SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Wrong against society
Declaration
IDS Intrusion Detection System
Archival Data
Criminal Law
2. Location where coordination and execution of BCP or DRP is directed
Logic Bomb
Technical Access Controls
Emergency Operations Center (EOC)
Access Control
3. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.
Executive Succession
Machine Language (Machine Code)
Coaxial Cable
Redundant Servers
4. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Recovery
Detection
Cryptanalysis
Overlapping Fragment Attack
5. The partial or full duplication of data from a source database to one or more destination databases.
Database Replication
Recovery
Supervisor Mode (monitor - system - privileged)
Trade Secret
6. Hitting a filed down key in a lock with a hammer to open without real key
JPEG (Joint Photographic Experts Group)
Framework
Bumping
Public Key Infrastructure (PKI)
7. Evaluation of a system without prior knowledge by the tester
Denial Of Service
Blind Testing
Isolation
Orange Book C2 Classification
8. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
Threats
Multi-Processing
Examples of non-technical security components
Shielding
9. Controls for termination of attempt to access object
Intrusion Prevention Systems
Payload
Pervasive Computing and Mobile Computing Devices
Mission-Critical Application
10. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Convincing
Initialization Vector
Buffer Overflow
Legacy Data
11. Quantity of risk remaining after a control is applied
Smurf
Access Control Lists
Residual Risk
Business Recovery Team
12. Regular operations are stopped and where processing is moved to the alternate site.
Full-Interruption test
Running
Detective
File Extension
13. Employment education done once per position or at significant change of function
Data Recovery
CobiT
Off-Site Storage
Job Training
14. A layer 2 device that used to connect two or more network segments and regulate traffic.
Switches
Gateway
Key Escrow
Alert
15. To start business continuity processes
Business Impact Analysis
Class
Electrostatic Discharge
Activation
16. Individuals and departments responsible for the storage and safeguarding of computerized data.
Job Rotation
Data Custodian
Physical Tampering
Checklist Test
17. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.
ff Site
Burn
Locard's Principle
Quantitative
18. Transaction controls for a database - a return to a previous state
Intrusion Detection Systems
Rollback
Deleted File
Satellite
19. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
File Extension
Acronym for American Standard Code for Information Interchange (ASCII)
Policy
Structured Walk-Through Test
20. Just enough access to do the job
Least Privilege
Critical Functions
Application Programming Interface
Discretionary
21. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
File Shadowing
Operational Exercise
Application Programming Interface
Concentrator
22. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
Surge
Denial Of Service
File Extension
Alarm Filtering
23. A record that must be preserved and available for retrieval if needed.
5 Rules Of Evidence
Notification
Vital Record
Mixed Law System
24. Use of specialized techniques for recovery - authentication - and analysis of electronic data
Remanence
Site Policy Awareness
Computer Forensics
Key Escrow
25. Substitution at the word or phrase level
Failure Modes and Effect Analysis (FEMA)
Sag/Dip
Code
Procedure
26. Security policy - procedures - and compliance enforcement
Critical Records
Control Type
Examples of non-technical security components
Orange Book B1 Classification
27. Object based description of a system or a collection of resources
Access Control Matrix
ISO/IEC 27001
Standard
Radio Frequency Interference (RFI)
28. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Polyalphabetic
Emergency
Recovery Time Objectives
Mixed Law System
29. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due
Redundant Servers
Trapdoors (Backdoors) (Maintenance Hooks)
Elements of Negligence
Declaration
30. Line by line translation from a high level language to machine code
Cross Certification
Alternate Data Streams (File System Forks)
Interpreter
Multi-Core
31. A backup type - for databases at a point in time
Cross Training
System Downtime
Convincing
Shadowing (file shadowing)
32. Hardware or software that is part of a larger system
Embedded
Record Level Deletion
Access Control
Custodian
33. To collect many small pieces of data
Aggregation
Alternate Data Streams (File System Forks)
Business Continuity Program
Authentic
34. Controls for logging and alerting
Alternate Site
Business Impact Assessment (BIA)
Intrusion Detection Systems
SQL Injection
35. A hash that has been further encrypted with a symmetric algorithm
Due Care
Keyed-Hashing For Message Authentication
Hot Site
Domain
36. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Digital Signature
Risk Mitigation
Hub
Inrush Current
37. Control category - more than one control on a single asset
Hash Function
Compensating
Alternate Data Streams (File System Forks)
Remote Access Trojan
38. An attack involving the hijacking of a TCP session by predicting a sequence number.
Firewall
Mobile Recovery
Computer System Evidence
Sequence Attacks
39. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Hard Disk
Eavesdropping
Time Of Check/Time Of Use
Threats
40. To reduce fire
Full-Interruption test
Encapsulation
Deterrent
Fire Suppression
41. Specific format of technical and physical controls that support the chosen framework and the architecture
Incident Response Team
Activation
Infrastructure
Qualitative
42. Intellectual property protection for the expression of an idea
Copyright
Operating
Multi-Processing
Plain Text
43. Program that inappropriately collects private data or activity
Spyware
Emergency Procedures
Injection
Data Custodian
44. Trading one for another
Class
Substitution
Event
Exercise
45. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Capability Tables
Business Continuity Steering Committee
Incident Handling
Mock Disaster
46. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Contact List
Fraggle
TIFF (Tagged Image File Format)
Pointer
47. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Privacy Laws
Business Impact Analysis
Countermeasure
Restoration
48. The guardian of asset(s) - a maintenance activity
Architecture
Custodian
Certificate Revocation List (CRL)
Durability
49. A condition in which neither party is willing to stop their activity for the other to complete
Stopped
Test Plan
Deadlock
CobiT
50. Actions measured against either a policy or what a reasonable person would do
Virtual Memory
Due Diligence
Transfer
Inrush Current
