SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A process state - to be executing a process on the CPU
Running
Mirroring
Routers
Network Attached Storage (NAS)
2. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.
Substitution
Fiber Optics
Security Clearance
Mitigate
3. Recovery alternative - short-term - high cost movable processing location
Access Control Matrix
Evidence
Mobile Site
Archival Data
4. A passive network attack involving monitoring of traffic.
Eavesdropping
Trojan Horse
Spiral
Checklist Test
5. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Strong Authentication
Business Impact Assessment (BIA)
Workaround Procedures
Moore's Law
6. A backup of data located where staff can gain access readily and a localized disaster will not cause harm
Tactical
Due Diligence
Fire Detection
Near Site
7. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
Non-Discretionary Access Control
Object Oriented Programming (OOP)
TEMPEST
Alert/Alarm
8. Intellectual property management technique for identifying after distribution
Recovery Time Objectives
Examples of non-technical security components
Entrapment
Watermarking
9. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
Processes are Isolated By
Dictionary Attack
Time Of Check/Time Of Use
Man-In-The-Middle Attack
10. Guidelines within an organization that control the rules and configurations of an IDS
TIFF (Tagged Image File Format)
Orange Book A Classification
Wireless Fidelity (Wi-Fi )
Site Policy
11. A shield against leakage of electromagnetic signals.
System Downtime
Faraday Cage/ Shield
Binary
Picking
12. OOP concept of a class's details to be hidden from object
True Attack Stimulus
Trojan Horse
Encapsulation
Legacy Data
13. Control category- to discourage an adversary from attempting to access
Deterrent
Blackout
State Machine Model
Threads
14. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Tactical
Hard Disk
Critical Functions
Checklist Test (desk check)
15. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services
Data Backups
Access Control Lists
Firewalls
Teardrop
16. Asymmetric encryption of a hash of message
Burn
Polymorphism
Isolation
Digital Signature
17. Sphere of influence
Worldwide Interoperability for Microwave Access (WI-MAX )
Network Attached Storage (NAS)
Domain
User Mode (problem or program state)
18. A process state - to be either be unable to run waiting for an external event or terminated
TIFF (Tagged Image File Format)
Patent
Code
Stopped
19. DoS - Spoofing - dictionary - brute force - wardialing
Access Control Attacks
Codec
Data Owner
Payload
20. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Microwave
Metadata
Intrusion Detection Systems
Detective
21. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Analysis
Quantitative Risk Analysis
2-Phase Commit
Discretionary Access Control (DAC)
22. Another subject cannot see an ongoing or pending update until it is complete
Detective
Isolation
Authorization
Satellite
23. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Threads
Sag/Dip
Structured Walkthrough
Critical Records
24. Policy or stated actions
Concentrator
Voice Over IP (VOIP)
Disaster
Due Care
25. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
IP Fragmentation
Fire Classes
Multi-Programming
Key Escrow
26. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
ff Site
Recovery Point Objective (RPO)
Forward Recovery
Waterfall
27. A race condition where the security changes during the object's access
Logic Bomb
Time Of Check/Time Of Use
Virus
Warm Site
28. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Fire Prevention
Plaintext
Test Plan
Tactical
29. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Operational Impact Analysis
Business Unit Recovery
Full Test (Full Interruption)
Botnet
30. Control category- to give instructions or inform
Checksum
Bit
Directive
Codec
31. Reduces causes of fire
Call Tree
Alternate Site
Fire Prevention
Digital Certificate
32. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Encryption
Countermeasure
Checklist Test
Cryptovariable
33. OOP concept of an object's abilities - what it does
Rootkit
Log
Method
Radio Frequency Interference (RFI)
34. A test conducted on one or more components of a plan under actual operating conditions.
Dictionary Attack
Triage
Operational Test
Side Channel Attack
35. A electronic attestation of identity by a certificate authority
Digital Certificate
Bridge
Recovery Point Objective (RPO)
Complete
36. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Threats
Checkpoint
War Dialing
Control Category
37. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Operational Exercise
Twisted Pair
Patent
Byte
38. To reduce fire
Shift Cipher (Caesar)
Surge
Fire Suppression
Residual Risk
39. One entity with two competing allegiances
Metadata
Conflict Of Interest
Incident Manager
Injection
40. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Alert
Memory Management
Running
Information Flow Model
41. Unauthorized access of network devices.
Dictionary Attack
Physical Tampering
Revocation
Need-To-Know
42. Memory - RAM
Recovery Point Objective (RPO)
Digital Certificate
Access Control Lists
Primary Storage
43. Use of specialized techniques for recovery - authentication - and analysis of electronic data
Computer Forensics
Plaintext
Data Marts
Open Mail Relay Servers
44. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Electronic Vaulting
Botnet
Open Mail Relay Servers
Disaster Recovery Plan
45. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.
Critical Infrastructure
Orange Book B2 Classification
Side Channel Attack
Alarm Filtering
46. Substitution at the word or phrase level
Code
Emergency Operations Center (EOC)
TEMPEST
Botnet
47. System directed mediation of access with labels
Mandatory
Cipher Text
Process Isolation
Microwave
48. Granular decision by a system of permitting or denying access to a particular resource on the system
Information Technology Security Evaluation Criteria - ITSEC
Checkpoint
Due Care
Authorization
49. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.
Data Backups
Interception
Multilevel Security System
Standard
50. A database backup type which records at the transaction level
Remote Journaling
Control Type
Information Risk Management (IRM)
Cryptology