SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Moving letters around
Message Digest
Permutation /Transposition
Multi-Core
Radio Frequency Interference (RFI)
2. Abstract and mathematical in nature - defining all possible states - transitions and operations
Monitor
Framework
State Machine Model
Business Impact Analysis
3. An alert or alarm that is triggered when no actual attack has taken place
Satellite
Binary
False (False Positive)
Security Blueprint
4. Individuals and departments responsible for the storage and safeguarding of computerized data.
Data Hiding
Separation Of Duties
Cookie
Data Custodian
5. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
Sniffing
Virtual Memory
Storage Area Network (SAN)
Mirroring
6. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.
Orange Book B2 Classification
Surveillance
Restoration
Deletion
7. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Recovery Point Objective (RPO)
Bridge
Multilevel Security System
Chain of Custody
8. Vehicle or tool that exploits a weakness
Privacy Laws
Business Continuity Steering Committee
Threats
Distributed Denial Of Service
9. Key
Spam
Worm
Cryptovariable
Strategic
10. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Test Plan
Redundant Array Of Independent Drives (RAID)
IP Fragmentation
Data Owner
11. Unused storage capacity
Forward Recovery
Switches
Acronym for American Standard Code for Information Interchange (ASCII)
Slack Space
12. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.
Contact List
Damage Assessment
Fault Tolerance
Non-Discretionary Access Control
13. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Microwave
Full Test (Full Interruption)
Database Shadowing
CobiT
14. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Classification Scheme
Fiber Optics
Concentrator
Data Warehouse
15. Effort/time needed to overcome a protective measure
Record Level Deletion
SQL Injection
Isolation
Work Factor
16. The partial or full duplication of data from a source database to one or more destination databases.
Database Replication
Internal Use Only
Quantitative Risk Analysis
Watermarking
17. A program that waits for a condition or time to occur that executes an inappropriate activity
Framework
Mobile Recovery
Identification
Logic Bomb
18. Using small special tools all tumblers of the lock are aligned - opening the door
Data Custodian
Restoration
Picking
CPU Cache
19. Identification and notification of an unauthorized and/or undesired action
Patch Management
Disaster Recovery Tape
Hearsay
Detection
20. An availability attack - to consume resources to the point of exhaustion
User Mode (problem or program state)
Birthday Attack
Denial Of Service
Electronic Vaulting
21. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Bridge
Data Dictionary
Admissible
Operational Exercise
22. Line noise that is superimposed on the supply circuit.
Identification
Plain Text
Business Recovery Team
Transients
23. Intellectual property protection for marketing efforts
Trademark
Education
Initialization Vector
Admissible
24. Owner directed mediation of access
Discretionary
Business Continuity Program
Data Marts
Common Law
25. System of law based upon precedence - with major divisions of criminal - tort - and administrative
Data Warehouse
Faraday Cage/ Shield
Incident Manager
Common Law
26. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
File Extension
Routers
Residual Risk
Surge Suppressor
27. Evidence must be: admissible - authentic - complete - accurate - and convincing
Computer Forensics
On-Site
Primary Storage
5 Rules Of Evidence
28. Vehicle stopping object
One Time Pad
Public Key Infrastructure (PKI)
Standalone Test
Bollard
29. Claiming another's identity at a physical level
Electromagnetic Interference (EMI)
Incident Handling
Masquerading
Mission-Critical Application
30. A group or network of honeypots
Log
Honeynet
Remanence
Business Continuity Steering Committee
31. A computer designed for the purpose of studying adversaries
Honeypot
Emergency Procedures
Side Channel Attack
UPS
32. Threats x Vulnerability x Asset Value = Total Risk
Salami
Relocation
Non-Discretionary Access Control
Total Risk
33. Pertaining to law - high degree of veracity
Architecture
Accurate
TIFF (Tagged Image File Format)
Alert
34. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware
Cross-Site Scripting
Disaster Recovery Plan
Structured Walkthrough
Polyalphabetic
35. Ertaining to a number system that has just two unique digits.
Deletion
Checklist Test (desk check)
Binary
Parallel Test
36. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
Data Integrity
Code
Malformed Input
Embedded Systems
37. The collection and summation of risk data relating to a particular asset and controls for that asset
Maximum Tolerable Downtime (MTD)
Risk Assessment
Sharing
Keyed-Hashing For Message Authentication
38. Business and technical process of applying security software updates in a regulated periodic way
Fire Suppression
Least Privilege
Uninterruptible Power Supply (UPS)
Patch Management
39. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.
Damage Assessment
Patent
Sniffing
Liability
40. Outputs within a given function are the same result
Public Key Infrastructure (PKI)
Guidelines
Analysis
Collisions
41. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
TIFF (Tagged Image File Format)
Service Bureau
Non-Repudiation
Data Owner
42. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Executive Succession
Confidence Value
Record Level Deletion
Checkpoint
43. To start business continuity processes
Non-Interference
Buffer Overflow
Activation
Strong Authentication
44. Small data files written to a user's hard drive by a web server.
Masquerading
Cryptanalysis
Cookie
Risk
45. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Application Programming Interface
Internal Use Only
Adware
Data Warehouse
46. Intellectual property protection for an invention
Preemptive
Data Leakage
Firewall
Patent
47. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.
TEMPEST
Wait
Locard's Principle
Backup
48. To stop damage from spreading
Containment
Permutation /Transposition
Work Factor
Fault
49. A backup of data located where staff can gain access immediately
Open Mail Relay Servers
Convincing
Computer Forensics
On-Site
50. To jump to a conclusion
Admissible
Embedded
On-Site
Inference
