SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Guidelines within an organization that control the rules and configurations of an IDS
Site Policy
Life Cycle of Evidence
Mandatory
Administrative Laws
2. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Codec
Information Technology Security Evaluation Criteria - ITSEC
Security Domain
War Driving
3. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Damage Assessment
Alert
TNI (Red Book)
Brute Force
4. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions
Patch Management
Analysis
Resumption
Alarm Filtering
5. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Coaxial Cable
Cross-Site Scripting
Site Policy Awareness
Preemptive
6. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Emergency
Damage Assessment
State Machine Model
Encryption
7. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
Bumping
Secondary Storage
Disaster
Disaster Recovery Plan
8. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
War Driving
Kerberos
Double Blind Testing
Supervisor Mode (monitor - system - privileged)
9. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.
Worldwide Interoperability for Microwave Access (WI-MAX )
Log
Quantitative
Bit
10. A choice in risk management - to implement a control that limits or lessens negative effects
ff Site
EMI
Mitigate
Remote Access Trojan
11. A collection of data or information that has a name
Secondary Storage
Risk
Examples of technical security components
File
12. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Data Backup Strategies
File Extension
Trusted Computing Base
Interpreter
13. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
Decipher
Public Key Infrastructure (PKI)
Shielding
Emergency Operations Center (EOC)
14. More than one process in the middle of executing at a time
Strategic
Multi-Processing
Multi-Tasking
Salami
15. Eight bits.
Critical Functions
Embedded
Byte
Domain
16. Impossibility of denying authenticity and identity
Non-Repudiation
Stopped
Denial Of Service
Off-Site Storage
17. People who interact with assets
Atomicity
User
Remote Journaling
Non-Repudiation
18. Hitting a filed down key in a lock with a hammer to open without real key
Cryptovariable
Procedure
Bumping
Governance
19. Of a system without prior knowledge by the tester or the tested
Content Dependent Access Control
Double Blind Testing
Keystroke Logging
Corrective
20. Use of specialized techniques for recovery - authentication - and analysis of electronic data
Data Warehouse
Policy
Computer Forensics
Analysis
21. Real-time data backup ( Data Mirroring)
Risk Assessment / Analysis
Byte
Database Shadowing
Information Owner
22. Recognition of an individual's assertion of identity.
Incident
Residual Risk
EMI
Identification
23. Independent malware that requires user interaction to execute
Key Clustering
Processes are Isolated By
Non-Repudiation
Virus
24. Someone who wants to cause harm
Structured Walk-Through Test
Attacker (Black hat - Hacker)
Due Care
Confidence Value
25. A condition in which neither party is willing to stop their activity for the other to complete
Code
Structured Walkthrough
Deadlock
Patent
26. May be responsible for overall recovery of an organization or unit(s).
Application Programming Interface
DR Or BC Coordinator
Accountability
Bridge
27. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Incident Manager
Orange Book D Classification
Chain Of Custody
Network Attached Storage (NAS)
28. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Rogue Access Points
Structured Walkthrough
Concentrator
Hard Disk
29. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Faraday Cage/ Shield
Monitor
Rootkit
Corrective
30. Subject based description of a system or a collection of resources
Capability Tables
Security Clearance
Recovery
Restoration
31. The chance that something negative will occur
Deletion
Assembler
Faraday Cage/ Shield
Risk
32. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware
Domain
SQL Injection
Cross-Site Scripting
Shielding
33. Location to perform the business function
File Shadowing
Access Control Matrix
Civil Or Code Law
Alternate Site
34. Some systems are actually run at the alternate site
Time Of Check/Time Of Use
Orange Book C2 Classification
Parallel Test
Business Unit Recovery
35. Periodic - automatic and transparent backup of data in bulk.
Electronic Vaulting
Source Routing Exploitation
Recovery
Compiler
36. An availability attack - to consume resources to the point of exhaustion
Strong Authentication
Intrusion Detection Systems
On-Site
Denial Of Service
37. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Administrative Law
Fire Prevention
Test Plan
TEMPEST
38. A state where two subjects can access the same object without proper mediation
Distributed Denial Of Service
Race Condition
Highly Confidential
Hash Function
39. Data or interference that can trigger a false positive
Data Warehouse
Parallel Test
Noise
Strategic
40. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc
Data Marts
Mandatory Access Control (MAC)
Critical Infrastructure
Total Risk
41. A unit of execution
Access Control Lists
Threads
Capability Tables
Hearsay
42. Mitigate damage by isolating compromised systems from the network.
Log
System Downtime
Containment
Rollback
43. Review of data
Interpreter
Analysis
Aggregation
Uninterruptible Power Supply (UPS)
44. A process state - to be either be unable to run waiting for an external event or terminated
Birthday Attack
Incident Handling
Stopped
DR Or BC Coordinator
45. High level - pertaining to planning
IP Address Spoofing
Warm Site
Conflict Of Interest
Strategic
46. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Security Clearance
Restoration
Denial Of Service
Crisis
47. Power surge
Keystroke Logging
Keyed-Hashing For Message Authentication
Electrostatic Discharge
Mitigate
48. A disturbance that degrades performance of electronic devices and electronic communications.
Embedded Systems
Life Cycle of Evidence
Education
Radio Frequency Interference (RFI)
49. What is will remain - persistence
Backup
Durability
Fault Tolerance
Confidence Value
50. To create a copy of data as a precaution against the loss or damage of the original data.
Directive
Backup
TIFF (Tagged Image File Format)
Access Control Lists