SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The chance that something negative will occur
Risk
Patent
Microwave
Risk Mitigation
2. A record that must be preserved and available for retrieval if needed.
Vital Record
Algorithm
Layering
Polyalphabetic
3. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
The ACID Test
Strong Authentication
Computer System Evidence
Recovery Period
4. Eavesdropping on network communications by a third party.
Evidence
Routers
Sniffing
Encryption
5. What is will remain - persistence
Durability
Data Warehouse
Warm Site
Cross Certification
6. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Integrated Test
Guidelines
Exercise
Voice Over IP (VOIP)
7. Line by line translation from a high level language to machine code
Cryptanalysis
Business Impact Assessment (BIA)
Interpreter
Application Programming Interface
8. A documented battle plan for coordinating response to incidents.
Bumping
Incident Handling
Logic Bomb
Denial Of Service
9. OOP concept of an object's abilities - what it does
Hub
Method
Territoriality
Job Training
10. Control category - more than one control on a single asset
Integrated Test
Computer Forensics
Compensating
Cryptanalysis
11. A layer 2 device that used to connect two network segments and regulate traffic.
Resumption
Bridge
Certificate Revocation List (CRL)
Plaintext
12. A secure connection to another network.
Gateway
Repeaters
System Life Cycle
Site Policy
13. A risk assessment method - intrinsic value
False (False Positive)
Collisions
Qualitative
Tort
14. The partial or full duplication of data from a source database to one or more destination databases.
Database Replication
Life Cycle of Evidence
Threat Agent
Digital Signature
15. A signal suggesting a system has been or is being attacked.
Polymorphism
Double Blind Testing
Alert/Alarm
Near Site
16. Controls deployed to avert unauthorized and/or undesired actions.
Prevention
Data Dictionary
Orange Book A Classification
Covert Channel
17. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Distributed Processing
Coaxial Cable
Plaintext
Remote Journaling
18. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
3 Types of harm Addressed in computer crime laws
TCSEC (Orange Book)
Covert Channel
Fire Prevention
19. RADIUS - TACACS+ - Diameter
Operational Test
Centralized Access Control Technologies
Classification
Vulnerability
20. A protocol for the efficient transmission of voice over the Internet
Alert
Voice Over IP (VOIP)
Security Kernel
Walk Though
21. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Electrostatic Discharge
Emergency
Complete
Picking
22. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Data Owner
Desk Check Test
Spam
Overlapping Fragment Attack
23. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.
Initialization Vector
Data Recovery
File Server
Conflict Of Interest
24. Employment education done once per position or at significant change of function
Fraggle
Message Digest
Burn
Job Training
25. Most granular organization of controls
Control Category
Access Control Lists
Access Point
Forensic Copy
26. A electronic attestation of identity by a certificate authority
Compiler
Digital Certificate
Polyalphabetic
Data Leakage
27. Pertaining to law - lending it self to one side of an argument
Digital Certificate
Top Secret
Convincing
Sniffing
28. Potentially compromising leakage of electrical or acoustical signals.
Domain
Emanations
Transients
Remanence
29. Granular decision by a system of permitting or denying access to a particular resource on the system
Noise
Log
Authorization
Spiral
30. Converts source code to an executable
War Dialing
Compiler
Certification
Business Continuity Steering Committee
31. Effort/time needed to overcome a protective measure
Botnet
Wireless Fidelity (Wi-Fi )
Work Factor
Business Unit Recovery
32. Collection of data on business functions which determines the strategy of resiliency
Prevention
Data Dictionary
Business Impact Assessment (BIA)
Side Channel Attack
33. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
Site Policy Awareness
Twisted Pair
Standalone Test
Data Custodian
34. An image compression standard for photographs
Man-In-The-Middle Attack
JPEG (Joint Photographic Experts Group)
Shift Cipher (Caesar)
Recovery Point Objective (RPO)
35. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Uninterruptible Power Supply (UPS)
Embedded Systems
Isolation
Rogue Access Points
36. For PKI - to store another copy of a key
Exposure
Cookie
Shadowing (file shadowing)
Key Escrow
37. A process state - to be executing a process on the CPU
System Life Cycle
Compensating
Governance
Running
38. Communicate to stakeholders
Botnet
Investigation
Debriefing/Feedback
Contingency Plan
39. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
Virus
High-Risk Areas
Multi-Processor
Administrative Laws
40. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Domain
Network Attached Storage (NAS)
Prevention
Walk Though
41. A design methodology which executes in a linear one way fashion
Waterfall
Dictionary Attack
Application Programming Interface
Lattice
42. Control type- that is communication based - typically written or oral
Electronic Vaulting
Routers
Administrative
UPS
43. High level design or model with a goal of consistency - integrity - and balance
Alert/Alarm
Repeaters
Architecture
Discretionary
44. Converts a high level language into machine language
Orange Book C2 Classification
Detection
Assembler
Targeted Testing
45. Unchecked data which spills into another location in memory
Data Leakage
Buffer Overflow
Fire Classes
Safeguard
46. A risk assessment method - measurable real money cost
Quantitative
Bumping
Electronic Vaulting
Full-Interruption test
47. Process whereby data is removed from active files and other data storage structures
Secondary Storage
Event
Deletion
Failure Modes and Effect Analysis (FEMA)
48. Deals with discretionary protection
Database Replication
BCP Testing Drills and Exercises
Orange Book C Classification
Incident Response Team
49. The guardian of asset(s) - a maintenance activity
Custodian
Critical Infrastructure
Triage
Proxies
50. A collection of data or information that has a name
Civil Or Code Law
Embedded
Transients
File
