SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Business Unit Recovery
Cryptovariable
Remote Journaling
Residual Risk
2. A risk assessment method - measurable real money cost
Quantitative
Electrostatic Discharge
Alternate Site
Orange Book B1 Classification
3. Line noise that is superimposed on the supply circuit.
Life Cycle of Evidence
Secondary Storage
Transients
Bollard
4. To reduce sudden rises in current
Durability
Processes are Isolated By
Surge Suppressor
Qualitative
5. Long term knowledge building
Business Continuity Steering Committee
Countermeasure
Education
Patch Management
6. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Sequence Attacks
Non-Interference
Checklist Test
Data Integrity
7. A type of multitasking that allows for more even distribution of computing time among competing request
Ethics
Preemptive
Brouter
Transients
8. Amount of time for restoring a business process or function to normal operations without major loss
Maximum Tolerable Downtime (MTD)
Policy
Vulnerability
Cryptanalysis
9. Initial surge of current
Blind Testing
Inrush Current
Examples of non-technical security components
Sag/Dip
10. The first rating that requires security labels
Orange Book B1 Classification
Strong Authentication
Basics Of Secure Design
Data Custodian
11. OOP concept of an object at runtime
Race Condition
Hijacking
Instance
Birthday Attack
12. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Content Dependent Access Control
Hard Disk
Object Oriented Programming (OOP)
Cross Certification
13. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
Polymorphism
Identification
Processes are Isolated By
Substitution
14. Try a list of words in passwords or encryption keys
Codec
Dictionary Attack
Due Diligence
Fault
15. To know more than one job
Data Dictionary
Disaster
High-Risk Areas
Cross Training
16. A program with an inappropriate second purpose
Mantrap (Double Door System)
Multi-Processor
Reciprocal Agreement
Trojan Horse
17. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Access Control
Exposure
Territoriality
File Server
18. Location to perform the business function
Alternate Site
Access Point
Denial Of Service
Hijacking
19. Line by line translation from a high level language to machine code
Record Level Deletion
Worm
Moore's Law
Interpreter
20. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
Work Factor
Kernel
File Extension
Fraggle
21. Hiding the fact that communication has occurred
Steganography
Permutation /Transposition
Watermarking
Interception
22. Object based description of a single resource and the permission each subject
Access Control Lists
Restoration
Record Level Deletion
Gateway
23. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.
Mandatory Vacations
Data Leakage
Data Owner
Patch Management
24. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Kernel
Monitor
Restoration
Hub
25. Interception of a communication session by an attacker.
Mandatory Vacations
Hijacking
Recovery Time Objectives
5 Rules Of Evidence
26. Uncleared buffers or media
Object Reuse
Classification Scheme
Remanence
Multi-Party Control
27. People who interact with assets
MOM
Key Clustering
User
Eavesdropping
28. Unsolicited commercial email
Operational
Spam
Key Escrow
Disk Mirroring
29. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Protection
Residual Data
Non-Discretionary Access Control
Substitution
30. A test conducted on one or more components of a plan under actual operating conditions.
Operational Test
File Extension
Inheritance
Contingency Plan
31. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.
False (False Positive)
Contact List
Substitution
Encryption
32. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Injection
Need-To-Know
Marking
Incident Handling
33. Planning with a goal of returning to the normal business function
Restoration
Switches
User Mode (problem or program state)
Storage Area Network (SAN)
34. Threats x Vulnerability x Asset Value = Total Risk
Total Risk
Accurate
Compiler
Sniffing
35. Prolonged loss of commercial power
Blackout
Faraday Cage/ Shield
Directive
Workaround Procedures
36. High level design or model with a goal of consistency - integrity - and balance
Architecture
Cryptanalysis
Data Dictionary
Encapsulation
37. Mediation of subject and object interactions
Territoriality
Parallel Test
Elements of Negligence
Access Control
38. OOP concept of a taking attributes from the original or parent
Inheritance
Total Risk
Patch Panels
Checkpoint
39. A design methodology which executes in a linear one way fashion
Trojan Horse
Civil Or Code Law
Multi-Processor
Waterfall
40. Methodical research of an incident with the purpose of finding the root cause
Residual Data
Investigation
Parallel Test
Mobile Recovery
41. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Hard Disk
Degauss
Recovery
Highly Confidential
42. A state for operating system tasks only
Electrostatic Discharge
Supervisor Mode (monitor - system - privileged)
Data Backup Strategies
Business Recovery Timeline
43. A programming design concept which abstracts one set of functions from another in a serialized fashion
Vital Record
Disaster
Layering
Guidelines
44. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
MOM
Forward Recovery
Simulation
Mandatory Access Control (MAC)
45. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Business Impact Analysis
Cryptography
Voice Over IP (VOIP)
Buffer Overflow
46. Control type- that is communication based - typically written or oral
Education
Administrative
Hearsay Evidence
Security Kernel
47. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Site Policy Awareness
Repeaters
Orange Book C2 Classification
E-Mail Spoofing
48. Is secondhand and usually not admissible in court
Discretionary Access Control (DAC)
Spyware
Hearsay Evidence
Layering
49. Potentially retrievable data residue that remains following intended erasure of data.
Open Mail Relay Servers
Remanence
Moore's Law
Atomicity
50. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Bollard
Structured Walk-Through Test
Data Owner
Security Domain
