SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Critical Records
Key Management
Kernel
Distributed Processing
2. Moving letters around
Permutation /Transposition
Triage
Residual Risk
Virtual Memory
3. A passive network attack involving monitoring of traffic.
Top Secret
Generator
Recovery
Eavesdropping
4. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
IDS Intrusion Detection System
Incident
Asymmetric
Satellite
5. Program that inappropriately collects private data or activity
Alert
Spyware
Covert Channel
Enticement
6. Information about a particular data set
Metadata
Hacker
Architecture
Replication
7. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.
Data Backups
Off-Site Storage
Interpreter
Standard
8. Interception of a communication session by an attacker.
Control
TCSEC (Orange Book)
Hijacking
Enticement
9. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
File
Strong Authentication
Radio Frequency Interference (RFI)
Orange Book D Classification
10. A choice in risk management - to implement a control that limits or lessens negative effects
Shielding
Recovery
Mitigate
Restoration
11. What is will remain - persistence
Durability
Firewall
Alert/Alarm
Algorithm
12. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Transients
Near Site
Detective
Encryption
13. Act of luring an intruder and is legal.
Byte
Enticement
SQL Injection
Concentrator
14. Two different keys decrypt the same cipher text
Key Clustering
Data Backup Strategies
Domain
Quantitative
15. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.
File Level Deletion
Sniffing
Recovery
Deleted File
16. Pertaining to law - no omissions
Risk Assessment
Complete
Checklist Test
Tar Pits
17. Memory management technique which allows data to be moved from one memory address to another
Service Bureau
Multi-Tasking
TIFF (Tagged Image File Format)
Relocation
18. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.
Operational
3 Types of harm Addressed in computer crime laws
Generator
Business Unit Recovery
19. Autonomous malware that requires a flaw in a service
Worm
Orange Book D Classification
Common Law
Surge Suppressor
20. A design methodology which addresses risk early and often
Spiral
Patent
Hearsay
Consistency
21. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Test Plan
Disaster Recovery Plan
Routers
Redundant Servers
22. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Trojan Horse
Eavesdropping
Business Records
Mitigate
23. Dedicated fast memory located on the same board as the CPU
CPU Cache
Teardrop
Guidelines
Kerberos
24. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Data Backups
Forensic Copy
Injection
Remote Journaling
25. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Business Impact Analysis
Satellite
Collisions
Denial Of Service
26. Narrow scope examination of a system
Cookie
Key Space
Targeted Testing
Trade Secret
27. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.
TEMPEST
Byte Level Deletion
Active Data
ITSEC
28. To set the clearance of a subject or the classification of an object
Alert/Alarm
Labeling
Processes are Isolated By
Assembler
29. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Detective
Overlapping Fragment Attack
Walk Though
Instance
30. Unsolicited commercial email
Spam
Emergency
Fiber Optics
Non-Interference
31. High level - pertaining to planning
Control
Watermarking
Surge
Strategic
32. Just enough access to do the job
Least Privilege
Event
Analysis
Interpreter
33. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Mission-Critical Application
Alarm Filtering
Hub
Key Space
34. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials
Access Control Attacks
Administrative Laws
Inference
Discretionary
35. Define the way in which the organization operates.
Checkpoint
Multiplexers
Proprietary
Discretionary Access Control (DAC)
36. A electronic attestation of identity by a certificate authority
Education
Multi-Party Control
Business Recovery Timeline
Digital Certificate
37. Transaction controls for a database - a return to a previous state
Rollback
Isolation
Recovery Point Objective (RPO)
Honeypot
38. System of law based upon precedence - with major divisions of criminal - tort - and administrative
Damage Assessment
Common Law
Business Recovery Timeline
Copyright
39. Scrambled form of the message or data
Cipher Text
Cross-Site Scripting
Notification
Residual Risk
40. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Information Risk Management (IRM)
Noise
Change Control
Deadlock
41. Trading one for another
Ring Protection
Fire Suppression
Key Space
Substitution
42. A process state - to be either be unable to run waiting for an external event or terminated
Operational Impact Analysis
Mixed Law System
Stopped
Business Unit Recovery
43. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.
Maximum Tolerable Downtime (MTD)
Collisions
Strategic
Redundant Servers
44. OOP concept of an object at runtime
Entrapment
Administrative Access Controls
Instance
Trojan Horse
45. Power surge
Electrostatic Discharge
Twisted Pair
Masked/Interruptible
Boot (V.)
46. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Work Factor
Business Continuity Planning (BCP)
Key Space
Fraggle
47. Code breaking - practice of defeating the protective properties of cryptography.
Process Isolation
Remanence
Cryptanalysis
Threats
48. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
JPEG (Joint Photographic Experts Group)
Permutation /Transposition
Hot Spares
CobiT
49. Consume resources to a point of exhaustion - loss of availability
Denial Of Service
Electronic Vaulting
Criminal Law
Mandatory Vacations
50. Inference about encrypted communications
Sag/Dip
Cache
Side Channel Attack
Criminal Law