SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A computer designed for the purpose of studying adversaries
Honeypot
Chain of Custody
Critical Functions
Enticement
2. Return to a normal state
Recovery
Job Rotation
Uninterruptible Power Supply (UPS)
Contact List
3. To reduce sudden rises in current
Labeling
Procedure
Surge Suppressor
E-Mail Spoofing
4. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept
Keyed-Hashing For Message Authentication
Bit
Ring Protection
Secondary Storage
5. Control type- that is communication based - typically written or oral
Administrative
Risk Assessment
Containment
Primary Storage
6. A planned or unplanned interruption in system availability.
Mobile Recovery
System Downtime
Change Control
Event
7. Review of data
Checksum
Analysis
Monitor
System Life Cycle
8. Object based description of a single resource and the permission each subject
Criminal Law
Access Control Lists
Classification
Orange Book B1 Classification
9. Used to code/decode a digital data stream.
Codec
Encapsulation
Targeted Testing
Dictionary Attack
10. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.
Structured Walkthrough
Hash Function
TEMPEST
Incident Response Team
11. Intermediate level - pertaining to planning
CobiT
Operational
Hard Disk
Data Leakage
12. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Vital Record
Database Replication
Business Impact Analysis
Fiber Optics
13. Location where coordination and execution of BCP or DRP is directed
Brouter
Education
Mobile Recovery
Emergency Operations Center (EOC)
14. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
Strong Authentication
Notification
BCP Testing Drills and Exercises
Discretionary
15. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Hot Spares
Deterrent
Locard's Principle
Lattice
16. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Emergency
Digital Signature
Masquerading
Least Privilege
17. Control category - more than one control on a single asset
5 Rules Of Evidence
Data Leakage
Threats
Compensating
18. Using small special tools all tumblers of the lock are aligned - opening the door
Hijacking
Sampling
Governance
Picking
19. Subset of operating systems components dedicated to protection mechanisms
Fault
Security Kernel
Polymorphism
Hub
20. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Burn
Due Diligence
Byte Level Deletion
Emergency Procedures
21. A process state - to be either be unable to run waiting for an external event or terminated
Orange Book C Classification
Stopped
Data Warehouse
Complete
22. Uncleared buffers or media
Microwave
Orange Book C Classification
Object Reuse
Processes are Isolated By
23. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Fire Detection
Bumping
Acronym for American Standard Code for Information Interchange (ASCII)
Risk Assessment / Analysis
24. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Change Control
Collisions
Recovery
Residual Data
25. One of the key benefits of a network is the ability to share files stored on the server among several users.
File Sharing
Inrush Current
Examples of non-technical security components
Alternate Site
26. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.
Access Control Attacks
File Shadowing
Life Cycle of Evidence
Active Data
27. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Monitor
TIFF (Tagged Image File Format)
Guidelines
Cryptography
28. Regular operations are stopped and where processing is moved to the alternate site.
Full-Interruption test
High-Risk Areas
Electronic Vaulting
Concatenation
29. Two certificate authorities that trust each other
Cross Certification
Mock Disaster
Civil Or Code Law
Total Risk
30. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
Cryptology
Basics Of Secure Design
Risk Assessment
Total Risk
31. To create a copy of data as a precaution against the loss or damage of the original data.
Revocation
Plan Maintenance Procedures
Backup
EMI
32. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Injection
Off-Site Storage
Computer Forensics
Life Cycle of Evidence
33. Written step-by-step actions
Disaster Recovery Plan
Certification
Authorization
Procedure
34. Intellectual property protection for an invention
Blackout
Security Clearance
Salami
Patent
35. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials
Checkpoint
Top Secret
Administrative Laws
CobiT
36. Planning with a goal of returning to the normal business function
Restoration
Data Recovery
Keyed-Hashing For Message Authentication
Tapping
37. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities
Checklist Test
Degauss
Processes are Isolated By
Payload
38. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Gateway
Shift Cipher (Caesar)
Standalone Test
Criminal Law
39. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress
Data Dictionary
Security Blueprint
True Attack Stimulus
Masquerading
40. A type of multitasking that allows for more even distribution of computing time among competing request
Preemptive
Confidence Value
Threats
Fire Suppression
41. Intellectual property protection for the expression of an idea
Control
Life Cycle of Evidence
Bit
Copyright
42. A documented battle plan for coordinating response to incidents.
Attacker (Black hat - Hacker)
Layering
Operating
Incident Handling
43. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
Parallel Test
Copyright
Logic Bomb
TNI (Red Book)
44. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Plan Maintenance Procedures
Orange Book B2 Classification
Desk Check Test
Corrective
45. Communicate to stakeholders
Site Policy
Debriefing/Feedback
File Sharing
Routers
46. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Overlapping Fragment Attack
Technical Access Controls
Concatenation
Emergency Operations Center (EOC)
47. Pertaining to law - high degree of veracity
Plaintext
Accurate
Concentrator
Multi-Programming
48. Pertaining to law - no omissions
Complete
Triage
Mandatory
Double Blind Testing
49. Written suggestions that direct choice to a few alternatives
Byte
Guidelines
Data Custodian
Sequence Attacks
50. A programming device use in development to circumvent controls
Trapdoors (Backdoors) (Maintenance Hooks)
Packet Filtering
Checklist Test
Radio Frequency Interference (RFI)