SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials
Administrative Laws
Threat Agent
Capability Tables
Administrative
2. With enough computing power trying all possible combinations
Administrative Law
Operational Exercise
Brute Force
Patent
3. An asymmetric cryptography mechanism that provides authentication.
Radio Frequency Interference (RFI)
Machine Language (Machine Code)
Job Training
Digital Signature
4. Fault tolerance for power
Object Oriented Programming (OOP)
Bit
Critical Records
Generator
5. Two different keys decrypt the same cipher text
Standalone Test
Incident Response
Source Routing Exploitation
Key Clustering
6. A computer designed for the purpose of studying adversaries
Record Level Deletion
Rogue Access Points
Honeypot
Waterfall
7. Alerts personnel to the presence of a fire
Discretionary Access Control (DAC)
Business Unit Recovery
UPS
Fire Detection
8. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.
Off-Site Storage
Bumping
Operational Exercise
Access Control
9. A state for operating system tasks only
Near Site
Durability
Supervisor Mode (monitor - system - privileged)
Emanations
10. Is secondhand and usually not admissible in court
Database Replication
Brownout
Hearsay Evidence
Forensic Copy
11. Location where coordination and execution of BCP or DRP is directed
Labeling
Near Site
Virtual Memory
Emergency Operations Center (EOC)
12. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
Separation Of Duties
ISO/IEC 27002
Accountability
Assembler
13. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Security Kernel
Object Reuse
Site Policy Awareness
Standalone Test
14. Unused storage capacity
Remote Access Trojan
Shielding
Concentrator
Slack Space
15. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Pervasive Computing and Mobile Computing Devices
Non-Repudiation
Debriefing/Feedback
Information Risk Management (IRM)
16. Uncheck data input which results in redirection
Trapdoors (Backdoors) (Maintenance Hooks)
Business Interruption
HTTP Response Splitting
Declaration
17. Renders the record inaccessible to the database management system
Prevention
Permutation /Transposition
Record Level Deletion
Hot Spares
18. To set the clearance of a subject or the classification of an object
IP Address Spoofing
Containment
Redundant Servers
Labeling
19. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Fire Detection
Accurate
Cryptography
Life Cycle of Evidence
20. Evidence must be: admissible - authentic - complete - accurate - and convincing
Process Isolation
Incident Handling
Polyalphabetic
5 Rules Of Evidence
21. Sudden rise in voltage in the power supply.
True Attack Stimulus
Public Key Infrastructure (PKI)
False Negative
Surge
22. Return to a normal state
Guidelines
Life Cycle of Evidence
Evidence
Recovery
23. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
Processes are Isolated By
Access Control Lists
Examples of non-technical security components
Data Marts
24. A database that contains the name - type - range of values - source and authorization for access for each data element
Orange Book B1 Classification
Compiler
Event
Data Dictionary
25. False memory reference
Domain
Remanence
Boot (V.)
Dangling Pointer
26. Lower frequency noise
Radio Frequency Interference (RFI)
Salami
False Negative
Botnet
27. A condition in which neither party is willing to stop their activity for the other to complete
False (False Positive)
Restoration
Deadlock
Multi-Party Control
28. An image compression standard for photographs
Service Bureau
Electromagnetic Interference (EMI)
JPEG (Joint Photographic Experts Group)
Classification Scheme
29. The partial or full duplication of data from a source database to one or more destination databases.
Information Flow Model
Examples of technical security components
Database Replication
Key Escrow
30. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.
Cold Site
False Negative
Data Dictionary
Restoration
31. A device that provides the functions of both a bridge and a router.
Business Recovery Timeline
Brouter
Multi-Processing
Man-In-The-Middle Attack
32. Measures followed to restore critical functions following a security incident.
Processes are Isolated By
Recovery
Forward Recovery
Cache
33. Converts source code to an executable
Faraday Cage/ Shield
High-Risk Areas
Redundant Servers
Compiler
34. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?
Chain of Custody
Multi-Core
Multi-Programming
Checklist Test (desk check)
35. One entity with two competing allegiances
Conflict Of Interest
File Level Deletion
Classification
Examples of non-technical security components
36. Mediation of covert channels must be addressed
Information Flow Model
JPEG (Joint Photographic Experts Group)
Integrated Test
Mobile Recovery
37. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Activation
Quantitative Risk Analysis
Exposure
Sequence Attacks
38. Subset of operating systems components dedicated to protection mechanisms
Security Kernel
Top Secret
Orange Book B2 Classification
Residual Risk
39. Mitigation of system or component loss or interruption through use of backup capability.
Fault Tolerance
On-Site
Liability
Keystroke Logging
40. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
Phishing
Rogue Access Points
Data Backups
Containment
41. One way encryption
UPS
Access Point
Hash Function
Proxies
42. Record of system activity - which provides for monitoring and detection.
Business Interruption Insurance
Certification
Asymmetric
Log
43. Moving the alphabet intact a certain number spaces
Access Control
Cookie
Bit
Shift Cipher (Caesar)
44. Summary of a communication for the purpose of integrity
Crisis
Message Digest
Non-Discretionary Access Control
Operational Exercise
45. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
One Time Pad
Common Criteria
Recovery Strategy
ISO/IEC 27001
46. Less granular organization of controls -
Control Type
Surge
Eavesdropping
Authorization
47. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Phishing
2-Phase Commit
Top Secret
Brownout
48. Threats x Vulnerability x Asset Value = Total Risk
Source Routing Exploitation
Full Test (Full Interruption)
Isolation
Total Risk
49. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data
Byte Level Deletion
Cryptanalysis
Tort
Electronic Vaulting
50. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
Deadlock
Risk Mitigation
BCP Testing Drills and Exercises
Salami