SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.
True Attack Stimulus
Job Training
Simulation Test
Storage Area Network (SAN)
2. Moving the alphabet intact a certain number spaces
Critical Records
Shift Cipher (Caesar)
Liability
Strategic
3. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.
Qualitative
Digital Certificate
Control
Electronic Vaulting
4. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Discretionary Access Control (DAC)
Domain
On-Site
Pervasive Computing and Mobile Computing Devices
5. A unit of execution
Near Site
Threads
Remote Access Trojan
Business Recovery Team
6. Recovery alternative - everything needed for the business function - except people and last backup
Checklist Test
Keystroke Logging
Hot Site
Multiplexers
7. The guardian of asset(s) - a maintenance activity
Rogue Access Points
Trade Secret
Custodian
Classification Scheme
8. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Voice Over IP (VOIP)
Atomicity
Business Interruption
Control Type
9. Recovery alternative which includes cold site and some equipment and infrastructure is available
Criminal Law
Shift Cipher (Caesar)
TEMPEST
Warm Site
10. Fault tolerance for power
Generator
Residual Risk
Computer System Evidence
Capability Tables
11. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Fragmented Data
Remote Access Trojan
Authorization
Recovery Point Objective (RPO)
12. Uncheck data input which results in redirection
Dangling Pointer
Object Oriented Programming (OOP)
Information Owner
HTTP Response Splitting
13. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Database Replication
Archival Data
Strong Authentication
Intrusion Detection Systems
14. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
Multiplexers
Threats
MOM
Memory Management
15. Control type- that is communication based - typically written or oral
Administrative
Business Continuity Planning (BCP)
Private Branch Exchange (PBX)
Standard
16. A copy of transaction data - designed for querying and reporting
Residual Data
Denial Of Service
Data Warehouse
Birthday Attack
17. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Multi-Processor
Evidence
Privacy Laws
Centralized Access Control Technologies
18. A device that provides the functions of both a bridge and a router.
Hub
Countermeasure
CPU Cache
Brouter
19. Forgery of the sender's email address in an email header.
Information Risk Management (IRM)
E-Mail Spoofing
Physical Tampering
File Server
20. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance
Business Recovery Team
Quantitative
Key Space
Redundant Array Of Independent Drives (RAID)
21. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Quantitative Risk Analysis
Record Level Deletion
Data Dictionary
Process Isolation
22. Someone who want to know how something works - typically by taking it apart
Honeypot
Vital Record
Slack Space
Hacker
23. A system designed to prevent unauthorized access to or from a private network.
Architecture
Firewall
Firmware
BCP Testing Drills and Exercises
24. Owner directed mediation of access
Quantitative Risk Analysis
Rootkit
Discretionary
Event
25. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Layering
Recovery Point Objective (RPO)
Injection
Custodian
26. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Mandatory Access Control (MAC)
Examples of non-technical security components
Parallel Test
Deterrent
27. An availability attack - to consume resources to the point of exhaustion
Fraggle
Open Mail Relay Servers
Notification
Denial Of Service
28. Converts a high level language into machine language
Assembler
Disaster Recovery Teams (Business Recovery Teams)
IP Fragmentation
Quantitative Risk Analysis
29. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
MOM
Adware
Parallel Test
Security Blueprint
30. High level - pertaining to planning
Databases
Strategic
Keyed-Hashing For Message Authentication
Tracking
31. Process whereby data is removed from active files and other data storage structures
Data Integrity
Contingency Plan
Secondary Storage
Deletion
32. Policy or stated actions
Modems
Recovery Strategy
Logic Bomb
Due Care
33. Interception of a communication session by an attacker.
Transients
Cold Site
Supervisor Mode (monitor - system - privileged)
Hijacking
34. Specific format of technical and physical controls that support the chosen framework and the architecture
Collisions
Databases
Inrush Current
Infrastructure
35. Power surge
Electrostatic Discharge
Modems
Rollback
Separation Of Duties
36. A device that sequentially switches multiple analog inputs to the output.
Private Branch Exchange (PBX)
Multiplexers
Standard
Resumption
37. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Incident
3 Types of harm Addressed in computer crime laws
Trademark
Governance
38. System of law based upon precedence - with major divisions of criminal - tort - and administrative
Security Domain
Honeypot
Classification
Common Law
39. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress
Firmware
Ethics
Fault
True Attack Stimulus
40. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Key Space
ISO/IEC 27002
Alert
Brute Force
41. Written step-by-step actions
Quantitative Risk Analysis
Sharing
Running Key
Procedure
42. A failure of an IDS to detect an actual attack
Content Dependent Access Control
Reference Monitor
Data Dictionary
False Negative
43. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Directive
Cache
Disaster Recovery Teams (Business Recovery Teams)
SYN Flooding
44. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Liability
Critical Functions
Reciprocal Agreement
Cookie
45. A documented battle plan for coordinating response to incidents.
Incident Handling
Wait
Labeling
Operational Impact Analysis
46. Object reuse protection and auditing
Log
Private Branch Exchange (PBX)
Malformed Input
Orange Book C2 Classification
47. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Key Clustering
User Mode (problem or program state)
Emergency Procedures
State Machine Model
48. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
ISO/IEC 27002
Double Blind Testing
Tar Pits
Supervisor Mode (monitor - system - privileged)
49. Review of data
Discretionary
Hub
Analysis
Database Shadowing
50. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Business Continuity Planning (BCP)
Kerckhoff's Principle
Threats
Enticement
