SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due
Enticement
Elements of Negligence
Labeling
Analysis
2. Information about a particular data set
Metadata
Slack Space
Strategic
Running Key
3. Record of system activity - which provides for monitoring and detection.
Log
Residual Risk
Data Dictionary
Administrative Law
4. With enough computing power trying all possible combinations
Fiber Optics
Trusted Computing Base
Brute Force
Hard Disk
5. Effort/time needed to overcome a protective measure
Work Factor
Firmware
Deadlock
Operational Test
6. A state for operating system tasks only
Supervisor Mode (monitor - system - privileged)
Chain of Custody
Coaxial Cable
Due Diligence
7. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Internal Use Only
Exposure
Hearsay
Non-Repudiation
8. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
Non-Interference
Basics Of Secure Design
Access Control
Crisis
9. Creation distribution update and deletion
Administrative Law
Parallel Test
Rootkit
Key Management
10. Deals with discretionary protection
Orange Book C Classification
Key Clustering
Recovery
Spyware
11. An encryption method that has a key as long as the message
Examples of non-technical security components
Crisis
Orange Book B1 Classification
Running Key
12. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.
Concentrator
Accreditation
Pervasive Computing and Mobile Computing Devices
File Server
13. Some systems are actually run at the alternate site
Declaration
Kerberos
Parallel Test
Radio Frequency Interference (RFI)
14. Use of specialized techniques for recovery - authentication - and analysis of electronic data
Debriefing/Feedback
Incident Manager
Entrapment
Computer Forensics
15. Power surge
Certification
Confidence Value
Honeypot
Electrostatic Discharge
16. Physical description on the exterior of an object that communicates the existence of a label
Marking
Technical Access Controls
Degauss
Brute Force
17. Trading one for another
Total Risk
Logic Bomb
Standalone Test
Substitution
18. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.
Bit
Compartmentalize
Attacker (Black hat - Hacker)
Structured Walk-Through Test
19. Try a list of words in passwords or encryption keys
Labeling
Concentrator
SYN Flooding
Dictionary Attack
20. Narrow scope examination of a system
Malformed Input
HTTP Response Splitting
Targeted Testing
Application Programming Interface
21. Review of data
Event
Conflict Of Interest
Quantitative
Analysis
22. Descrambling the encrypted message with the corresponding key
Multi-Programming
Business Continuity Planning (BCP)
Decipher
Recovery
23. A documented battle plan for coordinating response to incidents.
Life Cycle of Evidence
Kernel
System Downtime
Incident Handling
24. Subjects will not interact with each other's objects
Blackout
Confidence Value
Non-Interference
Cryptovariable
25. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.
Administrative Laws
Deletion
Electronic Vaulting
Information Flow Model
26. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Due Diligence
File Level Deletion
Corrective
Rollback
27. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Residual Data
Durability
Coaxial Cable
Active Data
28. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Emergency
Kernel
Threads
Bridge
29. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
TIFF (Tagged Image File Format)
Emanations
E-Mail Spoofing
EMI
30. Measures followed to restore critical functions following a security incident.
Identification
Authentication
Mitigate
Recovery
31. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.
Steganography
Residual Data
UPS
Patch Panels
32. A record that must be preserved and available for retrieval if needed.
Uninterruptible Power Supply (UPS)
Concatenation
True Attack Stimulus
Vital Record
33. A control after attack
Monitor
Containment
Countermeasure
Test Plan
34. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Incident Handling
Business Recovery Timeline
Remote Journaling
Data Hiding
35. A structured group of teams ready to take control of the recovery operations if a disaster should occur.
Disaster Recovery Teams (Business Recovery Teams)
Burn
Secondary Storage
Privacy Laws
36. Memory management technique that allows two processes to run concurrently without interaction
Protection
Twisted Pair
TEMPEST
Pointer
37. Summary of a communication for the purpose of integrity
Education
Crisis
Data Warehouse
Message Digest
38. Impossibility of denying authenticity and identity
Databases
CPU Cache
Non-Repudiation
Tracking
39. A electronic attestation of identity by a certificate authority
Satellite
Civil Or Code Law
Multi-Processor
Digital Certificate
40. A failure of an IDS to detect an actual attack
Directive
Brownout
Running Key
False Negative
41. Code making
Cryptography
Encapsulation
Hacker
File Shadowing
42. A mobilized resource purchased or contracted for the purpose of business recovery.
Containment
Mobile Recovery
Degauss
Burn
43. The technical and risk assesment of a system within the context of the operating environment
Isolation
Surge Suppressor
Critical Records
Certification
44. Wrong against society
Code
Criminal Law
Storage Area Network (SAN)
File Server
45. To break a business process into separate functions and assign to different people
Honeypot
Stopped
Framework
Separation Of Duties
46. A perpetrator leaves something behind or takes something with them at the scene of a crime
47. Recognition of an individual's assertion of identity.
Transients
Identification
Cross-Site Scripting
Site Policy
48. Part of a transaction control for a database which informs the database of the last recorded transaction
Analysis
Authentic
Injection
Checkpoint
49. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.
Worldwide Interoperability for Microwave Access (WI-MAX )
Reference Monitor
Orange Book B1 Classification
Firewall
50. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Mission-Critical Application
Tapping
Simulation
Checkpoint
