SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Controls for termination of attempt to access object
Multi-Processing
Intrusion Prevention Systems
Mandatory
Confidence Value
2. Mitigate damage by isolating compromised systems from the network.
Analysis
Chain of Custody
Steganography
Containment
3. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Fragmented Data
Lattice
TIFF (Tagged Image File Format)
Chain of Custody
4. Pertaining to law - verified as real
Byte Level Deletion
Authentic
Access Control Attacks
Notification
5. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Fraggle
Disaster Recovery Teams (Business Recovery Teams)
ff Site
Encryption
6. Regular operations are stopped and where processing is moved to the alternate site.
Checklist Test (desk check)
Tracking
Inrush Current
Full-Interruption test
7. Vehicle or tool that exploits a weakness
Remote Journaling
Threats
Activation
High-Risk Areas
8. Consume resources to a point of exhaustion - loss of availability
Alternate Site
Virus
Denial Of Service
Recovery Strategy
9. Natural occurrence in circuits that are in close proximity
Restoration
Buffer Overflow
Tar Pits
Interference (Noise)
10. Final purpose or result
Bollard
Covert Channel
Byte Level Deletion
Payload
11. Potentially compromising leakage of electrical or acoustical signals.
Cross-Site Scripting
Active Data
Emanations
Accreditation
12. Written suggestions that direct choice to a few alternatives
Certification
Algorithm
Checksum
Guidelines
13. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Countermeasure
Fire Suppression
Business Records
Hard Disk
14. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.
Acronym for American Standard Code for Information Interchange (ASCII)
Pointer
Threads
Liability
15. A process state - to be executing a process on the CPU
DR Or BC Coordinator
Encapsulation
Running
Compensating
16. A mathematical tool for verifying no unintentional changes have been made
Triage
Checksum
Watermarking
Radio Frequency Interference (RFI)
17. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.
Recovery
Active Data
Noise
Routers
18. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
Business Unit Recovery
Key Escrow
Data Recovery
TCSEC (Orange Book)
19. A trusted issuer of digital certificates
Job Training
Certification Authority
Inference
Cipher Text
20. A software design technique for abstraction of a process
Non-Repudiation
Virus
Ethics
Data Hiding
21. A record that must be preserved and available for retrieval if needed.
Vital Record
Convincing
Initialization Vector
Overlapping Fragment Attack
22. Eavesdropping on network communications by a third party.
Object Reuse
Smurf
Tapping
Trusted Computing Base
23. Reduction of voltage by the utility company for a prolonged period of time
Countermeasure
Brownout
Certificate Revocation List (CRL)
Notification
24. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Shielding
Packet Filtering
Information Risk Management (IRM)
Worm
25. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
Proxies
Mirrored Site
Fault
Data Integrity
26. Summary of a communication for the purpose of integrity
Message Digest
HTTP Response Splitting
Hearsay
Mandatory
27. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.
Orange Book A Classification
Data Diddler
Evidence
Civil Or Code Law
28. Scrambled form of the message or data
Ethics
Fault Tolerance
Cipher Text
Access Control Attacks
29. Statistical probabilities of a collision are more likely than one thinks
Security Clearance
SYN Flooding
Birthday Attack
Separation Of Duties
30. An alert or alarm that is triggered when no actual attack has taken place
False (False Positive)
Incident Handling
TIFF (Tagged Image File Format)
Risk Assessment / Analysis
31. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Man-In-The-Middle Attack
Business Records
Initialization Vector
Discretionary
32. Intellectual property protection for an invention
SYN Flooding
Patent
Bridge
Payload
33. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
Monitor
Confidence Value
Vulnerability
High-Risk Areas
34. Owner directed mediation of access
Access Control Lists
Site Policy
Lattice
Discretionary
35. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
Labeling
MOM
Disaster Recovery Plan
Open Mail Relay Servers
36. The first rating that requires security labels
War Driving
Binary
Orange Book B1 Classification
Mandatory Vacations
37. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due
Elements of Negligence
Layering
Atomicity
Civil Law
38. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
Honeypot
Full Test (Full Interruption)
Fire Prevention
ITSEC
39. A type of multitasking that allows for more even distribution of computing time among competing request
Preemptive
Teardrop
Modification
Orange Book A Classification
40. Return to a normal state
Teardrop
Operational Exercise
Recovery
Least Privilege
41. One way encryption
Phishing
Business Unit Recovery
Hash Function
File Extension
42. Initial surge of current
Shadowing (file shadowing)
Information Risk Management (IRM)
Algorithm
Inrush Current
43. A documented battle plan for coordinating response to incidents.
Substitution
Incident Handling
Recovery Point Objective (RPO)
Triage
44. A disturbance that degrades performance of electronic devices and electronic communications.
Spiral
Radio Frequency Interference (RFI)
Declaration
Hash Function
45. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
Virtual Memory
5 Rules Of Evidence
Control Category
Phishing
46. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Risk
Restoration
Authentication
Hub
47. One of the key benefits of a network is the ability to share files stored on the server among several users.
File Sharing
Enticement
Restoration
Analysis
48. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Byte
Phishing
The ACID Test
Virus
49. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Proxies
Simulation
Firewalls
Data Hiding
50. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
Fire Prevention
Instance
Payload
Multi-Programming