SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Object reuse protection and auditing
Intrusion Prevention Systems
Wait
Orange Book C2 Classification
Hot Spares
2. Unauthorized access of network devices.
Physical Tampering
Disaster Recovery Tape
Surveillance
Internal Use Only
3. People who interact with assets
User
Administrative Law
Sniffing
TNI (Red Book)
4. Information about a particular data set
Metadata
Embedded
Tar Pits
Hijacking
5. Communication of a security incident to stakeholders and data owners.
File Shadowing
Notification
Internal Use Only
Trademark
6. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.
Threads
Atomicity
Damage Assessment
Bridge
7. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
The ACID Test
Business Interruption Insurance
Encapsulation
Durability
8. An event which stops business from continuing.
Encapsulation
Archival Data
Cryptovariable
Disaster
9. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Call Tree
Worm
Tapping
Top Secret
10. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Data Integrity
Simulation
Operational Test
Polymorphism
11. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Infrastructure
Sag/Dip
Information Risk Management (IRM)
Tar Pits
12. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components
Bridge
Alert
Object Oriented Programming (OOP)
Masked/Interruptible
13. Collection of data on business functions which determines the strategy of resiliency
Symmetric
Tort
Orange Book C Classification
Business Impact Assessment (BIA)
14. Some systems are actually run at the alternate site
Security Domain
Parallel Test
Multi-Processor
Highly Confidential
15. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
Multi-Core
Criminal Law
Computer System Evidence
Central Processing Unit (CPU)
16. A control after attack
Near Site
Information Owner
Countermeasure
Orange Book B1 Classification
17. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Time Of Check/Time Of Use
Data Hiding
Routers
Alarm Filtering
18. A physical enclosure for verifying identity before entry to a facility
Mantrap (Double Door System)
Orange Book D Classification
Architecture
Workaround Procedures
19. Asymmetric encryption of a hash of message
Digital Signature
Classification Scheme
Policy
Security Domain
20. Use of specialized techniques for recovery - authentication - and analysis of electronic data
Tort
False (False Positive)
Masked/Interruptible
Computer Forensics
21. The managerial approval to operate a system based upon knowledge of risk to operate
Detection
Shift Cipher (Caesar)
Accreditation
Database Replication
22. Malware that makes small random changes to many data points
Business Unit Recovery
Countermeasure
Data Diddler
Faraday Cage/ Shield
23. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Denial Of Service
Critical Infrastructure
Exercise
Business Recovery Timeline
24. Communicate to stakeholders
Disaster
Supervisor Mode (monitor - system - privileged)
Generator
Debriefing/Feedback
25. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Integrated Test
Governance
Compiler
Cross Certification
26. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Inference
Corrective
Journaling
Microwave
27. Independent malware that requires user interaction to execute
Access Control Lists
Separation Of Duties
Chain of Custody
Virus
28. Written suggestions that direct choice to a few alternatives
Inheritance
Guidelines
Buffer Overflow
Locard's Principle
29. Amount of time for restoring a business process or function to normal operations without major loss
Detection
Secondary Storage
Policy
Maximum Tolerable Downtime (MTD)
30. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Entrapment
Data Backup Strategies
Encapsulation
Total Risk
31. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.
UPS
Codec
Burn
Archival Data
32. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Initialization Vector
Encryption
Non-Discretionary Access Control
Class
33. Measures followed to restore critical functions following a security incident.
Recovery
War Driving
Prevention
Business Recovery Team
34. A basic level of network access control that is based upon information contained in the IP packet header.
Decipher
Keystroke Logging
Territoriality
Packet Filtering
35. Effort/time needed to overcome a protective measure
Cold Site
Work Factor
Hijacking
Full-Interruption test
36. A record that must be preserved and available for retrieval if needed.
Man-In-The-Middle Attack
Reference Monitor
Vital Record
Business Recovery Timeline
37. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Codec
Declaration
Simulation Test
Cryptology
38. Owner directed mediation of access
Revocation
Discretionary
Content Dependent Access Control
Layering
39. Intellectual property protection for an invention
Mantrap (Double Door System)
Patent
Digital Certificate
Intrusion Detection Systems
40. Record history of incident
TCSEC (Orange Book)
Rogue Access Points
Tracking
Inheritance
41. A risk assessment method - intrinsic value
Qualitative
Procedure
Information Risk Management (IRM)
Patch Panels
42. Subjects will not interact with each other's objects
Recovery
Radio Frequency Interference (RFI)
Non-Interference
Business Interruption
43. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Microwave
User
Ethics
Common Criteria
44. Unsolicited commercial email
ISO/IEC 27001
CobiT
Atomicity
Spam
45. Wrong against society
Moore's Law
HTTP Response Splitting
Criminal Law
Kerberos
46. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Repeaters
Stopped
War Dialing
Patent
47. A backup type - for databases at a point in time
Risk Assessment / Analysis
Shadowing (file shadowing)
Due Care
Modification
48. A shield against leakage of electromagnetic signals.
Faraday Cage/ Shield
5 Rules Of Evidence
Message Digest
Plain Text
49. A process state - to be either be unable to run waiting for an external event or terminated
Reciprocal Agreement
Workaround Procedures
Hot Spares
Stopped
50. OOP concept of an object at runtime
Common Law
Cross-Site Scripting
Private Branch Exchange (PBX)
Instance
