SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A database backup type which records at the transaction level
Data Integrity
Business Impact Assessment (BIA)
Remote Journaling
Standard
2. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
Aggregation
Boot (V.)
File Server
Critical Functions
3. Wrong against society
Fire Classes
Data Backup Strategies
Criminal Law
Vulnerability
4. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept
Ring Protection
Concatenation
Elements of Negligence
Access Control Lists
5. Moving letters around
Asymmetric
Adware
Permutation /Transposition
Walk Though
6. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc
Full-Interruption test
Dangling Pointer
Critical Infrastructure
EMI
7. A copy of transaction data - designed for querying and reporting
Data Warehouse
Voice Over IP (VOIP)
Workaround Procedures
Digital Signature
8. Threats x Vulnerability x Asset Value = Total Risk
Total Risk
Need-To-Know
Data Backups
Simulation Test
9. More than one CPU on a single board
Detective
Multi-Core
Threats
Surveillance
10. Vehicle or tool that exploits a weakness
Threats
Separation Of Duties
Chain Of Custody
Copyright
11. The first rating that requires security labels
Restoration
Orange Book B1 Classification
Civil Or Code Law
Man-In-The-Middle Attack
12. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur
Failure Modes and Effect Analysis (FEMA)
Checkpoint
Twisted Pair
Forensic Copy
13. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
Revocation
Electronic Vaulting
ITSEC
ff Site
14. Something that happened
Event
Surveillance
Concentrator
Firewall
15. With enough computing power trying all possible combinations
Brute Force
Secondary Storage
Multi-Core
Worm
16. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Concentrator
Critical Records
Examples of non-technical security components
Identification
17. For PKI - decertify an entities certificate
Revocation
Injection
Atomicity
Capability Tables
18. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Bollard
Denial Of Service
Orange Book C Classification
Non-Discretionary Access Control
19. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.
Deleted File
Rootkit
Routers
Inference
20. Sphere of influence
Permutation /Transposition
Cross-Site Scripting
Domain
Accountability
21. Vehicle stopping object
Archival Data
Restoration
Bollard
Moore's Law
22. A risk assessment method - intrinsic value
Qualitative
Aggregation
Cookie
Multi-Programming
23. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware
Alternate Data Streams (File System Forks)
Cross-Site Scripting
Running
EMI
24. Claiming another's identity at a physical level
Kerberos
Secondary Storage
Aggregation
Masquerading
25. Eavesdropping on network communications by a third party.
Tapping
File Sharing
Containment
Deletion
26. People protect their domain
Service Bureau
Patch Panels
Territoriality
ISO/IEC 27002
27. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Encryption
Labeling
Remote Journaling
Degauss
28. Process of statistically testing a data set for the likelihood of relevant information.
3 Types of harm Addressed in computer crime laws
Process Isolation
Sampling
Alarm Filtering
29. Control category- to record an adversary's actions
Redundant Servers
Control
Kerberos
Detective
30. A backup of data located where staff can gain access immediately
Change Control
Disaster Recovery Plan
On-Site
Eavesdropping
31. A risk assessment method - measurable real money cost
Technical Access Controls
Quantitative
Supervisor Mode (monitor - system - privileged)
Electromagnetic Interference (EMI)
32. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
Shadowing (file shadowing)
Alternate Site
Masked/Interruptible
3 Types of harm Addressed in computer crime laws
33. What is will remain - persistence
Cryptovariable
Durability
Active Data
Denial Of Service
34. Actions measured against either a policy or what a reasonable person would do
Disaster Recovery Teams (Business Recovery Teams)
IDS Intrusion Detection System
Deletion
Due Diligence
35. Hitting a filed down key in a lock with a hammer to open without real key
Embedded Systems
Bumping
Plan Maintenance Procedures
Access Control Attacks
36. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
Switches
Technical Access Controls
Source Routing Exploitation
Checklist Test (desk check)
37. To move from location to location - keeping the same function
Job Rotation
Recovery Period
Simulation
Archival Data
38. Written suggestions that direct choice to a few alternatives
Kerberos
Vital Record
Guidelines
Qualitative
39. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
Masked/Interruptible
Degauss
Administrative Laws
Concentrator
40. Substitution at the word or phrase level
Substitution
Metadata
Burn
Code
41. A technology that reduces the size of a file.
Digital Certificate
Complete
Compression
Secondary Storage
42. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Physical Tampering
Civil Law
Legacy Data
Birthday Attack
43. A covert storage channel on the file attribute
Desk Check Test
Bridge
Patch Management
Alternate Data Streams (File System Forks)
44. Summary of a communication for the purpose of integrity
Shadowing (file shadowing)
Message Digest
Encipher
Countermeasure
45. Collection of data on business functions which determines the strategy of resiliency
IP Address Spoofing
Business Impact Assessment (BIA)
True Attack Stimulus
Tracking
46. Evidence must be: admissible - authentic - complete - accurate - and convincing
Asymmetric
Patch Panels
User Mode (problem or program state)
5 Rules Of Evidence
47. Policy or stated actions
Simulation Test
Business Unit Recovery
Due Care
Business Interruption Insurance
48. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Residual Risk
Full Test (Full Interruption)
Aggregation
Journaling
49. To reduce fire
Fire Suppression
Twisted Pair
Inference
Recovery
50. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Surveillance
Top Secret
Business Continuity Planning (BCP)
Incident
