SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Two different keys decrypt the same cipher text
Shadowing (file shadowing)
Workaround Procedures
Byte
Key Clustering
2. Recovery alternative - complete duplication of services including personnel
Mirrored Site
Spiral
Man-In-The-Middle Attack
Emanations
3. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Monitor
Identification
Object
Kernel
4. Security policy - procedures - and compliance enforcement
Hub
Business Unit Recovery
Architecture
Examples of non-technical security components
5. A control before attack
File Server
Safeguard
Multi-Processor
Cross-Site Scripting
6. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Incident Response
Malformed Input
Blind Testing
Ring Protection
7. Someone who want to know how something works - typically by taking it apart
Hacker
Twisted Pair
Transfer
Code
8. Binary decision by a system of permitting or denying access to the entire system
Authentication
Interpreter
TCSEC (Orange Book)
Masquerading
9. Intellectual property protection for marketing efforts
Plaintext
Life Cycle of Evidence
File Shadowing
Trademark
10. To know more than one job
Common Criteria
Computer System Evidence
System Life Cycle
Cross Training
11. To evaluate the current situation and make basic decisions as to what to do
5 Rules Of Evidence
Orange Book C Classification
Identification
Triage
12. Review of data
Running
Computer Forensics
Analysis
Cookie
13. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Object Reuse
Cross-Site Scripting
Bit
Change Control
14. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
Object Oriented Programming (OOP)
Embedded Systems
Birthday Attack
Key Management
15. Short period of low voltage.
Sag/Dip
Mobile Site
Switches
Firmware
16. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.
Record Level Deletion
Contact List
Operational
Security Clearance
17. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Rootkit
Threads
Recovery Point Objective (RPO)
Business Impact Assessment (BIA)
18. The first rating that requires security labels
Orange Book B1 Classification
Full Test (Full Interruption)
Encryption
Fault Tolerance
19. Low level - pertaining to planning
Threads
Classification
Tactical
Multi-Processor
20. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
The ACID Test
Compensating
Operational Test
Honeynet
21. Line by line translation from a high level language to machine code
Containment
Standalone Test
Risk Assessment
Interpreter
22. Collection of data on business functions which determines the strategy of resiliency
Information Risk Management (IRM)
Business Impact Assessment (BIA)
Spam
Picking
23. A device that provides the functions of both a bridge and a router.
Brouter
Brute Force
Lattice
Coaxial Cable
24. Encryption system using shared key/private key/single key/secret key
Firewall
Rogue Access Points
Symmetric
Legacy Data
25. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
Preemptive
Interference (Noise)
Shielding
UPS
26. Property that data is represented in the same manner at all times
Governance
Surge Suppressor
Consistency
Record Level Deletion
27. Descrambling the encrypted message with the corresponding key
Containment
Firewall
Shift Cipher (Caesar)
Decipher
28. Methodical research of an incident with the purpose of finding the root cause
Distributed Denial Of Service
Discretionary Access Control (DAC)
Watermarking
Investigation
29. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Certificate Revocation List (CRL)
Electronic Vaulting
CobiT
Hearsay
30. Someone who wants to cause harm
Orange Book C2 Classification
Attacker (Black hat - Hacker)
Contingency Plan
Accurate
31. Requirement to take time off
Mandatory Vacations
Standalone Test
Shadowing (file shadowing)
Atomicity
32. To set the clearance of a subject or the classification of an object
Labeling
Security Blueprint
Tactical
Hijacking
33. A structured group of teams ready to take control of the recovery operations if a disaster should occur.
Compensating
Firmware
Multi-Party Control
Disaster Recovery Teams (Business Recovery Teams)
34. Controls for termination of attempt to access object
Intrusion Prevention Systems
Embedded Systems
Alarm Filtering
UPS
35. Highest level of authority at EOC with knowledge of the business process and the resources available
Critical Infrastructure
Operating
Incident Manager
CobiT
36. Maintenance procedures outline the process for the review and update of business continuity plans.
Assembler
Plan Maintenance Procedures
System Downtime
File Level Deletion
37. Pertaining to law - accepted by a court
Territoriality
ff Site
Admissible
UPS
38. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.
Strong Authentication
Containment
Data Leakage
Processes are Isolated By
39. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
Satellite
TEMPEST
Basics Of Secure Design
Data Marts
40. An attack involving the hijacking of a TCP session by predicting a sequence number.
Information Risk Management (IRM)
Emanations
Class
Sequence Attacks
41. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Administrative Law
Locard's Principle
Concentrator
Compartmentalize
42. A state where two subjects can access the same object without proper mediation
Contingency Plan
Criminal Law
Race Condition
Waterfall
43. Program that inappropriately collects private data or activity
Orange Book C Classification
Spyware
Hijacking
Key Clustering
44. Pertaining to law - no omissions
Hot Site
Reciprocal Agreement
Reference Monitor
Complete
45. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Reciprocal Agreement
Strong Authentication
The ACID Test
Multilevel Security System
46. Try a list of words in passwords or encryption keys
Wireless Fidelity (Wi-Fi )
Dictionary Attack
Physical Tampering
Marking
47. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Pointer
Education
Uninterruptible Power Supply (UPS)
Cryptovariable
48. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Job Training
Life Cycle of Evidence
State Machine Model
Debriefing/Feedback
49. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.
Detection
Cryptography
Electronic Vaulting
Birthday Attack
50. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Exercise
Detective
Object Oriented Programming (OOP)
Admissible