SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Recognition of an individual's assertion of identity.
Mandatory
Identification
Executive Succession
Disk Mirroring
2. Firewalls - encryption - and access control lists
Private Branch Exchange (PBX)
Radio Frequency Interference (RFI)
Examples of technical security components
Distributed Processing
3. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.
Fiber Optics
Radio Frequency Interference (RFI)
Mirrored Site
Electronic Vaulting
4. Tool which mediates access
Electronic Vaulting
Territoriality
E-Mail Spoofing
Control
5. A template for the designing the architecture
Security Blueprint
Embedded Systems
Disaster Recovery Tape
Operational Test
6. Is secondhand and usually not admissible in court
Hearsay Evidence
Spiral
War Driving
Kerberos
7. Encryption system using shared key/private key/single key/secret key
Trademark
Electronic Vaulting
Symmetric
Public Key Infrastructure (PKI)
8. Recovery alternative - complete duplication of services including personnel
Mirrored Site
Protection
Operational Test
Logic Bomb
9. Of a system without prior knowledge by the tester or the tested
Double Blind Testing
Computer Forensics
Multi-Programming
Cryptanalysis
10. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Interception
Activation
Business Interruption Insurance
Structured Walk-Through Test
11. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.
Burn
Information Owner
Admissible
Data Backup Strategies
12. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Internal Use Only
Risk Mitigation
Revocation
Concentrator
13. Requirement of access to data for a clearly defined purpose
ISO/IEC 27002
Need-To-Know
Complete
Uninterruptible Power Supply (UPS)
14. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Reciprocal Agreement
Orange Book D Classification
Information Risk Management (IRM)
Consistency
15. To stop damage from spreading
Containment
MOM
Sniffing
Activation
16. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Highly Confidential
Brownout
Patent
Trade Secret
17. A type of attack involving attempted insertion - deletion or altering of data.
Containment
Modification
Operational Exercise
Framework
18. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Honeypot
Failure Modes and Effect Analysis (FEMA)
Embedded
Hot Spares
19. Control category- to discourage an adversary from attempting to access
Malformed Input
Deterrent
Criminal Law
Electrostatic Discharge
20. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.
Activation
Business Continuity Planning (BCP)
Simulation Test
3 Types of harm Addressed in computer crime laws
21. Recording the Who What When Where How of evidence
Chain Of Custody
Triage
Active Data
Conflict Of Interest
22. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.
Damage Assessment
Fault Tolerance
Electronic Vaulting
Simulation Test
23. Organized group of compromised computers
Botnet
Procedure
Activation
Access Point
24. More than one CPU on a single board
Logic Bomb
Multi-Core
Symmetric
Walk Though
25. Real-time - automatic and transparent backup of data.
Administrative Access Controls
Remote Journaling
Source Routing Exploitation
Sharing
26. For PKI - to store another copy of a key
Business Continuity Program
Discretionary
Key Escrow
Hash Function
27. Renders the file inaccessible to the operating system - available to reuse for data storage.
Operational
Race Condition
File Level Deletion
Electronic Vaulting
28. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
Risk Assessment
User
Resumption
BCP Testing Drills and Exercises
29. Controls for termination of attempt to access object
Intrusion Prevention Systems
TNI (Red Book)
Data Marts
Satellite
30. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials
Archival Data
Discretionary
Administrative Laws
Recovery
31. Key
Cryptography
Cryptovariable
Cross Certification
Orange Book D Classification
32. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Life Cycle of Evidence
Public Key Infrastructure (PKI)
Security Domain
Directive
33. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Incident Handling
Mobile Recovery
War Dialing
Network Attached Storage (NAS)
34. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Bridge
Steganography
Fault
Civil Law
35. Lower frequency noise
Contact List
Radio Frequency Interference (RFI)
False (False Positive)
Desk Check Test
36. A form of data hiding which protects running threads of execution from using each other's memory
Ethics
File
Process Isolation
Transfer
37. A type a computer memory that temporarily stores frequently used information for quick access.
Cache
Emergency
Civil Or Code Law
Replication
38. Communicate to stakeholders
Switches
Debriefing/Feedback
Fire Suppression
Security Domain
39. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.
Teardrop
Incident Manager
TCSEC (Orange Book)
Bit
40. DoS - Spoofing - dictionary - brute force - wardialing
Keyed-Hashing For Message Authentication
Tapping
Birthday Attack
Access Control Attacks
41. To move from location to location - keeping the same function
Data Dictionary
On-Site
Job Rotation
Concentrator
42. Methodical research of an incident with the purpose of finding the root cause
Primary Storage
Activation
Investigation
Rogue Access Points
43. Granular decision by a system of permitting or denying access to a particular resource on the system
Authorization
Content Dependent Access Control
Due Care
Custodian
44. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Mirroring
Locard's Principle
Data Diddler
Incident Response
45. Natural occurrence in circuits that are in close proximity
Sniffing
Intrusion Detection Systems
Interference (Noise)
Surveillance
46. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Permutation /Transposition
Life Cycle of Evidence
Entrapment
Orange Book D Classification
47. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.
Privacy Laws
Cryptology
Copyright
Recovery
48. Part of a transaction control for a database which informs the database of the last recorded transaction
Business Impact Analysis
Checkpoint
Mitigate
Picking
49. Impossibility of denying authenticity and identity
Key Clustering
Switches
Non-Repudiation
Kerberos
50. A back up type - where the organization has excess capacity in another location.
Operational Test
Distributed Processing
Inrush Current
Recovery
