SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Calculation encompassing threats - vulnerabilities and assets
Sequence Attacks
Total Risk
Recovery Point Objective (RPO)
Honeypot
2. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Service Bureau
Satellite
UPS
Civil Law
3. Property that data is represented in the same manner at all times
Identification
Service Bureau
Consistency
Monitor
4. Encryption system using shared key/private key/single key/secret key
Hijacking
Polyalphabetic
Triage
Symmetric
5. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
Shielding
Evidence
Physical Tampering
Sharing
6. Object based description of a system or a collection of resources
Access Control Matrix
Access Control Attacks
Critical Infrastructure
Emergency Procedures
7. Malware that subverts the detective controls of an operating system
Key Clustering
Least Privilege
Voice Over IP (VOIP)
Rootkit
8. OOP concept of a distinct copy of the class
Modification
Object
Picking
File Server
9. A control after attack
Countermeasure
Vital Record
Data Recovery
Shadowing (file shadowing)
10. To create a copy of data as a precaution against the loss or damage of the original data.
Key Management
Backup
Simulation
Security Kernel
11. Lower frequency noise
Qualitative
Radio Frequency Interference (RFI)
Due Diligence
Convincing
12. Line noise that is superimposed on the supply circuit.
Integrated Test
Transients
Blind Testing
Countermeasure
13. Subjects will not interact with each other's objects
Durability
Non-Interference
Least Privilege
Interpreter
14. The collection and summation of risk data relating to a particular asset and controls for that asset
The ACID Test
Storage Area Network (SAN)
Risk Assessment
Interference (Noise)
15. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
Critical Functions
Logic Bomb
Waterfall
Trade Secret
16. Encryption system using a pair of mathematically related unequal keys
Asymmetric
Emergency
Race Condition
Business Impact Assessment (BIA)
17. Small data files written to a user's hard drive by a web server.
Cookie
Noise
Emanations
Identification
18. Object reuse protection and auditing
Job Training
File Sharing
Protection
Orange Book C2 Classification
19. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Generator
Change Control
Authentic
Record Level Deletion
20. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
SYN Flooding
Administrative Access Controls
Due Diligence
Declaration
21. Intellectual property protection for an invention
Patent
SYN Flooding
Eavesdropping
Criminal Law
22. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
Computer System Evidence
Forward Recovery
Control Category
ISO/IEC 27002
23. A backup of data located where staff can gain access immediately
On-Site
Workaround Procedures
Business Records
Data Custodian
24. Identification and notification of an unauthorized and/or undesired action
IP Address Spoofing
Deleted File
Administrative
Detection
25. The hard drive
Digital Certificate
Secondary Storage
Orange Book B2 Classification
Public Key Infrastructure (PKI)
26. For PKI - to have more than one person in charge of a sensitive function
Permutation /Transposition
Mantrap (Double Door System)
Residual Data
Multi-Party Control
27. A process state - (blocked) needing input before continuing
Residual Risk
Wait
Alternate Site
Polymorphism
28. Dedicated fast memory located on the same board as the CPU
Faraday Cage/ Shield
Encapsulation
CPU Cache
Kernel
29. To jump to a conclusion
Disk Mirroring
Exposure
Cryptography
Inference
30. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Physical Tampering
Running
Criminal Law
Life Cycle of Evidence
31. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.
Teardrop
Workaround Procedures
Redundant Servers
Byte
32. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Orange Book D Classification
Copyright
Access Point
Monitor
33. Data or interference that can trigger a false positive
Threat Agent
Noise
Fire Classes
Smurf
34. Prolonged loss of commercial power
Twisted Pair
Blackout
False (False Positive)
Multi-Core
35. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.
Bridge
Top Secret
Worldwide Interoperability for Microwave Access (WI-MAX )
Attacker (Black hat - Hacker)
36. Short period of low voltage.
Emergency Operations Center (EOC)
Sag/Dip
Information Technology Security Evaluation Criteria - ITSEC
Patent
37. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Job Rotation
Exercise
Central Processing Unit (CPU)
Discretionary Access Control (DAC)
38. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.
Custodian
Domain
IP Address Spoofing
Orange Book A Classification
39. A state where two subjects can access the same object without proper mediation
Hard Disk
Shadowing (file shadowing)
Radio Frequency Interference (RFI)
Race Condition
40. To reduce sudden rises in current
Deadlock
Chain of Custody
Surge Suppressor
Territoriality
41. Two certificate authorities that trust each other
Multi-Processor
Emanations
Cross Certification
Atomicity
42. Planning with a goal of returning to the normal business function
Multi-Programming
Ethics
User Mode (problem or program state)
Restoration
43. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Non-Interference
Business Recovery Timeline
Collisions
Boot (V.)
44. Natural or human-readable form of message
Concentrator
Electromagnetic Interference (EMI)
Plain Text
Classification Scheme
45. Written step-by-step actions
Procedure
Rootkit
Containment
IP Address Spoofing
46. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
Analysis
Application Programming Interface
Risk Mitigation
Sequence Attacks
47. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.
Microwave
Business Unit Recovery
Double Blind Testing
Classification Scheme
48. Recovery alternative - everything needed for the business function - except people and last backup
Trademark
Object
Rollback
Hot Site
49. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.
Running Key
Residual Data
Desk Check Test
Critical Records
50. Substitution at the word or phrase level
Containment
Disaster Recovery Teams (Business Recovery Teams)
Education
Code
