SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Provides a physical cross connect point for devices.
Job Training
Patch Panels
Worm
Worldwide Interoperability for Microwave Access (WI-MAX )
2. Uncleared buffers or media
Object Reuse
Brute Force
Durability
Business Recovery Team
3. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.
Network Attached Storage (NAS)
Firewalls
Electronic Vaulting
Threat Agent
4. DoS - Spoofing - dictionary - brute force - wardialing
Access Control Attacks
Emergency Procedures
Salami
Covert Channel
5. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Desk Check Test
Recovery Time Objectives
Satellite
Byte Level Deletion
6. Intellectual property protection for marketing efforts
Trademark
Directive
Mobile Recovery
Brute Force
7. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
ISO/IEC 27002
Disaster
Mock Disaster
Cryptanalysis
8. OOP concept of a distinct copy of the class
Exercise
Object
Safeguard
Work Factor
9. A description of a database
Multi-Core
Data Dictionary
Embedded Systems
Desk Check Test
10. Joining two pieces of text
Technical Access Controls
Concatenation
Deletion
Control Category
11. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Executive Succession
Process Isolation
Job Rotation
Picking
12. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Exposure
Gateway
CobiT
Algorithm
13. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
Transfer
Directive
Application Programming Interface
3 Types of harm Addressed in computer crime laws
14. Mathematical function that determines the cryptographic operations
Tracking
Twisted Pair
Inheritance
Algorithm
15. A program with an inappropriate second purpose
Private Branch Exchange (PBX)
Distributed Processing
Trojan Horse
Procedure
16. Momentary loss of power
Lattice
Data Recovery
Fault
Hearsay Evidence
17. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
Investigation
Governance
Confidence Value
Recovery
18. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Uninterruptible Power Supply (UPS)
Interception
Radio Frequency Interference (RFI)
Marking
19. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Threats
Reference Monitor
Recovery Point Objective (RPO)
Archival Data
20. Quantity of risk remaining after a control is applied
Hot Spares
Copyright
Control Category
Residual Risk
21. Maximum tolerance for loss of certain business function - basis of strategy
Compartmentalize
Recovery Time Objectives
Patch Management
Distributed Processing
22. Review of data
JPEG (Joint Photographic Experts Group)
Reference Monitor
Analysis
Spam
23. Reduction of voltage by the utility company for a prolonged period of time
Storage Area Network (SAN)
Classification Scheme
Kernel
Brownout
24. Mitigate damage by isolating compromised systems from the network.
Labeling
Containment
Guidelines
Replication
25. A programming device use in development to circumvent controls
Exercise
Sniffing
Trapdoors (Backdoors) (Maintenance Hooks)
Code
26. Data or interference that can trigger a false positive
Recovery
Business Records
Education
Noise
27. The principles a person sets for themselves to follow
Recovery Period
Fault
Business Recovery Team
Ethics
28. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Object Oriented Programming (OOP)
Technical Access Controls
False Negative
Data Backup Strategies
29. A state where two subjects can access the same object without proper mediation
Race Condition
Man-In-The-Middle Attack
Private Branch Exchange (PBX)
One Time Pad
30. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.
Disk Mirroring
Satellite
Buffer Overflow
Business Continuity Planning (BCP)
31. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
Interference (Noise)
Fire Classes
2-Phase Commit
Threads
32. Recovery alternative which includes cold site and some equipment and infrastructure is available
Fire Prevention
Access Control Lists
Warm Site
Botnet
33. Creation distribution update and deletion
Vulnerability
Satellite
Key Management
Critical Records
34. Record of system activity - which provides for monitoring and detection.
Proxies
Inheritance
Log
Private Branch Exchange (PBX)
35. Requirement to take time off
Detection
Buffer Overflow
Mandatory Vacations
Dictionary Attack
36. Most granular organization of controls
Contingency Plan
Strategic
Lattice
Control Category
37. A unit of execution
Separation Of Duties
Desk Check Test
Monitor
Threads
38. A running key using a random key that is never used again
One Time Pad
Security Domain
Voice Over IP (VOIP)
Brownout
39. Induces a crime - tricks a person - and is illegal
Entrapment
Disaster Recovery Teams (Business Recovery Teams)
Incident Handling
Procedure
40. Encryption system using a pair of mathematically related unequal keys
Business Impact Analysis
Certification Authority
Key Space
Asymmetric
41. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Forensic Copy
Tactical
Birthday Attack
Basics Of Secure Design
42. To create a copy of data as a precaution against the loss or damage of the original data.
JPEG (Joint Photographic Experts Group)
Workaround Procedures
Backup
Intrusion Detection Systems
43. To break a business process into separate functions and assign to different people
CobiT
Separation Of Duties
Botnet
Protection
44. One of the key benefits of a network is the ability to share files stored on the server among several users.
The ACID Test
Satellite
Patent
File Sharing
45. A temporary public file to inform others of a compromised digital certificate
Intrusion Prevention Systems
Race Condition
Procedure
Certificate Revocation List (CRL)
46. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
Business Records
Denial Of Service
Degauss
Access Point
47. OOP concept of a template that consist of attributes and behaviors
Redundant Array Of Independent Drives (RAID)
Interception
Class
Steganography
48. A design methodology which executes in a linear one way fashion
Code
Surge Suppressor
Plan Maintenance Procedures
Waterfall
49. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Databases
Activation
Residual Data
Information Risk Management (IRM)
50. The event signaling an IDS to produce an alarm when no attack has taken place
Damage Assessment
Conflict Of Interest
False Attack Stimulus
Recovery Period
