SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An event which stops business from continuing.
Disaster
Triage
Patent
Administrative Access Controls
2. An unintended communication path
Resumption
Business Recovery Timeline
Reciprocal Agreement
Covert Channel
3. Uses two or more legal systems
Attacker (Black hat - Hacker)
Electromagnetic Interference (EMI)
Mixed Law System
False (False Positive)
4. Converts a high level language into machine language
Patent
Assembler
Wireless Fidelity (Wi-Fi )
Marking
5. The core of a computer that calculates
Central Processing Unit (CPU)
State Machine Model
Disaster Recovery Teams (Business Recovery Teams)
Data Backups
6. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Entrapment
Central Processing Unit (CPU)
Data Integrity
Life Cycle of Evidence
7. A layer 3 device that used to connect two or more network segments and regulate traffic.
Routers
Incident Response Team
Complete
Alternate Site
8. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
MOM
IP Fragmentation
Transients
Patch Management
9. Object reuse protection and auditing
Data Dictionary
Territoriality
Orange Book C2 Classification
Accurate
10. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Teardrop
Civil Law
Analysis
Countermeasure
11. To load the first piece of software that starts a computer.
Concentrator
Alarm Filtering
Boot (V.)
Threads
12. Unauthorized access of network devices.
User
Physical Tampering
Discretionary
Steganography
13. A process state - to be executing a process on the CPU
Database Shadowing
Preemptive
Running
Embedded Systems
14. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Privacy Laws
IDS Intrusion Detection System
Risk Assessment
Forensic Copy
15. Organization way of classifying data by factors such as criticality - sensitivity and ownership.
Restoration
Threat Agent
Classification Scheme
Sampling
16. To know more than one job
Operational
Cross Training
Sag/Dip
Storage Area Network (SAN)
17. May be responsible for overall recovery of an organization or unit(s).
Byte
MOM
DR Or BC Coordinator
Microwave
18. Real-time - automatic and transparent backup of data.
Remote Journaling
Virus
Kerckhoff's Principle
Compiler
19. Eight bits.
Object
Checklist Test (desk check)
Byte
Containment
20. Renders the file inaccessible to the operating system - available to reuse for data storage.
File Level Deletion
Bumping
Data Owner
False Attack Stimulus
21. A one way - directed graph which indicates confidentiality or integrity flow
Risk Mitigation
Lattice
Honeypot
Ring Protection
22. Final purpose or result
Payload
Centralized Access Control Technologies
TNI (Red Book)
Tactical
23. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.
Data Custodian
Convincing
Mirrored Site
Redundant Servers
24. Uncleared buffers or media
Object Reuse
Remote Journaling
Electronic Vaulting
Maximum Tolerable Downtime (MTD)
25. A description of a database
Access Control Lists
Cipher Text
Private Branch Exchange (PBX)
Data Dictionary
26. Recording the Who What When Where How of evidence
Chain Of Custody
Noise
Strategic
Electrostatic Discharge
27. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Emanations
E-Mail Spoofing
Orange Book A Classification
Evidence
28. A choice in risk management - to implement a control that limits or lessens negative effects
Total Risk
Checksum
Burn
Mitigate
29. Mathematical function that determines the cryptographic operations
Class
Algorithm
Remote Journaling
Emergency
30. Sudden rise in voltage in the power supply.
Mirrored Site
Common Criteria
Disk Mirroring
Surge
31. A telephone exchange for a specific office or business.
Blind Testing
Archival Data
Message Digest
Private Branch Exchange (PBX)
32. Power surge
Fragmented Data
Firewalls
Resumption
Electrostatic Discharge
33. Actions measured against either a policy or what a reasonable person would do
Mixed Law System
Risk
Due Diligence
Change Control
34. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
Man-In-The-Middle Attack
Least Privilege
Coaxial Cable
BCP Testing Drills and Exercises
35. A set of laws that the organization agrees to be bound by
False Negative
Administrative Law
Digital Certificate
EMI
36. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.
Tapping
Computer Forensics
Machine Language (Machine Code)
Plaintext
37. Asymmetric encryption of a hash of message
Encapsulation
Job Rotation
Resumption
Digital Signature
38. Return to a normal state
Repeaters
Emergency Operations Center (EOC)
Recovery
Spam
39. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas
Public Key Infrastructure (PKI)
Sharing
Incident Response Team
Gateway
40. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Gateway
Disaster Recovery Tape
File Sharing
Electronic Vaulting
41. Most granular organization of controls
Control Category
Cryptovariable
Administrative Law
Denial Of Service
42. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
Enticement
Cryptography
Inference
TCSEC (Orange Book)
43. System mediation of access with the focus on the context of the request
Plaintext
Identification
Private Branch Exchange (PBX)
Content Dependent Access Control
44. Hardware or software that is part of a larger system
Detective
Time Of Check/Time Of Use
Compression
Embedded
45. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Smurf
Highly Confidential
Memory Management
3 Types of harm Addressed in computer crime laws
46. Unchecked data which spills into another location in memory
Buffer Overflow
Data Recovery
Standard
Archival Data
47. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
Disaster Recovery Plan
Active Data
Reference Monitor
Service Bureau
48. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
SYN Flooding
Business Impact Analysis
Fiber Optics
Discretionary Access Control (DAC)
49. Subjects will not interact with each other's objects
Non-Interference
Spam
Relocation
Metadata
50. Alerts personnel to the presence of a fire
Debriefing/Feedback
Denial Of Service
Fire Detection
Object Reuse