SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Mandatory Access Control (MAC)
Fault
Pointer
Key Space
2. Planning with a goal of returning to the normal business function
Restoration
Remanence
Maximum Tolerable Downtime (MTD)
Full Test (Full Interruption)
3. Someone who wants to cause harm
Attacker (Black hat - Hacker)
Encapsulation
Business Impact Assessment (BIA)
Salami
4. Indivisible - data field must contain only one value that either all transactions take place or none do
Concentrator
Database Shadowing
Atomicity
Civil Law
5. Record of system activity - which provides for monitoring and detection.
Virtual Memory
Log
Strategic
Network Attached Storage (NAS)
6. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Redundant Servers
Blind Testing
Top Secret
Double Blind Testing
7. Induces a crime - tricks a person - and is illegal
Information Flow Model
Entrapment
Electrostatic Discharge
Steganography
8. Real-time data backup ( Data Mirroring)
Honeynet
Database Shadowing
Mock Disaster
Operating
9. Intellectual property management technique for identifying after distribution
Binary
Domain
ISO/IEC 27001
Watermarking
10. To segregate for the purposes of labeling
False Negative
Plain Text
Spiral
Compartmentalize
11. Joining two pieces of text
2-Phase Commit
Infrastructure
Concatenation
Computer Forensics
12. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Surveillance
Exposure
Keystroke Logging
Alert
13. Identification and notification of an unauthorized and/or undesired action
Detection
Key Escrow
Total Risk
Complete
14. To know more than one job
Salami
Operational Test
Accreditation
Cross Training
15. A backup type which creates a complete copy
Bit
Replication
Non-Discretionary Access Control
Certification
16. Return to a normal state
Entrapment
Firmware
Access Control Lists
Recovery
17. Momentary loss of power
Deletion
Fault
Multi-Party Control
Machine Language (Machine Code)
18. To collect many small pieces of data
Aggregation
Identification
Operational Exercise
ISO/IEC 27001
19. Alerts personnel to the presence of a fire
Labeling
Fault
Risk Assessment
Fire Detection
20. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Byte
Content Dependent Access Control
Masked/Interruptible
Operational Impact Analysis
21. With enough computing power trying all possible combinations
Brute Force
Basics Of Secure Design
Intrusion Detection Systems
Emergency Operations Center (EOC)
22. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials
Interpreter
Administrative Laws
Education
Attacker (Black hat - Hacker)
23. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Hard Disk
Least Privilege
Debriefing/Feedback
Mobile Site
24. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Discretionary Access Control (DAC)
Metadata
Containment
Masked/Interruptible
25. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Vulnerability
Forward Recovery
Information Risk Management (IRM)
Simulation Test
26. A database backup type which records at the transaction level
Cross-Site Scripting
ISO/IEC 27001
Remote Journaling
Threads
27. Process of statistically testing a data set for the likelihood of relevant information.
Risk Mitigation
Sampling
Incident Response Team
Denial Of Service
28. Independent malware that requires user interaction to execute
Change Control
Incident Handling
Brownout
Virus
29. A form of data hiding which protects running threads of execution from using each other's memory
Trojan Horse
Certification Authority
File Extension
Process Isolation
30. Wrong against society
Due Diligence
Multilevel Security System
Criminal Law
Recovery Period
31. Deals with discretionary protection
Cross-Site Scripting
Permutation /Transposition
True Attack Stimulus
Orange Book C Classification
32. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Analysis
Cryptovariable
Authorization
Simulation
33. A device that converts between digital and analog representation of data.
Bollard
Teardrop
Modems
Key Management
34. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.
Data Marts
User Mode (problem or program state)
Job Rotation
Plaintext
35. Security policy - procedures - and compliance enforcement
Transfer
Examples of non-technical security components
Malformed Input
Cryptology
36. Reprogrammable basic startup instructions
Shielding
Firmware
Labeling
Incident Manager
37. A design methodology which addresses risk early and often
Spiral
Data Hiding
Database Replication
Mantrap (Double Door System)
38. To move from location to location - keeping the same function
Copyright
Alert/Alarm
Logic Bomb
Job Rotation
39. The hard drive
Secondary Storage
Message Digest
Due Care
Total Risk
40. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Kernel
Burn
Ethics
Uninterruptible Power Supply (UPS)
41. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Security Kernel
Quantitative Risk Analysis
Burn
Near Site
42. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
Fire Classes
Shielding
Cold Site
Remote Journaling
43. Two different keys decrypt the same cipher text
Surge Suppressor
Masked/Interruptible
Key Clustering
Storage Area Network (SAN)
44. RADIUS - TACACS+ - Diameter
Buffer Overflow
Centralized Access Control Technologies
Plain Text
Teardrop
45. Asymmetric encryption of a hash of message
Plan Maintenance Procedures
Firewall
Algorithm
Digital Signature
46. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Classification
Restoration
Concatenation
Side Channel Attack
47. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due
War Driving
Plain Text
Elements of Negligence
Fragmented Data
48. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Switches
Mission-Critical Application
Acronym for American Standard Code for Information Interchange (ASCII)
Relocation
49. Record history of incident
Tracking
Threats
Data Integrity
Protection
50. Threats x Vulnerability x Asset Value = Total Risk
Ring Protection
Total Risk
Deadlock
Double Blind Testing
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests