SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Deals with discretionary protection
Dictionary Attack
One Time Pad
Residual Risk
Orange Book C Classification
2. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance
Redundant Array Of Independent Drives (RAID)
Deleted File
Data Leakage
Honeynet
3. Pertaining to law - no omissions
Complete
War Driving
Data Dictionary
Cryptology
4. Wrong against society
Recovery Period
Criminal Law
Concentrator
Prevention
5. Just enough access to do the job
Analysis
Birthday Attack
Initialization Vector
Least Privilege
6. Recording activities at the keyboard level
Deleted File
Keystroke Logging
Fragmented Data
Disaster Recovery Tape
7. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Classification
Computer System Evidence
Quantitative Risk Analysis
Debriefing/Feedback
8. A type of attack involving attempted insertion - deletion or altering of data.
Embedded
Radio Frequency Interference (RFI)
Data Marts
Modification
9. To smooth out reductions or increases in power
UPS
Information Technology Security Evaluation Criteria - ITSEC
Cold Site
Bit
10. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Business Continuity Steering Committee
Risk Assessment / Analysis
Machine Language (Machine Code)
Business Unit Recovery
11. The event signaling an IDS to produce an alarm when no attack has taken place
File Server
SQL Injection
IDS Intrusion Detection System
False Attack Stimulus
12. Most granular organization of controls
Hijacking
Control Category
Remote Journaling
Tar Pits
13. Two certificate authorities that trust each other
Denial Of Service
Cross Certification
Databases
Revocation
14. The core of a computer that calculates
Disaster Recovery Plan
UPS
Reference Monitor
Central Processing Unit (CPU)
15. To create a copy of data as a precaution against the loss or damage of the original data.
Discretionary
Full Test (Full Interruption)
Mirrored Site
Backup
16. A program that waits for a condition or time to occur that executes an inappropriate activity
Faraday Cage/ Shield
IP Address Spoofing
Logic Bomb
Marking
17. People protect their domain
Territoriality
Qualitative
Smurf
Spiral
18. A Trojan horse with the express underlying purpose of controlling host from a distance
User
System Downtime
Accountability
Remote Access Trojan
19. Firewalls - encryption - and access control lists
Work Factor
Alternate Data Streams (File System Forks)
Mantrap (Double Door System)
Examples of technical security components
20. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Firmware
Botnet
Modification
Operational Exercise
21. A database backup type which records at the transaction level
Remote Journaling
SYN Flooding
Instance
Faraday Cage/ Shield
22. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Mandatory Vacations
Switches
Journaling
Pointer
23. To move from location to location - keeping the same function
Job Rotation
DR Or BC Coordinator
Assembler
Encryption
24. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Multilevel Security System
Distributed Denial Of Service
Disk Mirroring
Twisted Pair
25. Vehicle or tool that exploits a weakness
Threats
Interception
Civil Law
Data Backups
26. Pertaining to law - lending it self to one side of an argument
Convincing
Collisions
Blind Testing
Policy
27. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Common Criteria
Masked/Interruptible
Operational Exercise
Risk Mitigation
28. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Kerberos
Metadata
Encapsulation
Administrative Access Controls
29. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
Tar Pits
Information Technology Security Evaluation Criteria - ITSEC
Quantitative
Site Policy Awareness
30. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Hard Disk
Standalone Test
Mobile Site
Business Impact Analysis
31. Periodic - automatic and transparent backup of data in bulk.
Critical Records
IDS Intrusion Detection System
Chain of Custody
Electronic Vaulting
32. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
Operating
Disaster Recovery Plan
IDS Intrusion Detection System
Consistency
33. A collection of information designed to reduce duplication and increase integrity
Code
Alternate Site
Databases
Inrush Current
34. Forging of an IP address.
Proprietary
Discretionary
File
IP Address Spoofing
35. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.
Mock Disaster
Asymmetric
Failure Modes and Effect Analysis (FEMA)
Waterfall
36. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Backup
Data Backup Strategies
Botnet
Fire Classes
37. Long term knowledge building
Incident Manager
Education
Chain Of Custody
Ring Protection
38. Pertaining to law - verified as real
Authentic
Sag/Dip
Message Digest
Supervisor Mode (monitor - system - privileged)
39. Controls deployed to avert unauthorized and/or undesired actions.
Operational Exercise
Prevention
Detection
Transfer
40. Uses two or more legal systems
Physical Tampering
Remote Journaling
Operational
Mixed Law System
41. Someone who want to know how something works - typically by taking it apart
Compensating
Failure Modes and Effect Analysis (FEMA)
Simulation
Hacker
42. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Symmetric
Microwave
ISO/IEC 27002
Change Control
43. A back up type - where the organization has excess capacity in another location.
Distributed Processing
Atomicity
Due Diligence
Business Interruption
44. For PKI - to have more than one person in charge of a sensitive function
Cache
Incident Response
Consistency
Multi-Party Control
45. Key
Cryptovariable
Firewalls
Civil Law
Standard
46. The problems solving state - the opposite of supervisor mode
TIFF (Tagged Image File Format)
User Mode (problem or program state)
Salami
Control Type
47. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Kerckhoff's Principle
Binary
Chain of Custody
Lattice
48. The level and label given to an individual for the purpose of compartmentalization
Voice Over IP (VOIP)
Processes are Isolated By
Security Clearance
Chain of Custody
49. A temporary public file to inform others of a compromised digital certificate
Eavesdropping
Certificate Revocation List (CRL)
Database Shadowing
Residual Data
50. Pertaining to law - high degree of veracity
Accurate
Complete
Interception
Directive
