SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Recovery Period
Examples of technical security components
Criminal Law
Cache
2. Substitution at the word or phrase level
Encryption
Damage Assessment
Kernel
Code
3. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas
Relocation
Incident Response Team
Incident Response
Encryption
4. One way encryption
Security Blueprint
Alert/Alarm
Hash Function
Message Digest
5. Uses two or more legal systems
Data Marts
MOM
Walk Though
Mixed Law System
6. Subject based description of a system or a collection of resources
Capability Tables
Threats
JPEG (Joint Photographic Experts Group)
Network Attached Storage (NAS)
7. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
Full Test (Full Interruption)
Double Blind Testing
Log
Standard
8. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Business Unit Recovery
Multi-Processor
Administrative Access Controls
Full-Interruption test
9. Mathematical function that determines the cryptographic operations
Forward Recovery
Network Attached Storage (NAS)
Disaster Recovery Tape
Algorithm
10. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Legacy Data
Kerberos
Brouter
Certification
11. Initial surge of current
Covert Channel
Rootkit
Double Blind Testing
Inrush Current
12. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
User
Recovery Period
Centralized Access Control Technologies
Risk Mitigation
13. Recovery alternative - short-term - high cost movable processing location
Wait
Mobile Site
Alert
Activation
14. A risk assessment method - measurable real money cost
SYN Flooding
Quantitative
Guidelines
Compression
15. Control category- to record an adversary's actions
Detective
Initialization Vector
Checklist Test
Service Bureau
16. A risk assessment method - intrinsic value
Distributed Denial Of Service
Rollback
Site Policy Awareness
Qualitative
17. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials
Honeypot
Administrative Laws
Identification
Smurf
18. Vehicle or tool that exploits a weakness
Analysis
Threats
Threads
Revocation
19. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Payload
Plan Maintenance Procedures
Ring Protection
Data Backup Strategies
20. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Workaround Procedures
Common Law
Object Oriented Programming (OOP)
Countermeasure
21. Quantity of risk remaining after a control is applied
Worm
Residual Risk
Non-Discretionary Access Control
Deleted File
22. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.
War Driving
Disk Mirroring
Reference Monitor
Cryptanalysis
23. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
TCSEC (Orange Book)
Electronic Vaulting
Primary Storage
Classification
24. System mediation of access with the focus on the context of the request
Test Plan
Access Control Matrix
Content Dependent Access Control
Electronic Vaulting
25. Process of statistically testing a data set for the likelihood of relevant information.
Recovery Strategy
Embedded
Sampling
IP Address Spoofing
26. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
Gateway
Liability
Legacy Data
Overlapping Fragment Attack
27. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Data Integrity
CobiT
Parallel Test
Open Mail Relay Servers
28. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Orange Book D Classification
Packet Filtering
Orange Book C Classification
Recovery Point Objective (RPO)
29. Someone who want to know how something works - typically by taking it apart
Distributed Processing
Hacker
Remote Journaling
Sag/Dip
30. Written step-by-step actions
Information Technology Security Evaluation Criteria - ITSEC
Procedure
Replication
Generator
31. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
War Driving
Tapping
Analysis
Standalone Test
32. A electronic attestation of identity by a certificate authority
Revocation
SYN Flooding
Digital Certificate
Birthday Attack
33. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Journaling
Rootkit
Non-Discretionary Access Control
Due Care
34. Forging of an IP address.
IP Address Spoofing
Redundant Array Of Independent Drives (RAID)
Emergency Procedures
Directive
35. False memory reference
Encryption
Rogue Access Points
Dangling Pointer
Revocation
36. Object based description of a single resource and the permission each subject
Access Control Lists
Dictionary Attack
Strategic
Labeling
37. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Revocation
Emergency
Wait
Critical Infrastructure
38. OOP concept of a taking attributes from the original or parent
IP Address Spoofing
Uninterruptible Power Supply (UPS)
Inheritance
Policy
39. High degree of visual control
Surveillance
Virus
Marking
Evidence
40. State of computer - to be running a process
TCSEC (Orange Book)
Operating
Security Domain
IP Address Spoofing
41. Converts a high level language into machine language
Assembler
Trapdoors (Backdoors) (Maintenance Hooks)
File Level Deletion
Mandatory
42. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)
Data Marts
Contingency Plan
Administrative
Logic Bomb
43. Recovery alternative - a building only with sufficient power - and HVAC
Cold Site
Interception
Classification
Open Mail Relay Servers
44. Forgery of the sender's email address in an email header.
Liability
E-Mail Spoofing
Risk
Cross Certification
45. Individuals and departments responsible for the storage and safeguarding of computerized data.
Initialization Vector
Data Custodian
Contingency Plan
Administrative
46. Intellectual property protection for the expression of an idea
Object Oriented Programming (OOP)
Codec
Picking
Copyright
47. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.
Source Routing Exploitation
Checksum
Shift Cipher (Caesar)
Residual Data
48. Potential danger to information or systems
Operational Exercise
Mobile Recovery
Full Test (Full Interruption)
Threats
49. Less granular organization of controls -
Control Type
Distributed Processing
Accountability
Technical Access Controls
50. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Emergency Operations Center (EOC)
Exercise
Work Factor
False (False Positive)
