SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A mobilized resource purchased or contracted for the purpose of business recovery.
Coaxial Cable
Machine Language (Machine Code)
Logic Bomb
Mobile Recovery
2. A collection of data or information that has a name
File
Qualitative
Archival Data
Fragmented Data
3. Review of data
CPU Cache
Man-In-The-Middle Attack
Deletion
Analysis
4. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Algorithm
Strong Authentication
Exercise
Modification
5. To segregate for the purposes of labeling
Emanations
Compartmentalize
Total Risk
Quantitative
6. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Crisis
Incident
Analysis
Data Integrity
7. A set of laws that the organization agrees to be bound by
Picking
Administrative Law
Virtual Memory
Bit
8. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
Dangling Pointer
Public Key Infrastructure (PKI)
Cold Site
Cryptovariable
9. Eight bits.
Fragmented Data
Chain of Custody
Examples of technical security components
Byte
10. Maintenance procedures outline the process for the review and update of business continuity plans.
Recovery
Business Continuity Steering Committee
3 Types of harm Addressed in computer crime laws
Plan Maintenance Procedures
11. People protect their domain
Pointer
Territoriality
Desk Check Test
Quantitative Risk Analysis
12. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
SYN Flooding
Desk Check Test
Hard Disk
SQL Injection
13. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Physical Tampering
Method
Surveillance
Interception
14. Reduces causes of fire
Complete
Rollback
Fire Prevention
Discretionary
15. False memory reference
Double Blind Testing
Codec
Dangling Pointer
Spam
16. A basic level of network access control that is based upon information contained in the IP packet header.
Quantitative Risk Analysis
5 Rules Of Evidence
IP Fragmentation
Packet Filtering
17. Intellectual property protection for an confidential and critical process
Shift Cipher (Caesar)
Critical Infrastructure
Trade Secret
Control
18. Creation distribution update and deletion
Marking
Risk
ISO/IEC 27001
Key Management
19. Identification and notification of an unauthorized and/or undesired action
Disaster Recovery Tape
Inrush Current
Remote Access Trojan
Detection
20. Long term knowledge building
Administrative Law
File Extension
Due Diligence
Education
21. OOP concept of an object's abilities - what it does
Fragmented Data
File Level Deletion
Method
Declaration
22. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Residual Data
Steganography
Exercise
Executive Succession
23. Forgery of the sender's email address in an email header.
UPS
E-Mail Spoofing
Tapping
Digital Certificate
24. Reprogrammable basic startup instructions
Detective
Critical Functions
Firmware
Infrastructure
25. Pertaining to law - lending it self to one side of an argument
Redundant Array Of Independent Drives (RAID)
Alarm Filtering
War Driving
Convincing
26. May be responsible for overall recovery of an organization or unit(s).
Mitigate
Private Branch Exchange (PBX)
Deterrent
DR Or BC Coordinator
27. Pertaining to law - verified as real
Control
Surveillance
Packet Filtering
Authentic
28. Line by line translation from a high level language to machine code
Alert
Preemptive
Interpreter
Business Interruption
29. Actions measured against either a policy or what a reasonable person would do
Threat Agent
Due Diligence
Multi-Processor
Brownout
30. Communication of a security incident to stakeholders and data owners.
Cross Certification
Notification
The ACID Test
Byte
31. A temporary public file to inform others of a compromised digital certificate
Security Kernel
Decipher
Certificate Revocation List (CRL)
Deletion
32. Low level - pertaining to planning
Inrush Current
Sniffing
User Mode (problem or program state)
Tactical
33. A physical enclosure for verifying identity before entry to a facility
Archival Data
Intrusion Prevention Systems
Full-Interruption test
Mantrap (Double Door System)
34. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Cache
SYN Flooding
Covert Channel
Declaration
35. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Bumping
Application Programming Interface
Denial Of Service
Data Backups
36. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.
Incident
Business Unit Recovery
Infrastructure
Legacy Data
37. A computer designed for the purpose of studying adversaries
Recovery
Security Clearance
Accurate
Honeypot
38. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Procedure
Operational Exercise
Business Impact Analysis
Triage
39. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Security Kernel
Man-In-The-Middle Attack
Inference
Hard Disk
40. Potentially compromising leakage of electrical or acoustical signals.
Privacy Laws
Compression
Qualitative
Emanations
41. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Marking
Encryption
Adware
Non-Repudiation
42. Hitting a filed down key in a lock with a hammer to open without real key
Integrated Test
Hijacking
Bumping
Conflict Of Interest
43. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Rootkit
Byte
Fraggle
Remanence
44. The study of cryptography and cryptanalysis
Orange Book A Classification
Cryptology
Electronic Vaulting
Inference
45. Controls for logging and alerting
Intrusion Detection Systems
Hot Spares
Cross Certification
Hot Site
46. A record that must be preserved and available for retrieval if needed.
Virus
User Mode (problem or program state)
Mobile Site
Vital Record
47. Act of scrambling the cleartext message by using a key.
Chain Of Custody
Encipher
Keyed-Hashing For Message Authentication
Atomicity
48. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
Enticement
Transients
Access Control Attacks
ISO/IEC 27001
49. Controls for termination of attempt to access object
Intrusion Prevention Systems
Radio Frequency Interference (RFI)
Orange Book C Classification
Replication
50. Induces a crime - tricks a person - and is illegal
Security Blueprint
Entrapment
Critical Functions
Adware