SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Eavesdropping on network communications by a third party.
Tapping
Redundant Servers
Buffer Overflow
Conflict Of Interest
2. A risk assessment method - measurable real money cost
Quantitative
Administrative
Bit
Operating
3. Vehicle stopping object
Recovery
Bollard
Slack Space
Certification
4. A test conducted on one or more components of a plan under actual operating conditions.
Operational Test
Data Recovery
System Life Cycle
Disaster Recovery Tape
5. More than one process in the middle of executing at a time
Multi-Tasking
Recovery
Hearsay Evidence
Integrated Test
6. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Alert
Residual Risk
Overlapping Fragment Attack
Isolation
7. Final purpose or result
Business Continuity Steering Committee
Disaster
Payload
Incident
8. Collection of data on business functions which determines the strategy of resiliency
User Mode (problem or program state)
Business Impact Assessment (BIA)
Failure Modes and Effect Analysis (FEMA)
Packet Filtering
9. Tool which mediates access
Blind Testing
Identification
Information Flow Model
Control
10. Measures followed to restore critical functions following a security incident.
Coaxial Cable
Recovery
Recovery Point Objective (RPO)
Procedure
11. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.
Notification
Worldwide Interoperability for Microwave Access (WI-MAX )
Archival Data
System Life Cycle
12. A layer 2 device that used to connect two network segments and regulate traffic.
Layering
Orange Book A Classification
EMI
Bridge
13. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Multi-Party Control
Vital Record
Hacker
Emergency Procedures
14. Uncheck data input which results in redirection
Computer System Evidence
HTTP Response Splitting
Twisted Pair
Slack Space
15. Some systems are actually run at the alternate site
Operating
Plaintext
Entrapment
Parallel Test
16. Data or interference that can trigger a false positive
ff Site
Capability Tables
Noise
Modification
17. A programming device use in development to circumvent controls
Trapdoors (Backdoors) (Maintenance Hooks)
Job Training
Data Owner
Risk Assessment / Analysis
18. Power surge
Simulation Test
Electrostatic Discharge
Disaster Recovery Plan
Mission-Critical Application
19. A type of multitasking that allows for more even distribution of computing time among competing request
Instance
Alarm Filtering
Storage Area Network (SAN)
Preemptive
20. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Security Blueprint
Firewall
On-Site
CobiT
21. A unit of execution
File
Threads
Plan Maintenance Procedures
Binary
22. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
Classification
Tar Pits
High-Risk Areas
Public Key Infrastructure (PKI)
23. A distributed system's transaction control that requires updates to complete or rollback
Civil Law
Spyware
2-Phase Commit
Record Level Deletion
24. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Certification
Emergency Operations Center (EOC)
Data Recovery
Administrative Access Controls
25. Something that happened
Codec
Event
Control Category
Logic Bomb
26. Representatives from each functional area or department get together and walk through the plan from beginning to end.
Running
Structured Walk-Through Test
Workaround Procedures
Twisted Pair
27. High degree of visual control
Surveillance
Data Backup Strategies
Data Dictionary
Chain Of Custody
28. A mobilized resource purchased or contracted for the purpose of business recovery.
Mobile Recovery
Site Policy Awareness
Information Technology Security Evaluation Criteria - ITSEC
File
29. Used to code/decode a digital data stream.
Plaintext
On-Site
Buffer Overflow
Codec
30. With enough computing power trying all possible combinations
Decipher
Accreditation
Cold Site
Brute Force
31. Subject based description of a system or a collection of resources
Surveillance
Data Dictionary
Accreditation
Capability Tables
32. To load the first piece of software that starts a computer.
Mirrored Site
Worm
Mock Disaster
Boot (V.)
33. Planning with a goal of returning to the normal business function
SYN Flooding
Generator
Surge Suppressor
Restoration
34. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Redundant Array Of Independent Drives (RAID)
MOM
Fiber Optics
Highly Confidential
35. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Virtual Memory
Switches
Data Owner
Architecture
36. Real-time - automatic and transparent backup of data.
Compartmentalize
Remote Journaling
Spam
Deadlock
37. To know more than one job
War Dialing
Non-Interference
Cross Training
Trademark
38. Define the way in which the organization operates.
Shielding
Compensating
Proprietary
Recovery Strategy
39. Try a list of words in passwords or encryption keys
2-Phase Commit
Hot Spares
Dictionary Attack
Custodian
40. One way encryption
Risk
Non-Repudiation
Orange Book A Classification
Hash Function
41. Controls deployed to avert unauthorized and/or undesired actions.
Prevention
Archival Data
Deadlock
Aggregation
42. Short period of low voltage.
Rollback
Relocation
Multi-Party Control
Sag/Dip
43. OOP concept of an object at runtime
Full-Interruption test
Key Clustering
Exercise
Instance
44. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.
Interception
Privacy Laws
TCSEC (Orange Book)
Remote Journaling
45. For PKI - to store another copy of a key
Service Bureau
Key Escrow
Sampling
Algorithm
46. Policy or stated actions
Due Care
TEMPEST
Wireless Fidelity (Wi-Fi )
Shift Cipher (Caesar)
47. Object reuse protection and auditing
Masked/Interruptible
Multi-Core
Repeaters
Orange Book C2 Classification
48. The first rating that requires security labels
Highly Confidential
5 Rules Of Evidence
Test Plan
Orange Book B1 Classification
49. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Security Clearance
Checklist Test (desk check)
Proxies
IDS Intrusion Detection System
50. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
Full Test (Full Interruption)
Simulation Test
Control Type
ISO/IEC 27001
