SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A database backup type which records at the transaction level
Operating
Hacker
Domain
Remote Journaling
2. Use of specialized techniques for recovery - authentication - and analysis of electronic data
Tort
Disaster Recovery Tape
Computer Forensics
False Attack Stimulus
3. Communication of a security incident to stakeholders and data owners.
Notification
Database Replication
Record Level Deletion
Examples of non-technical security components
4. A database that contains the name - type - range of values - source and authorization for access for each data element
Data Dictionary
Parallel Test
Pointer
Brouter
5. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
System Life Cycle
Business Recovery Timeline
Integrated Test
Risk
6. System mediation of access with the focus on the context of the request
Content Dependent Access Control
Analysis
Mitigate
Uninterruptible Power Supply (UPS)
7. A electronic attestation of identity by a certificate authority
ISO/IEC 27001
Hijacking
Failure Modes and Effect Analysis (FEMA)
Digital Certificate
8. OOP concept of an object at runtime
Instance
Microwave
Message Digest
Eavesdropping
9. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Processes are Isolated By
Digital Signature
Marking
Overlapping Fragment Attack
10. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Coaxial Cable
Kernel
Conflict Of Interest
Discretionary
11. Uses two or more legal systems
Mixed Law System
Business Interruption Insurance
Orange Book D Classification
Due Diligence
12. To start business continuity processes
Activation
Mixed Law System
Checklist Test (desk check)
Emanations
13. Two certificate authorities that trust each other
Public Key Infrastructure (PKI)
Cross Certification
System Downtime
Initialization Vector
14. Final purpose or result
Information Risk Management (IRM)
Payload
Tar Pits
Time Of Check/Time Of Use
15. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
ISO/IEC 27002
Honeynet
Business Recovery Timeline
Checkpoint
16. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Workaround Procedures
Business Records
Digital Signature
Checklist Test
17. A collection of information designed to reduce duplication and increase integrity
Backup
Locard's Principle
Databases
Education
18. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Corrective
Exercise
Malformed Input
Permutation /Transposition
19. Natural occurrence in circuits that are in close proximity
Critical Functions
Elements of Negligence
Site Policy
Interference (Noise)
20. The collection and summation of risk data relating to a particular asset and controls for that asset
Mixed Law System
Maximum Tolerable Downtime (MTD)
Exercise
Risk Assessment
21. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Call Tree
Tapping
Mission-Critical Application
Lattice
22. A backup of data located where staff can gain access immediately
Substitution
On-Site
Residual Risk
Alert/Alarm
23. Something that happened
Event
Recovery Strategy
Policy
Virus
24. Reduces causes of fire
Fire Prevention
Risk Assessment
Phishing
Data Integrity
25. A system that enforces an access control policy between two networks.
Firewalls
Object Oriented Programming (OOP)
Information Risk Management (IRM)
Risk Assessment
26. A programming design concept which abstracts one set of functions from another in a serialized fashion
Layering
Electrostatic Discharge
Trade Secret
Orange Book D Classification
27. Malware that makes many small changes over time to a single data point or system
User
Salami
Radio Frequency Interference (RFI)
Territoriality
28. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware
Byte
Cross-Site Scripting
Rollback
Security Clearance
29. Reduction of voltage by the utility company for a prolonged period of time
Brownout
Accurate
Desk Check Test
Executive Succession
30. Data or interference that can trigger a false positive
Recovery Period
Firewall
Noise
Certification
31. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Change Control
Hearsay Evidence
Walk Though
Recovery Point Objective (RPO)
32. A template for the designing the architecture
Security Blueprint
Hot Site
Proxies
Guidelines
33. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Open Mail Relay Servers
Recovery Period
Framework
Active Data
34. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
Waterfall
False Attack Stimulus
Confidence Value
Polymorphism
35. A design methodology which executes in a linear one way fashion
Waterfall
Simulation
Emergency
Hearsay Evidence
36. Recording activities at the keyboard level
Keystroke Logging
Pointer
Highly Confidential
Denial Of Service
37. Forging of an IP address.
Plan Maintenance Procedures
Plaintext
IP Address Spoofing
Enticement
38. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
Key Clustering
Multi-Tasking
Proxies
Basics Of Secure Design
39. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.
Simulation Test
War Driving
Firewall
Disaster Recovery Teams (Business Recovery Teams)
40. Induces a crime - tricks a person - and is illegal
Certification Authority
Proxies
Entrapment
Attacker (Black hat - Hacker)
41. For PKI - decertify an entities certificate
Uninterruptible Power Supply (UPS)
Education
Basics Of Secure Design
Revocation
42. Regular operations are stopped and where processing is moved to the alternate site.
Proxies
Cryptology
Rootkit
Full-Interruption test
43. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Mixed Law System
Inrush Current
Orange Book D Classification
Repeaters
44. Program instructions based upon the CPU's specific architecture
Orange Book B1 Classification
Machine Language (Machine Code)
Modems
Switches
45. A device that converts between digital and analog representation of data.
Modems
Walk Though
Capability Tables
File
46. A device that sequentially switches multiple analog inputs to the output.
Honeynet
Brouter
Multiplexers
Patch Management
47. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.
Bollard
Deadlock
Orange Book A Classification
Strong Authentication
48. Firewalls - encryption - and access control lists
Examples of technical security components
Governance
Debriefing/Feedback
Wireless Fidelity (Wi-Fi )
49. People who interact with assets
Moore's Law
Liability
Repeaters
User
50. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Recovery Strategy
Blackout
Durability
Plan Maintenance Procedures