SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Long term knowledge building
Remanence
Relocation
Education
Contact List
2. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
System Life Cycle
User
Mandatory Access Control (MAC)
Hub
3. Actions measured against either a policy or what a reasonable person would do
Sag/Dip
Due Diligence
Liability
Trademark
4. A description of a database
False Negative
Packet Filtering
Data Dictionary
Kerberos
5. System of law based upon what is good for society
Interception
Highly Confidential
Civil Or Code Law
Faraday Cage/ Shield
6. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Symmetric
Elements of Negligence
Highly Confidential
Exposure
7. People protect their domain
Sag/Dip
Eavesdropping
Deterrent
Territoriality
8. High degree of visual control
Inference
Surveillance
Mantrap (Double Door System)
Recovery Time Objectives
9. A back up type - where the organization has excess capacity in another location.
Distributed Processing
Emergency Procedures
Business Continuity Steering Committee
Trademark
10. A software design technique for abstraction of a process
Qualitative
Data Hiding
One Time Pad
Remanence
11. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Hijacking
Eavesdropping
Failure Modes and Effect Analysis (FEMA)
Operational Exercise
12. To reduce sudden rises in current
Concentrator
Surge Suppressor
Non-Discretionary Access Control
Administrative Law
13. Amount of time for restoring a business process or function to normal operations without major loss
Business Interruption Insurance
Maximum Tolerable Downtime (MTD)
Attacker (Black hat - Hacker)
Evidence
14. Asymmetric encryption of a hash of message
DR Or BC Coordinator
Digital Signature
False (False Positive)
Virtual Memory
15. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.
Declaration
Executive Succession
Internal Use Only
Simulation Test
16. Line noise that is superimposed on the supply circuit.
Payload
Multilevel Security System
Replication
Transients
17. Uncheck data input which results in redirection
HTTP Response Splitting
Mandatory
Mobile Site
Hot Spares
18. Return to a normal state
Non-Discretionary Access Control
Recovery
Event
Electrostatic Discharge
19. A type of attack involving attempted insertion - deletion or altering of data.
User
Elements of Negligence
Data Dictionary
Modification
20. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Residual Risk
Attacker (Black hat - Hacker)
Emergency Operations Center (EOC)
Bridge
21. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Access Control Matrix
2-Phase Commit
Information Technology Security Evaluation Criteria - ITSEC
Electronic Vaulting
22. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.
Emanations
Disaster Recovery Teams (Business Recovery Teams)
Kernel
Business Unit Recovery
23. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept
Convincing
Denial Of Service
Pointer
Ring Protection
24. Unauthorized wireless network access device.
Recovery
Rogue Access Points
Full Test (Full Interruption)
Inrush Current
25. Total number of keys available that may be selected by the user of a cryptosystem
Key Space
Critical Records
Off-Site Storage
Deleted File
26. Use of specialized techniques for recovery - authentication - and analysis of electronic data
Non-Repudiation
Sniffing
Instance
Computer Forensics
27. A planned or unplanned interruption in system availability.
System Downtime
Copyright
Mobile Site
Instance
28. A race condition where the security changes during the object's access
Sampling
Inference
Time Of Check/Time Of Use
Birthday Attack
29. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Blackout
Fiber Optics
Common Criteria
Safeguard
30. The core of a computer that calculates
Non-Interference
Physical Tampering
Central Processing Unit (CPU)
Encryption
31. Object based description of a system or a collection of resources
Administrative
Sharing
Exposure
Access Control Matrix
32. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Forensic Copy
Structured Walk-Through Test
Recovery
Tapping
33. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
Kerberos
Smurf
Object Oriented Programming (OOP)
Information Owner
34. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
Mission-Critical Application
Active Data
Legacy Data
Full-Interruption test
35. Requirement of access to data for a clearly defined purpose
Non-Repudiation
Blind Testing
Need-To-Know
Symmetric
36. Intellectual property protection for an confidential and critical process
Wait
Trade Secret
Declaration
System Life Cycle
37. Individuals and departments responsible for the storage and safeguarding of computerized data.
Tapping
Secondary Storage
Method
Data Custodian
38. Potentially retrievable data residue that remains following intended erasure of data.
Quantitative Risk Analysis
Key Clustering
Brute Force
Remanence
39. Identification and notification of an unauthorized and/or undesired action
Concatenation
Database Shadowing
Database Replication
Detection
40. Organization way of classifying data by factors such as criticality - sensitivity and ownership.
Residual Risk
Modification
Wait
Classification Scheme
41. A signal suggesting a system has been or is being attacked.
Data Diddler
Alert/Alarm
Birthday Attack
CobiT
42. A template for the designing the architecture
Workaround Procedures
Framework
Security Blueprint
Rogue Access Points
43. Uses two or more legal systems
Mixed Law System
Risk Mitigation
Chain of Custody
Restoration
44. A condition in which neither party is willing to stop their activity for the other to complete
File Level Deletion
Plaintext
Deadlock
Life Cycle of Evidence
45. Event(s) that cause harm
Codec
Containment
Masked/Interruptible
Incident
46. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services
Quantitative Risk Analysis
Faraday Cage/ Shield
Access Control Lists
Classification
47. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Deadlock
Business Impact Analysis
Walk Though
Pervasive Computing and Mobile Computing Devices
48. Natural or human-readable form of message
Incident Response Team
Plain Text
Walk Though
Risk Assessment
49. Outputs within a given function are the same result
Remote Journaling
Cryptology
Collisions
Inheritance
50. Summary of a communication for the purpose of integrity
Access Control Lists
Rootkit
Message Digest
False Attack Stimulus
