walk Though
9. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware
Investigation
Cross-Site Scripting
Mandatory Vacations
Teardrop
10. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
System Life Cycle
Business Impact Assessment (BIA)
Multilevel Security System
Business Continuity Planning (BCP)
11. Hitting a filed down key in a lock with a hammer to open without real key
Data Dictionary
Hearsay Evidence
Key Escrow
Bumping
12. A physical enclosure for verifying identity before entry to a facility
Encryption
Mantrap (Double Door System)
CPU Cache
Attacker (Black hat - Hacker)
13. Location where coordination and execution of BCP or DRP is directed
Emergency Operations Center (EOC)
Containment
Honeynet
Firewall
14. To evaluate the current situation and make basic decisions as to what to do
Cold Site
Radio Frequency Interference (RFI)
Mission-Critical Application
Triage
15. The principles a person sets for themselves to follow
Prevention
Common Law
Crisis
Ethics
16. Statistical probabilities of a collision are more likely than one thinks
Territoriality
Checklist Test (desk check)
Birthday Attack
Honeypot
17. Quantity of risk remaining after a control is applied
Log
Architecture
Residual Risk
Remote Access Trojan
18. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components
Site Policy
Processes are Isolated By
Masked/Interruptible
Hard Disk
19. A program with an inappropriate second purpose
Eavesdropping
Trojan Horse
UPS
Detective
20. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept
Acronym for American Standard Code for Information Interchange (ASCII)
False (False Positive)
Ring Protection
CobiT
21. Employment education done once per position or at significant change of function
Job Training
Data Backups
Active Data
Journaling
22. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
State Machine Model
IDS Intrusion Detection System
Emergency
CobiT
23. A process state - to be either be unable to run waiting for an external event or terminated
Metadata
Discretionary
Stopped
Fire Prevention
24. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
Processes are Isolated By
Memory Management
Call Tree
Certificate Revocation List (CRL)
25. Record history of incident
Fiber Optics
Tracking
Structured Walkthrough
Buffer Overflow
26. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Sag/Dip
Microwave
Access Control Matrix
Worldwide Interoperability for Microwave Access (WI-MAX )
27. A choice in risk management - to convince another to assume risk - typically by payment
Transfer
Tort
Incident
Mantrap (Double Door System)
28. Unused storage capacity
Slack Space
Computer Forensics
Byte
Brouter
29. Of a system without prior knowledge by the tester or the tested
Trojan Horse
Fire Classes
CPU Cache
Double Blind Testing
30. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Protection
Residual Risk
Fraggle
Keystroke Logging
31. The first rating that requires security labels
Emergency
Orange Book B1 Classification
Mitigate
Transfer
32. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Acronym for American Standard Code for Information Interchange (ASCII)
Firmware
Tar Pits
Territoriality
33. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Executive Succession
Restoration
Computer Forensics
Kerckhoff's Principle
34. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due
Open Mail Relay Servers
Disaster Recovery Plan
Interception
Elements of Negligence
35. Intellectual property protection for the expression of an idea
Dangling Pointer
Site Policy
Copyright
Classification
36. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Cookie
Reciprocal Agreement
Criminal Law
Liability
37. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur
Operating
Failure Modes and Effect Analysis (FEMA)
Multi-Core
Data Integrity
38. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Information Technology Security Evaluation Criteria - ITSEC
Patch Panels
Layering
Mandatory Access Control (MAC)
39. One entity with two competing allegiances
Conflict Of Interest
Multiplexers
Revocation
Encryption
40. Wrong against society
Criminal Law
Non-Interference
Strong Authentication
Administrative
41. For PKI - to store another copy of a key
Simulation
Firmware
Rollback
Key Escrow
42. Written internalized or nationalized norms that are internal to an organization
Byte
Evidence
Standard
Chain of Custody
43. Object based description of a system or a collection of resources
Access Control Matrix
Labeling
Containment
Sag/Dip
44. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Risk Mitigation
Work Factor
Microwave
Network Attached Storage (NAS)
45. A copy of transaction data - designed for querying and reporting
Running
Byte Level Deletion
Analysis
Data Warehouse
46. A protocol for the efficient transmission of voice over the Internet
Information Risk Management (IRM)
Internal Use Only
Voice Over IP (VOIP)
Data Backup Strategies
47. Act of luring an intruder and is legal.
Brownout
Centralized Access Control Technologies
Checkpoint
Enticement
48. Scrambled form of the message or data
Cross-Site Scripting
Cipher Text
Dictionary Attack
Key Escrow
49. High level - pertaining to planning
Authorization
Dangling Pointer
Strategic
Firewall
50. To break a business process into separate functions and assign to different people
Separation Of Duties
Authentic
Satellite
Key Space
