SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
Threats
Computer System Evidence
Mirroring
Data Backup Strategies
2. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Civil Or Code Law
Operational Impact Analysis
Method
Discretionary
3. A failure of an IDS to detect an actual attack
False Negative
Security Clearance
Residual Data
Activation
4. A program with an inappropriate second purpose
Plain Text
Shift Cipher (Caesar)
Trojan Horse
Multi-Tasking
5. Requirement to take time off
User Mode (problem or program state)
Relocation
Spam
Mandatory Vacations
6. Abstract and mathematical in nature - defining all possible states - transitions and operations
Threats
One Time Pad
State Machine Model
Instance
7. Evidence must be: admissible - authentic - complete - accurate - and convincing
5 Rules Of Evidence
Surge Suppressor
Routers
Cryptovariable
8. A documented battle plan for coordinating response to incidents.
Deleted File
Incident Handling
Active Data
Rogue Access Points
9. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Consistency
Chain of Custody
Modification
Ethics
10. High level design or model with a goal of consistency - integrity - and balance
Architecture
Man-In-The-Middle Attack
Trademark
Identification
11. Threats x Vulnerability x Asset Value = Total Risk
Phishing
Application Programming Interface
Total Risk
Cross-Site Scripting
12. Unauthorized wireless network access device.
Side Channel Attack
Checksum
Rogue Access Points
Risk Assessment / Analysis
13. A type a computer memory that temporarily stores frequently used information for quick access.
Critical Functions
Cache
Deterrent
Vital Record
14. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
3 Types of harm Addressed in computer crime laws
Atomicity
Guidelines
EMI
15. Only the key protects the encrypted information
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
16. Mediation of covert channels must be addressed
Information Flow Model
Discretionary Access Control (DAC)
Framework
Encipher
17. A programming device use in development to circumvent controls
Recovery Strategy
Trapdoors (Backdoors) (Maintenance Hooks)
Digital Signature
Eavesdropping
18. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Mobile Recovery
Governance
Control Type
Fire Classes
19. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
User Mode (problem or program state)
Business Recovery Timeline
Administrative Law
Assembler
20. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Critical Records
Life Cycle of Evidence
Civil Or Code Law
Due Diligence
21. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Administrative Laws
Recovery Period
Honeypot
Hacker
22. Lower frequency noise
Multi-Processor
Radio Frequency Interference (RFI)
Disaster Recovery Teams (Business Recovery Teams)
Lattice
23. Periodic - automatic and transparent backup of data in bulk.
Electronic Vaulting
Business Impact Assessment (BIA)
Administrative Access Controls
Bollard
24. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Digital Certificate
Entrapment
Disaster Recovery Tape
Recovery
25. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.
Mock Disaster
Hot Spares
Cryptanalysis
Adware
26. A collection of information designed to reduce duplication and increase integrity
Disaster Recovery Teams (Business Recovery Teams)
Kernel
Databases
Data Dictionary
27. Just enough access to do the job
Least Privilege
War Dialing
Alert/Alarm
E-Mail Spoofing
28. Line noise that is superimposed on the supply circuit.
Operating
Noise
Worldwide Interoperability for Microwave Access (WI-MAX )
Transients
29. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
MOM
TNI (Red Book)
Event
Emergency Procedures
30. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Man-In-The-Middle Attack
Need-To-Know
Integrated Test
Private Branch Exchange (PBX)
31. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Uninterruptible Power Supply (UPS)
Acronym for American Standard Code for Information Interchange (ASCII)
Classification Scheme
Alternate Site
32. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.
Data Marts
Fire Classes
Strong Authentication
Disk Mirroring
33. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)
Contingency Plan
Noise
Residual Data
Honeynet
34. A legal enforceable agreement between: two people - two organizations - a person and an organization.
Tort
Debriefing/Feedback
Emergency
Tactical
35. Wrong against society
Burn
Permutation /Transposition
Overlapping Fragment Attack
Criminal Law
36. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Open Mail Relay Servers
Authentic
Site Policy
Spyware
37. Eavesdropping on network communications by a third party.
Sniffing
Patch Panels
Denial Of Service
Intrusion Detection Systems
38. Descrambling the encrypted message with the corresponding key
Decipher
Business Interruption Insurance
Data Warehouse
On-Site
39. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Twisted Pair
MOM
Residual Data
Certificate Revocation List (CRL)
40. Potentially retrievable data residue that remains following intended erasure of data.
Remanence
DR Or BC Coordinator
Threats
Fraggle
41. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Smurf
Forward Recovery
Information Flow Model
Total Risk
42. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Satellite
Debriefing/Feedback
Moore's Law
Non-Repudiation
43. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Encryption
Cache
Routers
Patent
44. System directed mediation of access with labels
Mandatory
Centralized Access Control Technologies
Data Recovery
Accurate
45. Is secondhand and usually not admissible in court
Hearsay Evidence
Firewall
Work Factor
Job Training
46. Inference about encrypted communications
Side Channel Attack
Key Management
Cross Training
Data Leakage
47. A passive network attack involving monitoring of traffic.
Malformed Input
Eavesdropping
Common Criteria
Business Records
48. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
IP Fragmentation
Man-In-The-Middle Attack
State Machine Model
Identification
49. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Mandatory Vacations
SYN Flooding
Business Interruption Insurance
Teardrop
50. A database backup type which records at the transaction level
Remote Journaling
Physical Tampering
Cryptography
User Mode (problem or program state)