SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Searching for wireless networks in a moving car.
Attacker (Black hat - Hacker)
War Driving
Key Space
Class
2. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Private Branch Exchange (PBX)
Mandatory Access Control (MAC)
Data Backups
Governance
3. Maximum tolerance for loss of certain business function - basis of strategy
Recovery Time Objectives
Cross Certification
Common Criteria
Orange Book B1 Classification
4. May be responsible for overall recovery of an organization or unit(s).
Firewalls
DR Or BC Coordinator
Wait
Detection
5. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
Residual Data
Full Test (Full Interruption)
Threats
Kernel
6. A one way - directed graph which indicates confidentiality or integrity flow
Double Blind Testing
Labeling
Lattice
Administrative Laws
7. A condition in which neither party is willing to stop their activity for the other to complete
Enticement
Residual Risk
Multi-Processing
Deadlock
8. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Parallel Test
Blackout
Liability
Acronym for American Standard Code for Information Interchange (ASCII)
9. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
Entrapment
Authentic
Forward Recovery
Embedded Systems
10. Used to code/decode a digital data stream.
Cipher Text
Worldwide Interoperability for Microwave Access (WI-MAX )
Process Isolation
Codec
11. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
Authorization
BCP Testing Drills and Exercises
Trusted Computing Base
Security Kernel
12. A Denial of Service attack that floods the target system with connection requests that are not finalized.
SYN Flooding
Class
Alert/Alarm
Alert
13. Record history of incident
Threat Agent
Information Owner
Tracking
Shielding
14. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.
Hearsay Evidence
Cipher Text
File Shadowing
Common Criteria
15. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Kerberos
Threats
Phishing
Operational Exercise
16. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Exercise
Transfer
Restoration
Private Branch Exchange (PBX)
17. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.
Voice Over IP (VOIP)
Time Of Check/Time Of Use
Access Control Lists
Simulation Test
18. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Rogue Access Points
Declaration
Risk Mitigation
Brouter
19. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Encapsulation
Event
Data Integrity
Pervasive Computing and Mobile Computing Devices
20. Code breaking - practice of defeating the protective properties of cryptography.
Cryptanalysis
Code
Standard
Byte Level Deletion
21. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Firewall
Data Integrity
Locard's Principle
Database Shadowing
22. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Common Criteria
Education
Threads
Orange Book B1 Classification
23. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Qualitative
Vital Record
Encryption
Machine Language (Machine Code)
24. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Orange Book C2 Classification
Executive Succession
Targeted Testing
Attacker (Black hat - Hacker)
25. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Forward Recovery
Plaintext
TIFF (Tagged Image File Format)
Disaster Recovery Plan
26. The technical and risk assesment of a system within the context of the operating environment
Access Control Matrix
Intrusion Prevention Systems
Certification
Distributed Processing
27. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Collisions
Forensic Copy
Interpreter
Hard Disk
28. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Hash Function
Security Domain
Logic Bomb
Overlapping Fragment Attack
29. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.
Damage Assessment
Access Control
Orange Book C Classification
Symmetric
30. One entity with two competing allegiances
Sequence Attacks
Trusted Computing Base
Embedded
Conflict Of Interest
31. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
Threats
Corrective
ISO/IEC 27002
Standard
32. A software design technique for abstraction of a process
Data Hiding
Remote Journaling
Rootkit
Trade Secret
33. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Operational Exercise
Architecture
High-Risk Areas
Tracking
34. Someone who wants to cause harm
Deleted File
TIFF (Tagged Image File Format)
Attacker (Black hat - Hacker)
Polyalphabetic
35. All of the protection mechanism in a computer system
Attacker (Black hat - Hacker)
Site Policy Awareness
Trusted Computing Base
Method
36. Mitigation of system or component loss or interruption through use of backup capability.
Domain
Marking
Fault Tolerance
Satellite
37. High level - pertaining to planning
Fire Classes
Method
Authentication
Strategic
38. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
Brownout
Public Key Infrastructure (PKI)
Examples of non-technical security components
Orange Book C Classification
39. Lower frequency noise
Failure Modes and Effect Analysis (FEMA)
Radio Frequency Interference (RFI)
Activation
Monitor
40. Interception of a communication session by an attacker.
Control
Deadlock
Hijacking
Tar Pits
41. Pertaining to law - lending it self to one side of an argument
Repeaters
Databases
Convincing
Accountability
42. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Admissible
Incident
Technical Access Controls
Disaster Recovery Tape
43. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Need-To-Know
Data Backup Strategies
CobiT
Common Law
44. Regular operations are stopped and where processing is moved to the alternate site.
Message Digest
Remote Journaling
Full-Interruption test
Site Policy Awareness
45. Intellectual property protection for an invention
Patent
Information Technology Security Evaluation Criteria - ITSEC
Incident
Locard's Principle
46. Of a system without prior knowledge by the tester or the tested
Double Blind Testing
Cross Training
Quantitative
3 Types of harm Addressed in computer crime laws
47. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Business Recovery Team
Simulation
Alert
Fiber Optics
48. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.
Quantitative
Kernel
Security Blueprint
Disk Mirroring
49. Written step-by-step actions
Administrative
Procedure
Administrative Access Controls
Attacker (Black hat - Hacker)
50. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Integrated Test
Cold Site
Data Integrity
Forward Recovery