SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Business Continuity Steering Committee
Orange Book D Classification
Near Site
War Driving
2. A system that enforces an access control policy between two networks.
Firewalls
Codec
Integrated Test
Structured Walk-Through Test
3. A database backup type which records at the transaction level
Remote Journaling
Codec
Journaling
Access Control Matrix
4. Data or interference that can trigger a false positive
Alternate Site
Noise
Plan Maintenance Procedures
Test Plan
5. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Isolation
Twisted Pair
Polymorphism
Basics Of Secure Design
6. Encryption system using a pair of mathematically related unequal keys
Kerckhoff's Principle
Non-Repudiation
Asymmetric
On-Site
7. A technology that reduces the size of a file.
Countermeasure
Sharing
Compression
Spyware
8. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Tactical
Proxies
Business Continuity Steering Committee
Test Plan
9. Intermediate level - pertaining to planning
Cold Site
Keyed-Hashing For Message Authentication
Directive
Operational
10. Fault tolerance for power
Disaster
Generator
Open Mail Relay Servers
Shadowing (file shadowing)
11. To stop damage from spreading
Trademark
Event
Rogue Access Points
Containment
12. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.
Information Owner
Sniffing
Electronic Vaulting
Worldwide Interoperability for Microwave Access (WI-MAX )
13. System of law based upon what is good for society
Civil Or Code Law
Phishing
Site Policy
Durability
14. Communication of a security incident to stakeholders and data owners.
Notification
Trade Secret
Governance
Concatenation
15. A layer 2 device that used to connect two or more network segments and regulate traffic.
MOM
Running Key
Switches
Redundant Servers
16. Induces a crime - tricks a person - and is illegal
Entrapment
ISO/IEC 27001
Administrative Law
Maximum Tolerable Downtime (MTD)
17. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.
Alert/Alarm
Byte Level Deletion
Structured Walkthrough
The ACID Test
18. A hash that has been further encrypted with a symmetric algorithm
Deadlock
Keyed-Hashing For Message Authentication
Polyalphabetic
Voice Over IP (VOIP)
19. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Security Clearance
File Server
Surge
Recovery Period
20. A backup type - for databases at a point in time
Archival Data
Electronic Vaulting
Shadowing (file shadowing)
Business Interruption
21. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials
War Dialing
Administrative Laws
Method
IDS Intrusion Detection System
22. Recovery alternative which outsources a business function at a cost
Service Bureau
Sharing
Twisted Pair
Method
23. Information about data or records
Strategic
Plaintext
Guidelines
Metadata
24. A backup type which creates a complete copy
Mandatory
Twisted Pair
Replication
Eavesdropping
25. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.
Voice Over IP (VOIP)
Off-Site Storage
Interception
Custodian
26. Mitigate damage by isolating compromised systems from the network.
Containment
Administrative Law
Confidence Value
Directive
27. Consume resources to a point of exhaustion - loss of availability
Data Backups
Boot (V.)
Denial Of Service
User Mode (problem or program state)
28. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Emergency
Mobile Site
Masquerading
Marking
29. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Content Dependent Access Control
Compression
Classification Scheme
Business Records
30. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
Change Control
Recovery Strategy
Risk Mitigation
Source Routing Exploitation
31. Long term knowledge building
Education
Data Integrity
Atomicity
Compartmentalize
32. A subnetwork with storage devices servicing all servers on the attached network.
Mitigate
Maximum Tolerable Downtime (MTD)
Detective
Storage Area Network (SAN)
33. Written internalized or nationalized norms that are internal to an organization
Deterrent
Standard
Waterfall
Data Marts
34. Substitution at the word or phrase level
Stopped
Kerckhoff's Principle
Isolation
Code
35. Control category- to discourage an adversary from attempting to access
Policy
Deterrent
Fire Classes
Time Of Check/Time Of Use
36. Scrambled form of the message or data
Switches
Brouter
Degauss
Cipher Text
37. The principles a person sets for themselves to follow
Transfer
Worm
Ethics
ISO/IEC 27001
38. Threats x Vulnerability x Asset Value = Total Risk
Wait
Computer System Evidence
Total Risk
System Downtime
39. Written step-by-step actions
Fault
Data Owner
Blackout
Procedure
40. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
Modems
Incident
Legacy Data
Databases
41. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Simulation
Redundant Servers
Keyed-Hashing For Message Authentication
Private Branch Exchange (PBX)
42. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
Analysis
Alternate Site
SQL Injection
Public Key Infrastructure (PKI)
43. A programming device use in development to circumvent controls
Degauss
Trapdoors (Backdoors) (Maintenance Hooks)
Asymmetric
Framework
44. Natural or human-readable form of message
Mandatory Access Control (MAC)
Databases
Plain Text
Marking
45. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.
Orange Book A Classification
Repeaters
Boot (V.)
Payload
46. High level - pertaining to planning
Elements of Negligence
Orange Book C2 Classification
Pointer
Strategic
47. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.
Fiber Optics
Atomicity
Modems
Patch Management
48. Code breaking - practice of defeating the protective properties of cryptography.
Mandatory Access Control (MAC)
Cryptanalysis
Service Bureau
Information Flow Model
49. Inappropriate data
Key Escrow
Malformed Input
Hard Disk
Recovery Strategy
50. Independent malware that requires user interaction to execute
Monitor
Electrostatic Discharge
Reciprocal Agreement
Virus
