SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Code breaking - practice of defeating the protective properties of cryptography.
Need-To-Know
Cryptovariable
Trademark
Cryptanalysis
2. Requirement to take time off
Business Recovery Timeline
High-Risk Areas
Boot (V.)
Mandatory Vacations
3. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
File Extension
Surge Suppressor
Risk Assessment
Data Owner
4. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
JPEG (Joint Photographic Experts Group)
ITSEC
Conflict Of Interest
Full Test (Full Interruption)
5. A description of a database
Maximum Tolerable Downtime (MTD)
Entrapment
Data Dictionary
Symmetric
6. Something that happened
Degauss
Strong Authentication
Logic Bomb
Event
7. The technical and risk assesment of a system within the context of the operating environment
Interpreter
Masquerading
Watermarking
Certification
8. Wrong against society
Criminal Law
Masquerading
Executive Succession
System Downtime
9. Unsolicited commercial email
Mitigate
ISO/IEC 27002
Spam
Forward Recovery
10. To segregate for the purposes of labeling
Operational Test
Classification Scheme
Compartmentalize
Virtual Memory
11. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.
Kerckhoff's Principle
EMI
Journaling
Active Data
12. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
Proxies
Private Branch Exchange (PBX)
Electronic Vaulting
Custodian
13. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
Access Control Matrix
Custodian
Multi-Programming
Blackout
14. High level - pertaining to planning
2-Phase Commit
Salami
Strategic
Mandatory
15. A program that waits for a condition or time to occur that executes an inappropriate activity
Safeguard
Patch Panels
Logic Bomb
Security Kernel
16. Long term knowledge building
Buffer Overflow
Object
Incident
Education
17. A one way - directed graph which indicates confidentiality or integrity flow
Man-In-The-Middle Attack
Lattice
Safeguard
Exposure
18. A condition in which neither party is willing to stop their activity for the other to complete
Quantitative Risk Analysis
Inrush Current
Modems
Deadlock
19. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
Electronic Vaulting
Confidence Value
Record Level Deletion
Liability
20. A type a computer memory that temporarily stores frequently used information for quick access.
Framework
Cache
Disaster Recovery Plan
Forward Recovery
21. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Databases
Satellite
Fiber Optics
Civil Or Code Law
22. A device that converts between digital and analog representation of data.
Modems
Binary
Botnet
Elements of Negligence
23. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
Sequence Attacks
Disaster Recovery Plan
Denial Of Service
ISO/IEC 27002
24. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.
Authentic
Accreditation
Business Unit Recovery
Codec
25. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Quantitative Risk Analysis
Algorithm
Administrative
Cache
26. To create a copy of data as a precaution against the loss or damage of the original data.
Relocation
Backup
Data Leakage
Patch Panels
27. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Logic Bomb
Fraggle
Data Custodian
DR Or BC Coordinator
28. The first rating that requires security labels
Sag/Dip
Targeted Testing
Vital Record
Orange Book B1 Classification
29. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
System Downtime
TCSEC (Orange Book)
User Mode (problem or program state)
Framework
30. A type of attack involving attempted insertion - deletion or altering of data.
Cross Training
Switches
Modification
Substitution
31. Less granular organization of controls -
Administrative Laws
Control Type
True Attack Stimulus
Vulnerability
32. A form of data hiding which protects running threads of execution from using each other's memory
Recovery
Cross-Site Scripting
Process Isolation
Tactical
33. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Encipher
Kernel
Residual Risk
Deleted File
34. Intellectual property protection for an confidential and critical process
Legacy Data
Conflict Of Interest
Trade Secret
Time Of Check/Time Of Use
35. Evaluation of a system without prior knowledge by the tester
Hot Spares
Data Recovery
Blind Testing
Infrastructure
36. An availability attack - to consume resources to the point of exhaustion
Business Continuity Steering Committee
Denial Of Service
Blackout
Payload
37. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Top Secret
Mobile Recovery
Certification
Packet Filtering
38. Measures followed to restore critical functions following a security incident.
Recovery
Parallel Test
Identification
One Time Pad
39. False memory reference
Computer Forensics
Dangling Pointer
Double Blind Testing
Embedded Systems
40. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Accreditation
Declaration
Generator
Business Continuity Program
41. The hard drive
Operating
Sequence Attacks
Object Oriented Programming (OOP)
Secondary Storage
42. A risk assessment method - intrinsic value
Archival Data
Fiber Optics
Integrated Test
Qualitative
43. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
Basics Of Secure Design
Separation Of Duties
IDS Intrusion Detection System
5 Rules Of Evidence
44. Sphere of influence
Running Key
Domain
Intrusion Detection Systems
Standard
45. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Instance
Internal Use Only
Firewall
Alert
46. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Cryptology
Information Risk Management (IRM)
3 Types of harm Addressed in computer crime laws
Cache
47. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
Data Dictionary
Interpreter
Legacy Data
One Time Pad
48. The managerial approval to operate a system based upon knowledge of risk to operate
Business Unit Recovery
Framework
Accreditation
Lattice
49. Owner directed mediation of access
Access Control
Discretionary
Convincing
Dangling Pointer
50. Power surge
ff Site
Embedded Systems
Cipher Text
Electrostatic Discharge