SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A race condition where the security changes during the object's access
Masquerading
Man-In-The-Middle Attack
CobiT
Time Of Check/Time Of Use
2. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
Teardrop
Disk Mirroring
False Negative
ISO/IEC 27002
3. Alerts personnel to the presence of a fire
Crisis
BCP Testing Drills and Exercises
3 Types of harm Addressed in computer crime laws
Fire Detection
4. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Access Control
Control Type
Classification
Recovery Point Objective (RPO)
5. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Analysis
Injection
Access Point
Hard Disk
6. A process state - to be either be unable to run waiting for an external event or terminated
Stopped
Recovery Strategy
Disaster Recovery Teams (Business Recovery Teams)
Overlapping Fragment Attack
7. Memory management technique that allows two processes to run concurrently without interaction
Reference Monitor
Protection
Guidelines
Consistency
8. To start business continuity processes
Fiber Optics
Surveillance
Governance
Activation
9. A failure of an IDS to detect an actual attack
Backup
Aggregation
Business Continuity Steering Committee
False Negative
10. Data or interference that can trigger a false positive
Information Technology Security Evaluation Criteria - ITSEC
Noise
Work Factor
Tar Pits
11. Pertaining to law - accepted by a court
Disaster Recovery Plan
Admissible
File Server
Examples of non-technical security components
12. Trading one for another
Kerckhoff's Principle
Capability Tables
Substitution
Life Cycle of Evidence
13. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions
Plain Text
Deadlock
Resumption
Proxies
14. A type of multitasking that allows for more even distribution of computing time among competing request
Dangling Pointer
Machine Language (Machine Code)
Classification Scheme
Preemptive
15. To stop damage from spreading
Intrusion Prevention Systems
Containment
Patent
Sampling
16. Real-time - automatic and transparent backup of data.
Cross Training
Remote Journaling
Privacy Laws
Aggregation
17. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
Virtual Memory
Hot Site
File Server
Recovery
18. An unintended communication path
3 Types of harm Addressed in computer crime laws
Deleted File
Convincing
Covert Channel
19. Guidelines within an organization that control the rules and configurations of an IDS
Site Policy
Interference (Noise)
Analysis
Bridge
20. Forgery of the sender's email address in an email header.
Chain Of Custody
DR Or BC Coordinator
E-Mail Spoofing
Physical Tampering
21. A system that enforces an access control policy between two networks.
Business Interruption
High-Risk Areas
Firewalls
Data Dictionary
22. Calculation encompassing threats - vulnerabilities and assets
Workaround Procedures
Total Risk
Reference Monitor
Process Isolation
23. An administrative unit or a group of objects and subjects controlled by one reference monitor
Databases
Security Domain
Off-Site Storage
Orange Book B1 Classification
24. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.
Data Dictionary
Event
Administrative Law
Simulation Test
25. Eavesdropping on network communications by a third party.
Business Continuity Program
Infrastructure
Tapping
Liability
26. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Degauss
Business Recovery Timeline
Initialization Vector
Notification
27. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
ff Site
Rogue Access Points
Electromagnetic Interference (EMI)
Total Risk
28. Security policy - procedures - and compliance enforcement
Trademark
Phishing
Examples of non-technical security components
Modems
29. A Denial of Service attack that floods the target system with connection requests that are not finalized.
SYN Flooding
Criminal Law
Security Clearance
Disaster Recovery Plan
30. Key
Change Control
Cryptovariable
SQL Injection
Denial Of Service
31. Process whereby data is removed from active files and other data storage structures
Warm Site
Deleted File
Deletion
Algorithm
32. A record that must be preserved and available for retrieval if needed.
Capability Tables
Vital Record
Site Policy Awareness
Concatenation
33. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Alternate Site
Hijacking
IP Fragmentation
Tar Pits
34. A backup type which creates a complete copy
Sniffing
Replication
Orange Book C Classification
Disaster Recovery Plan
35. Long term knowledge building
Waterfall
War Dialing
Business Unit Recovery
Education
36. Return to a normal state
Authentic
Open Mail Relay Servers
Recovery
Pointer
37. Provides a physical cross connect point for devices.
Data Backups
Patch Panels
Recovery
Confidence Value
38. The managerial approval to operate a system based upon knowledge of risk to operate
Blind Testing
Accreditation
Worldwide Interoperability for Microwave Access (WI-MAX )
Switches
39. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
Ethics
Control Category
Multi-Programming
Data Warehouse
40. Induces a crime - tricks a person - and is illegal
Cookie
TNI (Red Book)
Entrapment
Time Of Check/Time Of Use
41. A design methodology which executes in a linear one way fashion
Phishing
Waterfall
Accurate
Emergency Operations Center (EOC)
42. Evidence must be: admissible - authentic - complete - accurate - and convincing
Alternate Data Streams (File System Forks)
Top Secret
5 Rules Of Evidence
Capability Tables
43. Record of system activity - which provides for monitoring and detection.
Log
2-Phase Commit
Mirrored Site
Key Space
44. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.
Fiber Optics
Exercise
Burn
Initialization Vector
45. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Hard Disk
Guidelines
High-Risk Areas
Relocation
46. To smooth out reductions or increases in power
Data Diddler
Threats
UPS
Secondary Storage
47. Small data warehouse
Marking
Key Space
War Dialing
Data Marts
48. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.
Standard
File Shadowing
Alert/Alarm
Emergency Operations Center (EOC)
49. Descrambling the encrypted message with the corresponding key
Decipher
Strong Authentication
Chain Of Custody
File Sharing
50. Of a system without prior knowledge by the tester or the tested
Alarm Filtering
Classification
Double Blind Testing
Mixed Law System
