SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. One of the key benefits of a network is the ability to share files stored on the server among several users.
SYN Flooding
Sampling
Hot Spares
File Sharing
2. Amount of time for restoring a business process or function to normal operations without major loss
Deleted File
Maximum Tolerable Downtime (MTD)
Database Shadowing
Network Attached Storage (NAS)
3. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept
Ring Protection
Cryptovariable
Data Dictionary
Multi-Processor
4. The one person responsible for data - its classification and control setting
Procedure
Information Owner
Surveillance
Operational
5. Natural or human-readable form of message
Bit
Guidelines
Plain Text
Keystroke Logging
6. Momentary loss of power
Process Isolation
Fault
Trapdoors (Backdoors) (Maintenance Hooks)
Risk Assessment / Analysis
7. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Cross Training
Incident Response
Assembler
Labeling
8. Total number of keys available that may be selected by the user of a cryptosystem
Key Space
Remanence
Simulation Test
Examples of non-technical security components
9. Unsolicited commercial email
Certification
Maximum Tolerable Downtime (MTD)
Spam
Brouter
10. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
Operating
Interception
Trojan Horse
Full Test (Full Interruption)
11. One entity with two competing allegiances
Vital Record
Conflict Of Interest
Emergency Procedures
Honeynet
12. A race condition where the security changes during the object's access
Time Of Check/Time Of Use
Sag/Dip
Metadata
Non-Interference
13. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Locard's Principle
Acronym for American Standard Code for Information Interchange (ASCII)
Firmware
Classification
14. A copy of transaction data - designed for querying and reporting
Data Warehouse
Fiber Optics
Double Blind Testing
Framework
15. System mediation of access with the focus on the context of the request
Policy
Content Dependent Access Control
Event
Tapping
16. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.
TCSEC (Orange Book)
Mobile Recovery
Worldwide Interoperability for Microwave Access (WI-MAX )
Side Channel Attack
17. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress
Residual Risk
Concentrator
Mandatory Vacations
True Attack Stimulus
18. False memory reference
Dangling Pointer
Countermeasure
Admissible
Parallel Test
19. A process state - (blocked) needing input before continuing
Administrative Law
HTTP Response Splitting
Wait
Digital Certificate
20. Pertaining to law - verified as real
Plain Text
Authentic
Infrastructure
TNI (Red Book)
21. A running key using a random key that is never used again
Multiplexers
Sharing
One Time Pad
Walk Though
22. Periodic - automatic and transparent backup of data in bulk.
Checklist Test (desk check)
Method
Alarm Filtering
Electronic Vaulting
23. Identification and notification of an unauthorized and/or undesired action
Capability Tables
Centralized Access Control Technologies
Guidelines
Detection
24. Intellectual property protection for an invention
Notification
Patent
Sharing
ff Site
25. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.
Administrative Law
Recovery
Damage Assessment
Inference
26. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Quantitative Risk Analysis
Packet Filtering
Kernel
UPS
27. Requirement of access to data for a clearly defined purpose
Guidelines
Need-To-Know
Administrative Laws
Authentication
28. Vehicle or tool that exploits a weakness
Threats
System Downtime
Spiral
IDS Intrusion Detection System
29. Low level - pertaining to planning
Investigation
Tactical
Standalone Test
Orange Book C2 Classification
30. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Disaster Recovery Plan
CobiT
Encipher
Brownout
31. High frequency noise
Code
Residual Risk
Electromagnetic Interference (EMI)
Replication
32. A system that enforces an access control policy between two networks.
Adware
Byte Level Deletion
Firewalls
Source Routing Exploitation
33. Mitigation of system or component loss or interruption through use of backup capability.
Convincing
Security Kernel
Fault Tolerance
Territoriality
34. A Trojan horse with the express underlying purpose of controlling host from a distance
Man-In-The-Middle Attack
Marking
Remote Access Trojan
Atomicity
35. Uncheck data input which results in redirection
Incident Handling
Assembler
Generator
HTTP Response Splitting
36. Recovery alternative - short-term - high cost movable processing location
Operational Test
Quantitative Risk Analysis
Mobile Site
Birthday Attack
37. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Analysis
Dangling Pointer
Journaling
Hearsay
38. Provides a physical cross connect point for devices.
Emergency Operations Center (EOC)
Patch Panels
Uninterruptible Power Supply (UPS)
Rootkit
39. Intellectual property protection for an confidential and critical process
Alert/Alarm
Classification Scheme
Databases
Trade Secret
40. Threats x Vulnerability x Asset Value = Total Risk
Codec
Proxies
Attacker (Black hat - Hacker)
Total Risk
41. Recovery alternative - a building only with sufficient power - and HVAC
Cold Site
Disaster Recovery Plan
Source Routing Exploitation
Vital Record
42. Written internalized or nationalized norms that are internal to an organization
Alternate Site
Examples of non-technical security components
Standard
Surge Suppressor
43. A covert storage channel on the file attribute
Access Control
File Extension
Alternate Data Streams (File System Forks)
Contingency Plan
44. Eavesdropping on network communications by a third party.
Threads
Aggregation
Data Backup Strategies
Sniffing
45. Narrow scope examination of a system
Data Custodian
Targeted Testing
Hearsay
Common Law
46. Return to a normal state
Plaintext
Key Clustering
Infrastructure
Recovery
47. Prolonged loss of commercial power
Blackout
Deletion
Modification
War Driving
48. Just enough access to do the job
ISO/IEC 27001
Hot Spares
Fire Suppression
Least Privilege
49. Key
Virus
Vulnerability
Byte Level Deletion
Cryptovariable
50. OOP concept of a distinct copy of the class
Mobile Recovery
Interference (Noise)
Source Routing Exploitation
Object