SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A programming design concept which abstracts one set of functions from another in a serialized fashion
Layering
Business Records
Reference Monitor
Exercise
2. To reduce fire
Inheritance
Stopped
Fire Suppression
Proxies
3. Program that inappropriately collects private data or activity
Threats
Cryptology
Data Recovery
Spyware
4. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Encipher
Deleted File
Alarm Filtering
Exercise
5. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Interference (Noise)
User
Redundant Servers
Standalone Test
6. Recovery alternative - everything needed for the business function - except people and last backup
Fraggle
Keystroke Logging
Multi-Core
Hot Site
7. Someone who wants to cause harm
Slack Space
Byte Level Deletion
Technical Access Controls
Attacker (Black hat - Hacker)
8. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components
Masked/Interruptible
Lattice
Hot Site
Parallel Test
9. A world-wide wireless technology
Bollard
Reciprocal Agreement
Wireless Fidelity (Wi-Fi )
Data Custodian
10. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data
Surge Suppressor
Shadowing (file shadowing)
Byte Level Deletion
Overlapping Fragment Attack
11. To create a copy of data as a precaution against the loss or damage of the original data.
The ACID Test
Backup
Shift Cipher (Caesar)
Man-In-The-Middle Attack
12. Location to perform the business function
Simulation
Analysis
Alternate Site
Executive Succession
13. Measures followed to restore critical functions following a security incident.
Relocation
Recovery
Dictionary Attack
Acronym for American Standard Code for Information Interchange (ASCII)
14. Just enough access to do the job
Analysis
Honeypot
Least Privilege
Physical Tampering
15. Process whereby data is removed from active files and other data storage structures
Journaling
Forward Recovery
Deletion
Deterrent
16. The partial or full duplication of data from a source database to one or more destination databases.
Private Branch Exchange (PBX)
Database Replication
Incident
Guidelines
17. Alerts personnel to the presence of a fire
Fire Detection
Logic Bomb
Sharing
Authentication
18. Code breaking - practice of defeating the protective properties of cryptography.
Initialization Vector
Residual Risk
Risk Assessment
Cryptanalysis
19. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Malformed Input
Business Unit Recovery
SYN Flooding
Triage
20. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.
Modification
Disk Mirroring
Business Recovery Team
Cache
21. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
Simulation Test
Inference
ITSEC
State Machine Model
22. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
3 Types of harm Addressed in computer crime laws
Forensic Copy
Analysis
Forward Recovery
23. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
Critical Functions
ISO/IEC 27001
Class
Inheritance
24. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc
Critical Infrastructure
Physical Tampering
Information Technology Security Evaluation Criteria - ITSEC
Security Blueprint
25. Uncleared buffers or media
Brouter
Alternate Site
Tracking
Object Reuse
26. Independent malware that requires user interaction to execute
Security Domain
Aggregation
Data Owner
Virus
27. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
IP Address Spoofing
Application Programming Interface
Fire Classes
Simulation
28. Some systems are actually run at the alternate site
Parallel Test
Electromagnetic Interference (EMI)
Critical Records
Inrush Current
29. Methodical research of an incident with the purpose of finding the root cause
Investigation
Record Level Deletion
Spiral
Databases
30. Unchecked data which spills into another location in memory
Overlapping Fragment Attack
Buffer Overflow
Relocation
Message Digest
31. A collection of information designed to reduce duplication and increase integrity
Databases
Running Key
Data Integrity
Full Test (Full Interruption)
32. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Executive Succession
Bumping
Degauss
True Attack Stimulus
33. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Process Isolation
Cross Training
Disaster Recovery Tape
Bumping
34. Review of data
Distributed Denial Of Service
Least Privilege
Mirrored Site
Analysis
35. Quantity of risk remaining after a control is applied
Need-To-Know
Residual Risk
Simulation Test
Central Processing Unit (CPU)
36. High level design or model with a goal of consistency - integrity - and balance
Residual Data
Architecture
Monitor
Content Dependent Access Control
37. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
Integrated Test
Metadata
Data Marts
Memory Management
38. A programming device use in development to circumvent controls
Trapdoors (Backdoors) (Maintenance Hooks)
Trojan Horse
Data Backups
TNI (Red Book)
39. Eavesdropping on network communications by a third party.
Sniffing
Payload
Detection
Databases
40. A test conducted on one or more components of a plan under actual operating conditions.
Operational Test
Ring Protection
Declaration
TEMPEST
41. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Mantrap (Double Door System)
Workaround Procedures
Operating
Alarm Filtering
42. A passive network attack involving monitoring of traffic.
Injection
Hearsay
Tapping
Eavesdropping
43. Scrambled form of the message or data
Public Key Infrastructure (PKI)
Cipher Text
Site Policy Awareness
Smurf
44. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials
Quantitative Risk Analysis
Common Criteria
Data Integrity
Administrative Laws
45. Abstract and mathematical in nature - defining all possible states - transitions and operations
Byte Level Deletion
Tar Pits
State Machine Model
Cold Site
46. Substitution at the word or phrase level
Code
Durability
Test Plan
Fire Classes
47. Recovery alternative - complete duplication of services including personnel
Mirrored Site
Desk Check Test
High-Risk Areas
Disaster Recovery Tape
48. Maintenance procedures outline the process for the review and update of business continuity plans.
Plan Maintenance Procedures
Data Marts
Proxies
Analysis
49. Amount of time for restoring a business process or function to normal operations without major loss
Guidelines
Masked/Interruptible
Maximum Tolerable Downtime (MTD)
Containment
50. A planned or unplanned interruption in system availability.
Work Factor
System Downtime
Trade Secret
Conflict Of Interest