SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Monitor
Security Kernel
Analysis
TEMPEST
2. Substitution at the word or phrase level
Code
Sag/Dip
Honeynet
Strong Authentication
3. State of computer - to be running a process
Multi-Core
Operating
Exposure
Worldwide Interoperability for Microwave Access (WI-MAX )
4. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Multi-Processing
Full-Interruption test
Binary
Data Integrity
5. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.
Noise
Botnet
Binary
Simulation Test
6. To execute more than one instruction at an instant in time
Concentrator
Multi-Processing
Brouter
TIFF (Tagged Image File Format)
7. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Simulation
File Server
Concatenation
Fraggle
8. The technical and risk assesment of a system within the context of the operating environment
Compression
Certification
Non-Repudiation
Firewall
9. A risk assessment method - measurable real money cost
Quantitative
Intrusion Prevention Systems
Classification
Key Clustering
10. A process state - to be executing a process on the CPU
Investigation
Running
Smurf
Byte
11. High frequency noise
Firewall
Enticement
Electromagnetic Interference (EMI)
Analysis
12. Recording activities at the keyboard level
Proprietary
Key Clustering
Keystroke Logging
Lattice
13. Location where coordination and execution of BCP or DRP is directed
Data Owner
Emergency Operations Center (EOC)
Revocation
Disaster Recovery Teams (Business Recovery Teams)
14. The managerial approval to operate a system based upon knowledge of risk to operate
Forward Recovery
Locard's Principle
Parallel Test
Accreditation
15. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Security Clearance
Alert
Alternate Data Streams (File System Forks)
On-Site
16. To segregate for the purposes of labeling
Cipher Text
Business Interruption Insurance
Chain of Custody
Compartmentalize
17. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Incident Response
Orange Book C2 Classification
Evidence
Information Owner
18. Methodical research of an incident with the purpose of finding the root cause
Forensic Copy
Investigation
Multi-Party Control
Hot Spares
19. A description of a database
Mandatory Access Control (MAC)
Smurf
Data Dictionary
Plaintext
20. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Side Channel Attack
Checklist Test
Executive Succession
Trade Secret
21. Record of system activity - which provides for monitoring and detection.
5 Rules Of Evidence
Data Marts
Test Plan
Log
22. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
Kerberos
Replication
Corrective
TCSEC (Orange Book)
23. A back up type - where the organization has excess capacity in another location.
Copyright
Orange Book D Classification
Distributed Processing
Byte Level Deletion
24. A device that provides the functions of both a bridge and a router.
Brouter
Encipher
Masked/Interruptible
Accurate
25. The partial or full duplication of data from a source database to one or more destination databases.
Basics Of Secure Design
Orange Book C2 Classification
Structured Walk-Through Test
Database Replication
26. An image compression standard for photographs
Archival Data
Non-Repudiation
JPEG (Joint Photographic Experts Group)
Network Attached Storage (NAS)
27. A mathematical tool for verifying no unintentional changes have been made
Checksum
Threats
Integrated Test
Bumping
28. Moving letters around
Wait
Forensic Copy
Permutation /Transposition
Layering
29. Encryption system using a pair of mathematically related unequal keys
Elements of Negligence
Asymmetric
Cross-Site Scripting
Data Diddler
30. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
Code
Risk Mitigation
Embedded Systems
IP Address Spoofing
31. Use of specialized techniques for recovery - authentication - and analysis of electronic data
Accountability
Computer Forensics
Walk Though
Patch Management
32. Intellectual property protection for an invention
Patent
ISO/IEC 27001
Damage Assessment
Total Risk
33. Program instructions based upon the CPU's specific architecture
Machine Language (Machine Code)
Trusted Computing Base
The ACID Test
Plain Text
34. Highest level of authority at EOC with knowledge of the business process and the resources available
Data Dictionary
True Attack Stimulus
Incident Manager
Bumping
35. A type a computer memory that temporarily stores frequently used information for quick access.
Instance
Inheritance
Cache
Compression
36. Process whereby data is removed from active files and other data storage structures
Waterfall
Deletion
Examples of non-technical security components
TNI (Red Book)
37. For PKI - to store another copy of a key
Key Escrow
Rollback
Mobile Recovery
Compartmentalize
38. Deals with discretionary protection
Life Cycle of Evidence
Multilevel Security System
Near Site
Orange Book C Classification
39. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.
Access Control Matrix
Lattice
Cipher Text
Bit
40. Unsolicited commercial email
Spam
Faraday Cage/ Shield
Threat Agent
Architecture
41. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
BCP Testing Drills and Exercises
Atomicity
Disaster
Protection
42. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Repeaters
Administrative Laws
Hub
Mixed Law System
43. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
Site Policy Awareness
Consistency
Site Policy
Rootkit
44. A programming design concept which abstracts one set of functions from another in a serialized fashion
Hot Spares
Layering
Trapdoors (Backdoors) (Maintenance Hooks)
Business Impact Analysis
45. Subject based description of a system or a collection of resources
Memory Management
Incident
Separation Of Duties
Capability Tables
46. Memory management technique that allows two processes to run concurrently without interaction
Information Flow Model
Protection
Buffer Overflow
Keystroke Logging
47. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Consistency
Reciprocal Agreement
Administrative Laws
Cold Site
48. Renders the file inaccessible to the operating system - available to reuse for data storage.
File Level Deletion
Atomicity
Cross-Site Scripting
Firmware
49. Mitigation of system or component loss or interruption through use of backup capability.
Fault Tolerance
Residual Risk
Centralized Access Control Technologies
Compiler
50. A device that sequentially switches multiple analog inputs to the output.
Multiplexers
Trade Secret
Access Control
Safeguard
