SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Open Mail Relay Servers
Integrated Test
Alarm Filtering
Access Control
2. Measures followed to restore critical functions following a security incident.
Replication
Internal Use Only
Recovery
Locard's Principle
3. Record of system activity - which provides for monitoring and detection.
Firewall
Log
Surge
Qualitative
4. Use of specialized techniques for recovery - authentication - and analysis of electronic data
Cryptanalysis
Digital Signature
Computer Forensics
Disaster Recovery Plan
5. Line by line translation from a high level language to machine code
File
Hot Site
Interpreter
Interference (Noise)
6. OOP concept of a taking attributes from the original or parent
Exposure
Alert/Alarm
Inheritance
Remote Journaling
7. A device that converts between digital and analog representation of data.
Modems
Multilevel Security System
Plain Text
Orange Book C2 Classification
8. Short period of low voltage.
User
Examples of technical security components
Sag/Dip
Digital Certificate
9. More than one CPU on a single board
Liability
Resumption
Trademark
Multi-Core
10. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Complete
Inference
Phishing
Multilevel Security System
11. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Information Technology Security Evaluation Criteria - ITSEC
Authorization
Data Custodian
Network Attached Storage (NAS)
12. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Monitor
Physical Tampering
Vital Record
Embedded Systems
13. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
Business Impact Assessment (BIA)
Integrated Test
Covert Channel
High-Risk Areas
14. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Data Integrity
Strong Authentication
Tracking
Data Warehouse
15. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.
Targeted Testing
Plaintext
Distributed Denial Of Service
Shift Cipher (Caesar)
16. A process state - to be either be unable to run waiting for an external event or terminated
MOM
Stopped
Trademark
Business Unit Recovery
17. Program that inappropriately collects private data or activity
Corrective
Alert/Alarm
Spyware
Remote Journaling
18. Scrambled form of the message or data
Cipher Text
Bollard
Safeguard
Simulation
19. Code making
Activation
Cryptography
Authentic
Multi-Processing
20. OOP concept of an object's abilities - what it does
Remanence
Blackout
Method
Electronic Vaulting
21. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Due Diligence
Recovery Period
Botnet
Alert/Alarm
22. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Digital Signature
Microwave
JPEG (Joint Photographic Experts Group)
Risk Assessment / Analysis
23. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Log
Information Owner
Coaxial Cable
Covert Channel
24. Subject based description of a system or a collection of resources
Capability Tables
Log
Interpreter
TCSEC (Orange Book)
25. Written internalized or nationalized norms that are internal to an organization
Monitor
Standard
E-Mail Spoofing
Worm
26. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Mandatory Access Control (MAC)
Hub
Business Impact Assessment (BIA)
Plain Text
27. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
2-Phase Commit
Classification
War Dialing
Residual Risk
28. OOP concept of a template that consist of attributes and behaviors
Accreditation
Incident
Class
Wait
29. The technical and risk assesment of a system within the context of the operating environment
Object Oriented Programming (OOP)
Instance
Switches
Certification
30. Identification and notification of an unauthorized and/or undesired action
Certification Authority
Wireless Fidelity (Wi-Fi )
Detection
Fire Detection
31. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Call Tree
Fire Prevention
Keyed-Hashing For Message Authentication
Patent
32. For PKI - to have more than one person in charge of a sensitive function
Intrusion Prevention Systems
Top Secret
Multi-Party Control
Routers
33. Something that happened
Event
ff Site
Radio Frequency Interference (RFI)
Data Marts
34. The core of a computer that calculates
Inheritance
Central Processing Unit (CPU)
Kerberos
Key Space
35. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
Job Rotation
Encryption
ISO/IEC 27001
Forward Recovery
36. Recording activities at the keyboard level
Intrusion Prevention Systems
Keystroke Logging
E-Mail Spoofing
Denial Of Service
37. Unsolicited commercial email
Quantitative
Spam
False Negative
Integrated Test
38. Natural occurrence in circuits that are in close proximity
Analysis
Instance
Interference (Noise)
Wireless Fidelity (Wi-Fi )
39. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance
Risk Assessment / Analysis
Critical Infrastructure
Redundant Array Of Independent Drives (RAID)
Trapdoors (Backdoors) (Maintenance Hooks)
40. Requirement of access to data for a clearly defined purpose
Enticement
SQL Injection
Administrative
Need-To-Know
41. To reduce fire
Fire Suppression
Brownout
SQL Injection
Race Condition
42. A passive network attack involving monitoring of traffic.
Polymorphism
Storage Area Network (SAN)
Eavesdropping
Redundant Array Of Independent Drives (RAID)
43. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Patent
Business Continuity Steering Committee
Countermeasure
Content Dependent Access Control
44. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
IP Fragmentation
Substitution
Event
Standalone Test
45. An availability attack - to consume resources to the point of exhaustion from multiple vectors
Public Key Infrastructure (PKI)
Distributed Denial Of Service
Incident Handling
Hot Site
46. A backup of data located where staff can gain access immediately
On-Site
Patch Panels
Containment
Virus
47. The connection between a wireless and wired network.
Incident Response Team
Lattice
Access Point
Least Privilege
48. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
CPU Cache
Damage Assessment
Chain of Custody
Event
49. Inappropriate data
Spyware
User Mode (problem or program state)
Malformed Input
Threat Agent
50. A system that enforces an access control policy between two networks.
Fire Suppression
Rollback
Conflict Of Interest
Firewalls