SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Something that happened
Total Risk
Event
Switches
Satellite
2. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
HTTP Response Splitting
Mobile Recovery
Risk Mitigation
Common Law
3. An individuals conduct that violates government laws developed to protect the public
Criminal Law
Tactical
Threats
Remote Journaling
4. Planning with a goal of returning to the normal business function
Governance
Message Digest
Firewall
Restoration
5. A test conducted on one or more components of a plan under actual operating conditions.
Storage Area Network (SAN)
Burn
Operational Test
Marking
6. Program instructions based upon the CPU's specific architecture
Gateway
Mandatory Access Control (MAC)
Machine Language (Machine Code)
Operational
7. A design methodology which executes in a linear one way fashion
Waterfall
Guidelines
Data Recovery
Restoration
8. Someone who wants to cause harm
Attacker (Black hat - Hacker)
Bumping
Firmware
Data Warehouse
9. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Desk Check Test
Fault
Control
Worm
10. Trading one for another
Class
Substitution
Risk Mitigation
Deleted File
11. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Encryption
TNI (Red Book)
Lattice
Multi-Processor
12. A layer 2 device that used to connect two network segments and regulate traffic.
Inference
Bridge
File Level Deletion
Business Interruption
13. Subject based description of a system or a collection of resources
Capability Tables
ff Site
Authentication
Transfer
14. Creation distribution update and deletion
Standalone Test
Alternate Data Streams (File System Forks)
Key Management
Prevention
15. The problems solving state - the opposite of supervisor mode
Compensating
User Mode (problem or program state)
Processes are Isolated By
Activation
16. Try a list of words in passwords or encryption keys
Investigation
Dictionary Attack
Infrastructure
Coaxial Cable
17. OOP concept of an object's abilities - what it does
Fire Classes
Key Space
Side Channel Attack
Method
18. Line by line translation from a high level language to machine code
Key Escrow
Running Key
Interpreter
Operating
19. A process state - to be executing a process on the CPU
Open Mail Relay Servers
Inference
Running
Blind Testing
20. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Tactical
Interference (Noise)
Electrostatic Discharge
Orange Book D Classification
21. Organization way of classifying data by factors such as criticality - sensitivity and ownership.
Collisions
Domain
Classification Scheme
Routers
22. Disruption of operation of an electronic device due to a competing electromagnetic field.
Monitor
Civil Or Code Law
EMI
Trojan Horse
23. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.
Voice Over IP (VOIP)
Metadata
File Server
Phishing
24. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Multi-Programming
Transients
Incident Response
Hot Spares
25. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Salami
True Attack Stimulus
Hot Spares
Kerberos
26. Converts source code to an executable
Elements of Negligence
Spam
Service Bureau
Compiler
27. Alerts personnel to the presence of a fire
Fire Detection
Plan Maintenance Procedures
Mirroring
Worm
28. The chance that something negative will occur
Simulation Test
Operational Impact Analysis
Risk
Metadata
29. Total number of keys available that may be selected by the user of a cryptosystem
ISO/IEC 27002
Data Leakage
Key Space
Double Blind Testing
30. Induces a crime - tricks a person - and is illegal
Multi-Tasking
False Negative
Entrapment
5 Rules Of Evidence
31. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
Administrative
Risk Assessment / Analysis
False Attack Stimulus
Public Key Infrastructure (PKI)
32. Indivisible - data field must contain only one value that either all transactions take place or none do
Residual Risk
Tort
Atomicity
Double Blind Testing
33. Of a system without prior knowledge by the tester or the tested
Double Blind Testing
Bollard
Supervisor Mode (monitor - system - privileged)
Object
34. Define the way in which the organization operates.
Containment
Workaround Procedures
Proprietary
Collisions
35. Intellectual property protection for marketing efforts
Trademark
Debriefing/Feedback
Common Law
Hacker
36. Encryption system using a pair of mathematically related unequal keys
Shadowing (file shadowing)
Asymmetric
Control Category
Source Routing Exploitation
37. Communication of a security incident to stakeholders and data owners.
Discretionary
Notification
Surge
Cross Training
38. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.
Structured Walkthrough
Trademark
Interpreter
Running Key
39. System mediation of access with the focus on the context of the request
Content Dependent Access Control
Active Data
Overlapping Fragment Attack
Memory Management
40. The guardian of asset(s) - a maintenance activity
Custodian
Digital Signature
Moore's Law
Rogue Access Points
41. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Internal Use Only
Double Blind Testing
TNI (Red Book)
Phishing
42. Converts a high level language into machine language
Shift Cipher (Caesar)
Process Isolation
Assembler
Business Records
43. Location where coordination and execution of BCP or DRP is directed
Business Continuity Steering Committee
Administrative Access Controls
Emergency Operations Center (EOC)
Blind Testing
44. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Declaration
The ACID Test
Marking
Structured Walk-Through Test
45. A electronic attestation of identity by a certificate authority
Multi-Core
Private Branch Exchange (PBX)
Digital Certificate
Procedure
46. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Business Unit Recovery
Shielding
Man-In-The-Middle Attack
Business Interruption
47. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Distributed Denial Of Service
Orange Book C Classification
Common Criteria
Acronym for American Standard Code for Information Interchange (ASCII)
48. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Multi-Core
Total Risk
Object Reuse
Mission-Critical Application
49. Mitigate damage by isolating compromised systems from the network.
Detection
Picking
Containment
Cache
50. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Data Backup Strategies
Assembler
Exposure
Alert