SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.
Procedure
Business Recovery Team
Fragmented Data
Remote Journaling
2. Owner directed mediation of access
Sharing
Accurate
Discretionary
Sag/Dip
3. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
Recovery Point Objective (RPO)
File Extension
Certificate Revocation List (CRL)
Computer Forensics
4. To smooth out reductions or increases in power
Recovery
Microwave
Fraggle
UPS
5. Granular decision by a system of permitting or denying access to a particular resource on the system
Authorization
Log
Administrative Law
Kerckhoff's Principle
6. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Replication
Memory Management
Race Condition
Satellite
7. A process state - to be either be unable to run waiting for an external event or terminated
Watermarking
Kernel
Criminal Law
Stopped
8. Program that inappropriately collects private data or activity
Conflict Of Interest
Security Blueprint
Event
Spyware
9. Small data warehouse
Exposure
Data Marts
Durability
Polymorphism
10. Renders the file inaccessible to the operating system - available to reuse for data storage.
Activation
Incident Manager
Trusted Computing Base
File Level Deletion
11. Those who initiate the attack
Critical Functions
Logic Bomb
Trusted Computing Base
Threat Agent
12. Sphere of influence
Legacy Data
Domain
Binary
MOM
13. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
Alternate Site
Hearsay Evidence
ISO/IEC 27001
Cryptography
14. Forging of an IP address.
Data Warehouse
IP Address Spoofing
Codec
BCP Testing Drills and Exercises
15. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Service Bureau
Dangling Pointer
Mandatory Access Control (MAC)
Smurf
16. An individuals conduct that violates government laws developed to protect the public
Criminal Law
Archival Data
Machine Language (Machine Code)
Embedded Systems
17. Code making
Transients
Cryptography
Acronym for American Standard Code for Information Interchange (ASCII)
Honeynet
18. What is will remain - persistence
Radio Frequency Interference (RFI)
Durability
Intrusion Prevention Systems
Multi-Tasking
19. A programming device use in development to circumvent controls
Trapdoors (Backdoors) (Maintenance Hooks)
Access Control Lists
Business Interruption Insurance
ISO/IEC 27001
20. Unchecked data which spills into another location in memory
Non-Interference
Buffer Overflow
Running Key
TNI (Red Book)
21. Evidence must be: admissible - authentic - complete - accurate - and convincing
Analysis
System Downtime
5 Rules Of Evidence
Kerberos
22. Lower frequency noise
Twisted Pair
Strategic
Radio Frequency Interference (RFI)
Bumping
23. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Security Clearance
Change Control
Archival Data
Polymorphism
24. Organized group of compromised computers
Vital Record
Alarm Filtering
Botnet
Threat Agent
25. A software design technique for abstraction of a process
Data Hiding
Multi-Processor
One Time Pad
Accountability
26. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.
Archival Data
Shielding
Education
File Server
27. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
MOM
Separation Of Duties
Honeynet
Near Site
28. Natural or human-readable form of message
Plain Text
Workaround Procedures
Ring Protection
Steganography
29. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Containment
Redundant Servers
Phishing
Monitor
30. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
Legacy Data
Information Risk Management (IRM)
Binary
Threats
31. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities
Memory Management
Checklist Test
Basics Of Secure Design
Teardrop
32. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due
Site Policy
Elements of Negligence
Buffer Overflow
Job Training
33. To assert or claim credentialing to an authentication system
Fault
Mandatory Access Control (MAC)
Recovery Strategy
Identification
34. The collection and summation of risk data relating to a particular asset and controls for that asset
Checklist Test (desk check)
Risk Assessment
Honeypot
Full Test (Full Interruption)
35. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
File
True Attack Stimulus
Reciprocal Agreement
Gateway
36. Power surge
False (False Positive)
Electrostatic Discharge
Deterrent
Internal Use Only
37. Return to a normal state
Forensic Copy
Recovery
Workaround Procedures
Consistency
38. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Simulation
Procedure
Corrective
Business Interruption Insurance
39. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware
Encapsulation
Firewall
Cross-Site Scripting
Warm Site
40. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Brute Force
Digital Certificate
Procedure
Tar Pits
41. OOP concept of an object's abilities - what it does
Method
IP Address Spoofing
Mirroring
Criminal Law
42. Final purpose or result
CPU Cache
Orange Book D Classification
Payload
Compensating
43. One way encryption
Accountability
Hash Function
Central Processing Unit (CPU)
Checklist Test (desk check)
44. The technical and risk assesment of a system within the context of the operating environment
Trapdoors (Backdoors) (Maintenance Hooks)
Switches
Notification
Certification
45. A unit of execution
Computer System Evidence
Resumption
Threads
Monitor
46. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
IP Fragmentation
Mandatory
Decipher
Running Key
47. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Executive Succession
False (False Positive)
Governance
Call Tree
48. An unintended communication path
Hearsay Evidence
Covert Channel
Mandatory Access Control (MAC)
Electronic Vaulting
49. Control type- that is communication based - typically written or oral
Failure Modes and Effect Analysis (FEMA)
User
Administrative
Investigation
50. A group or network of honeypots
Fault
Secondary Storage
Honeynet
TIFF (Tagged Image File Format)
