SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To evaluate the current situation and make basic decisions as to what to do
Alternate Data Streams (File System Forks)
Plain Text
Triage
Multi-Processing
2. To execute more than one instruction at an instant in time
Operating
Object Reuse
Multi-Processing
Architecture
3. What is will remain - persistence
Durability
ff Site
Procedure
Executive Succession
4. Line by line translation from a high level language to machine code
Threats
TIFF (Tagged Image File Format)
Interpreter
Guidelines
5. To load the first piece of software that starts a computer.
Confidence Value
Boot (V.)
Acronym for American Standard Code for Information Interchange (ASCII)
Slack Space
6. A one way - directed graph which indicates confidentiality or integrity flow
Lattice
Procedure
User Mode (problem or program state)
Faraday Cage/ Shield
7. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Integrated Test
Off-Site Storage
Compensating
Liability
8. An alert or alarm that is triggered when no actual attack has taken place
Dictionary Attack
Multi-Processing
False (False Positive)
Fire Detection
9. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Crisis
E-Mail Spoofing
Strong Authentication
Separation Of Duties
10. Amount of time for restoring a business process or function to normal operations without major loss
Encapsulation
Standalone Test
Non-Discretionary Access Control
Maximum Tolerable Downtime (MTD)
11. A test conducted on one or more components of a plan under actual operating conditions.
Electronic Vaulting
Codec
Orange Book C Classification
Operational Test
12. Something that happened
Faraday Cage/ Shield
Electromagnetic Interference (EMI)
Event
Operating
13. All of the protection mechanism in a computer system
Information Risk Management (IRM)
Mock Disaster
Quantitative
Trusted Computing Base
14. A set of laws that the organization agrees to be bound by
Highly Confidential
Job Training
Strategic
Administrative Law
15. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Call Tree
Acronym for American Standard Code for Information Interchange (ASCII)
Accreditation
Message Digest
16. A type of attack involving attempted insertion - deletion or altering of data.
Twisted Pair
Tar Pits
Data Diddler
Modification
17. A control before attack
Fiber Optics
Running Key
Safeguard
Mantrap (Double Door System)
18. Abstract and mathematical in nature - defining all possible states - transitions and operations
State Machine Model
Remote Access Trojan
Mirrored Site
Forensic Copy
19. Converts source code to an executable
Disaster
Compiler
Multi-Processing
Interference (Noise)
20. To create a copy of data as a precaution against the loss or damage of the original data.
Backup
Alert
Memory Management
Shadowing (file shadowing)
21. Program that inappropriately collects private data or activity
Examples of technical security components
Classification Scheme
Modification
Spyware
22. Joining two pieces of text
Shift Cipher (Caesar)
Procedure
Concatenation
System Downtime
23. Controls for termination of attempt to access object
Intrusion Prevention Systems
Countermeasure
Lattice
Protection
24. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.
Governance
IDS Intrusion Detection System
Key Escrow
Multilevel Security System
25. A copy of transaction data - designed for querying and reporting
Restoration
Top Secret
Data Warehouse
Modification
26. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Guidelines
Civil Or Code Law
Business Continuity Steering Committee
JPEG (Joint Photographic Experts Group)
27. Act of scrambling the cleartext message by using a key.
Residual Risk
Encipher
Firewall
Checklist Test
28. Scrambled form of the message or data
Coaxial Cable
Cipher Text
Forward Recovery
Computer System Evidence
29. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.
File Shadowing
Due Care
Trusted Computing Base
Checklist Test (desk check)
30. Maintenance procedures outline the process for the review and update of business continuity plans.
E-Mail Spoofing
Plan Maintenance Procedures
Patent
Sniffing
31. Vehicle stopping object
Code
Consistency
Capability Tables
Bollard
32. A secure connection to another network.
Governance
Gateway
Ethics
Fault Tolerance
33. Descrambling the encrypted message with the corresponding key
Backup
Conflict Of Interest
Decipher
File Sharing
34. People who interact with assets
User
Data Custodian
Ring Protection
Reference Monitor
35. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Authentic
Open Mail Relay Servers
Dictionary Attack
Hard Disk
36. A risk assessment method - intrinsic value
Administrative Access Controls
Hard Disk
Qualitative
Operational Test
37. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Phishing
Data Warehouse
Inference
Evidence
38. Object based description of a single resource and the permission each subject
Blackout
Access Control Lists
Shift Cipher (Caesar)
Recovery Strategy
39. Individuals and departments responsible for the storage and safeguarding of computerized data.
Electromagnetic Interference (EMI)
Redundant Array Of Independent Drives (RAID)
Information Risk Management (IRM)
Data Custodian
40. To reduce sudden rises in current
Database Replication
Monitor
Surge Suppressor
Hash Function
41. Maximum tolerance for loss of certain business function - basis of strategy
DR Or BC Coordinator
Countermeasure
Internal Use Only
Recovery Time Objectives
42. Substitution at the word or phrase level
Standalone Test
Electronic Vaulting
Code
Process Isolation
43. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Firewalls
Residual Risk
Digital Certificate
Threads
44. System directed mediation of access with labels
Mandatory
Slack Space
Object Oriented Programming (OOP)
Fire Prevention
45. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Recovery
Fiber Optics
Network Attached Storage (NAS)
Territoriality
46. Used to code/decode a digital data stream.
Mobile Recovery
Mock Disaster
Hot Spares
Codec
47. A layer 2 device that used to connect two or more network segments and regulate traffic.
Switches
Incident Manager
Tar Pits
State Machine Model
48. Wrong against society
E-Mail Spoofing
Emanations
Logic Bomb
Criminal Law
49. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Encipher
Blind Testing
Evidence
Emergency Operations Center (EOC)
50. Short period of low voltage.
Sag/Dip
Denial Of Service
Trademark
Restoration
