SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Operational Exercise
Policy
Job Rotation
Disaster Recovery Teams (Business Recovery Teams)
2. Responsibility of a user for the actions taken by their account which requires unique identification
Mantrap (Double Door System)
Trojan Horse
Accountability
Site Policy Awareness
3. Summary of a communication for the purpose of integrity
Message Digest
Containment
Faraday Cage/ Shield
Business Interruption
4. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.
Journaling
Life Cycle of Evidence
EMI
Deleted File
5. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.
Blackout
Multi-Programming
Codec
Risk Assessment / Analysis
6. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress
Custodian
Control
Data Leakage
True Attack Stimulus
7. A device that provides the functions of both a bridge and a router.
Cookie
Cryptography
Source Routing Exploitation
Brouter
8. Vehicle stopping object
Fraggle
Multi-Core
Overlapping Fragment Attack
Bollard
9. Recording activities at the keyboard level
Wait
Activation
Keystroke Logging
Safeguard
10. Line noise that is superimposed on the supply circuit.
Transients
Risk
Private Branch Exchange (PBX)
Operational Impact Analysis
11. Ertaining to a number system that has just two unique digits.
Binary
Restoration
Dangling Pointer
Recovery
12. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
E-Mail Spoofing
Site Policy Awareness
Multi-Programming
Workaround Procedures
13. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
Dictionary Attack
Confidence Value
Method
True Attack Stimulus
14. Recovery alternative which outsources a business function at a cost
Service Bureau
Interpreter
Data Recovery
Key Clustering
15. Program instructions based upon the CPU's specific architecture
Intrusion Prevention Systems
Machine Language (Machine Code)
Orange Book C Classification
Voice Over IP (VOIP)
16. Those who initiate the attack
Threat Agent
Workaround Procedures
Time Of Check/Time Of Use
Operational
17. A unit of execution
Threads
Investigation
Shielding
Physical Tampering
18. Granular decision by a system of permitting or denying access to a particular resource on the system
Business Continuity Program
Data Hiding
Authorization
Spiral
19. Deals with discretionary protection
Detective
Orange Book C Classification
Qualitative
Critical Records
20. To stop damage from spreading
Containment
ISO/IEC 27001
Vulnerability
Administrative Law
21. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Phishing
Disaster Recovery Teams (Business Recovery Teams)
Full-Interruption test
Tapping
22. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
Tort
Transients
TNI (Red Book)
SQL Injection
23. Malware that subverts the detective controls of an operating system
Electronic Vaulting
Full Test (Full Interruption)
Spiral
Rootkit
24. A programming device use in development to circumvent controls
Trapdoors (Backdoors) (Maintenance Hooks)
Directive
Memory Management
Non-Discretionary Access Control
25. With enough computing power trying all possible combinations
Protection
Brute Force
Computer Forensics
Cryptography
26. DoS - Spoofing - dictionary - brute force - wardialing
Classification
Race Condition
Access Control Attacks
Encipher
27. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Deterrent
Forward Recovery
CPU Cache
Declaration
28. Abstract and mathematical in nature - defining all possible states - transitions and operations
Fault
Threads
Business Interruption
State Machine Model
29. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Accreditation
Information Risk Management (IRM)
Full Test (Full Interruption)
Infrastructure
30. Weak evidence
Hearsay
Electromagnetic Interference (EMI)
System Downtime
Mixed Law System
31. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Injection
Metadata
Deletion
Machine Language (Machine Code)
32. OOP concept of a class's details to be hidden from object
Encapsulation
IP Fragmentation
Critical Records
Secondary Storage
33. The study of cryptography and cryptanalysis
Orange Book C2 Classification
Cryptology
Labeling
Mandatory
34. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
Cross Certification
Entrapment
Disaster Recovery Plan
Waterfall
35. The core logic engine of an operating system which almost never changes
Kernel
Central Processing Unit (CPU)
Information Risk Management (IRM)
Education
36. An unintended communication path
Resumption
Covert Channel
Full Test (Full Interruption)
Directive
37. Recovery alternative - complete duplication of services including personnel
Mirrored Site
Wireless Fidelity (Wi-Fi )
Residual Data
Architecture
38. A mathematical tool for verifying no unintentional changes have been made
System Life Cycle
Classification
Checksum
Domain
39. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Recovery Strategy
Safeguard
IDS Intrusion Detection System
Discretionary
40. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.
Adware
Off-Site Storage
Policy
Time Of Check/Time Of Use
41. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Encryption
Certification Authority
Data Owner
Processes are Isolated By
42. Employment education done once per position or at significant change of function
Job Training
High-Risk Areas
Redundant Servers
Rootkit
43. A set of laws that the organization agrees to be bound by
Risk Assessment / Analysis
Tar Pits
Administrative Law
Data Integrity
44. Power surge
Electrostatic Discharge
Cryptography
Log
3 Types of harm Addressed in computer crime laws
45. An image compression standard for photographs
Salami
Full Test (Full Interruption)
JPEG (Joint Photographic Experts Group)
Buffer Overflow
46. A shield against leakage of electromagnetic signals.
Faraday Cage/ Shield
Data Hiding
Incident Handling
Identification
47. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Executive Succession
Certificate Revocation List (CRL)
Multi-Tasking
Adware
48. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.
Confidence Value
Deleted File
Recovery
Privacy Laws
49. Natural or human-readable form of message
Tactical
Plain Text
Source Routing Exploitation
Fire Detection
50. Pertaining to law - no omissions
Blackout
Modification
Cookie
Complete
