SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Firewalls
Recovery Period
Risk Assessment
Ring Protection
2. Malware that subverts the detective controls of an operating system
DR Or BC Coordinator
Sampling
Rootkit
Accreditation
3. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.
Accurate
Orange Book B2 Classification
Recovery
Technical Access Controls
4. Recovery alternative - complete duplication of services including personnel
Need-To-Know
Checklist Test (desk check)
Classification
Mirrored Site
5. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Critical Records
Brownout
Repeaters
Incident
6. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Relocation
Mission-Critical Application
Active Data
Pervasive Computing and Mobile Computing Devices
7. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Authentic
Operational Test
Checklist Test
Business Continuity Steering Committee
8. Real-time - automatic and transparent backup of data.
Admissible
Logic Bomb
Remote Journaling
Running Key
9. A passive network attack involving monitoring of traffic.
Worm
Steganography
Eavesdropping
Concentrator
10. Record history of incident
Firewalls
Checklist Test (desk check)
Network Attached Storage (NAS)
Tracking
11. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Locard's Principle
Business Interruption Insurance
Deletion
SYN Flooding
12. The guardian of asset(s) - a maintenance activity
TCSEC (Orange Book)
Custodian
System Life Cycle
Event
13. Trading one for another
Virtual Memory
High-Risk Areas
Substitution
Durability
14. A copy of transaction data - designed for querying and reporting
Data Warehouse
Salami
Residual Risk
Malformed Input
15. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.
Internal Use Only
Backup
Full-Interruption test
Incident
16. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
ISO/IEC 27001
Picking
False Attack Stimulus
Data Backups
17. A process state - (blocked) needing input before continuing
Mirroring
Wait
SQL Injection
Active Data
18. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
Class
Highly Confidential
Embedded Systems
Fiber Optics
19. A mobilized resource purchased or contracted for the purpose of business recovery.
Hearsay Evidence
Access Control
Mobile Recovery
Tactical
20. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Patch Panels
Change Control
Stopped
Operational
21. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
Virtual Memory
Collisions
Data Integrity
The ACID Test
22. A covert storage channel on the file attribute
Dictionary Attack
Incident Handling
Failure Modes and Effect Analysis (FEMA)
Alternate Data Streams (File System Forks)
23. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination
Man-In-The-Middle Attack
Multi-Processing
Inheritance
Highly Confidential
24. System directed mediation of access with labels
Network Attached Storage (NAS)
Deadlock
Mandatory
Cold Site
25. Controls for termination of attempt to access object
Electromagnetic Interference (EMI)
Intrusion Prevention Systems
Byte Level Deletion
Business Continuity Steering Committee
26. Guidelines within an organization that control the rules and configurations of an IDS
Site Policy
Detective
Embedded
Intrusion Detection Systems
27. Collection of data on business functions which determines the strategy of resiliency
Twisted Pair
Byte Level Deletion
Alert
Business Impact Assessment (BIA)
28. A technology that reduces the size of a file.
File Server
Layering
Compression
Business Recovery Team
29. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Crisis
Separation Of Duties
Simulation
Bumping
30. Unauthorized access of network devices.
Key Clustering
EMI
Separation Of Duties
Physical Tampering
31. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.
File Extension
Code
Business Recovery Team
CobiT
32. Representatives from each functional area or department get together and walk through the plan from beginning to end.
Structured Walk-Through Test
Standard
Recovery
Repeaters
33. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Virtual Memory
Mock Disaster
Orange Book A Classification
Operational Exercise
34. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
Cryptanalysis
Data Leakage
ISO/IEC 27002
Intrusion Prevention Systems
35. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Permutation /Transposition
Twisted Pair
Declaration
Trade Secret
36. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
Rogue Access Points
Private Branch Exchange (PBX)
Mirroring
Authorization
37. Two certificate authorities that trust each other
TNI (Red Book)
Administrative Access Controls
Operational Impact Analysis
Cross Certification
38. A Trojan horse with the express underlying purpose of controlling host from a distance
Risk Assessment
Directive
Forensic Copy
Remote Access Trojan
39. Written step-by-step actions
Common Law
Twisted Pair
Emergency
Procedure
40. The level and label given to an individual for the purpose of compartmentalization
Security Clearance
False Negative
Plaintext
Data Integrity
41. Uses two or more legal systems
Mandatory Vacations
File Extension
Mixed Law System
Legacy Data
42. A device that provides the functions of both a bridge and a router.
Brouter
Access Control Matrix
Slack Space
Dangling Pointer
43. Code breaking - practice of defeating the protective properties of cryptography.
Discretionary
Corrective
Off-Site Storage
Cryptanalysis
44. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.
File Extension
Contact List
User Mode (problem or program state)
Emanations
45. Another subject cannot see an ongoing or pending update until it is complete
Radio Frequency Interference (RFI)
Initialization Vector
Discretionary
Isolation
46. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Non-Discretionary Access Control
Bridge
IP Address Spoofing
Disaster Recovery Tape
47. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services
Policy
Blind Testing
Consistency
Access Control Lists
48. To reduce fire
SQL Injection
Picking
Call Tree
Fire Suppression
49. Communication of a security incident to stakeholders and data owners.
Notification
File Extension
Electromagnetic Interference (EMI)
Slack Space
50. Controls deployed to avert unauthorized and/or undesired actions.
Brouter
Digital Signature
Prevention
Private Branch Exchange (PBX)
