SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
Fire Detection
Mirroring
CPU Cache
ISO/IEC 27002
2. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Business Interruption
Digital Signature
Bollard
Workaround Procedures
3. Eight bits.
Digital Certificate
Byte
Coaxial Cable
Code
4. A type of multitasking that allows for more even distribution of computing time among competing request
Separation Of Duties
Journaling
Preemptive
Inference
5. Recognition of an individual's assertion of identity.
Crisis
Multiplexers
Identification
Orange Book B1 Classification
6. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Emergency
Worldwide Interoperability for Microwave Access (WI-MAX )
Access Control Attacks
Business Interruption
7. Malware that makes many small changes over time to a single data point or system
Salami
Phishing
Sniffing
Analysis
8. Intellectual property protection for marketing efforts
5 Rules Of Evidence
Administrative Law
Call Tree
Trademark
9. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Smurf
Resumption
Fiber Optics
TEMPEST
10. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Access Control Lists
Due Care
Civil Law
Data Hiding
11. A control before attack
Intrusion Prevention Systems
Safeguard
Liability
Business Recovery Timeline
12. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.
Residual Risk
Deleted File
Alert
Prevention
13. High level design or model with a goal of consistency - integrity - and balance
Architecture
Strong Authentication
Simulation Test
HTTP Response Splitting
14. An availability attack - to consume resources to the point of exhaustion
File Sharing
Alert
Denial Of Service
Liability
15. Recovery alternative - everything needed for the business function - except people and last backup
Orange Book D Classification
Hot Site
Logic Bomb
Cryptanalysis
16. Control type- that is communication based - typically written or oral
Administrative
File Level Deletion
Elements of Negligence
Degauss
17. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Lattice
Crisis
Databases
Certification
18. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Twisted Pair
Mission-Critical Application
Technical Access Controls
Reference Monitor
19. Weak evidence
Hearsay
Chain Of Custody
Operational
Total Risk
20. Collection of data on business functions which determines the strategy of resiliency
Procedure
Business Impact Assessment (BIA)
Atomicity
Fault
21. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Journaling
IDS Intrusion Detection System
Multi-Party Control
Secondary Storage
22. Unsolicited commercial email
Quantitative Risk Analysis
Waterfall
Detection
Spam
23. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.
Fragmented Data
Steganography
Inference
Accurate
24. Encryption system using shared key/private key/single key/secret key
Symmetric
Modems
Administrative Law
Processes are Isolated By
25. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Moore's Law
Eavesdropping
Plain Text
Overlapping Fragment Attack
26. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.
Digital Signature
Record Level Deletion
Bit
Attacker (Black hat - Hacker)
27. The one person responsible for data - its classification and control setting
Information Owner
Tapping
Legacy Data
Access Point
28. Total number of keys available that may be selected by the user of a cryptosystem
Key Space
Tactical
Damage Assessment
Voice Over IP (VOIP)
29. Pertaining to law - high degree of veracity
EMI
Data Recovery
Checklist Test (desk check)
Accurate
30. Small data warehouse
Data Marts
Alert
Discretionary
Polyalphabetic
31. Fault tolerance for power
Kernel
Resumption
Generator
Instance
32. A secure connection to another network.
Gateway
Byte Level Deletion
Plan Maintenance Procedures
Service Bureau
33. A subnetwork with storage devices servicing all servers on the attached network.
Inrush Current
Storage Area Network (SAN)
Disk Mirroring
Architecture
34. Uncheck data input which results in redirection
Keyed-Hashing For Message Authentication
HTTP Response Splitting
Picking
Accountability
35. The core of a computer that calculates
Central Processing Unit (CPU)
Disaster
Worm
Coaxial Cable
36. A passive network attack involving monitoring of traffic.
Identification
Multi-Processing
Top Secret
Eavesdropping
37. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Assembler
Operating
Object Oriented Programming (OOP)
Hub
38. A hash that has been further encrypted with a symmetric algorithm
Sequence Attacks
Keyed-Hashing For Message Authentication
Collisions
Sharing
39. More than one CPU on a single board
Chain Of Custody
Instance
Multi-Core
Key Escrow
40. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Kerckhoff's Principle
Uninterruptible Power Supply (UPS)
Honeynet
Administrative Access Controls
41. The guardian of asset(s) - a maintenance activity
Eavesdropping
Custodian
Emergency
Strategic
42. A Trojan horse with the express underlying purpose of controlling host from a distance
Remote Access Trojan
Contact List
Recovery
Mobile Recovery
43. OOP concept of a class's details to be hidden from object
Authentication
Encapsulation
Aggregation
Accurate
44. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Cryptology
Non-Discretionary Access Control
Evidence
Birthday Attack
45. Process of statistically testing a data set for the likelihood of relevant information.
Interpreter
Sampling
Locard's Principle
Kernel
46. Program instructions based upon the CPU's specific architecture
Compression
Civil Or Code Law
File
Machine Language (Machine Code)
47. Of a system without prior knowledge by the tester or the tested
Encapsulation
Double Blind Testing
Satellite
MOM
48. Narrow scope examination of a system
Targeted Testing
Key Management
Mitigate
Hearsay
49. Deals with discretionary protection
Mandatory
Orange Book C Classification
Failure Modes and Effect Analysis (FEMA)
Quantitative
50. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
Uninterruptible Power Supply (UPS)
Detection
Site Policy Awareness
Shadowing (file shadowing)
