SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Employment education done once per position or at significant change of function
Job Training
Security Domain
Concatenation
Mandatory Vacations
2. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Custodian
Transfer
IP Address Spoofing
Exercise
3. A design methodology which executes in a linear one way fashion
Operational Test
Radio Frequency Interference (RFI)
Switches
Waterfall
4. To break a business process into separate functions and assign to different people
Data Owner
Sag/Dip
Separation Of Duties
File Extension
5. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
DR Or BC Coordinator
Encapsulation
Interference (Noise)
Evidence
6. The first rating that requires security labels
Log
Orange Book B1 Classification
Access Control Lists
Picking
7. The partial or full duplication of data from a source database to one or more destination databases.
Residual Risk
Compression
Database Replication
Burn
8. Indivisible - data field must contain only one value that either all transactions take place or none do
Open Mail Relay Servers
DR Or BC Coordinator
Key Escrow
Atomicity
9. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Declaration
Process Isolation
Executive Succession
5 Rules Of Evidence
10. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Test Plan
Risk Assessment / Analysis
Business Records
Interference (Noise)
11. A device that converts between digital and analog representation of data.
Modems
Open Mail Relay Servers
Domain
Test Plan
12. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Atomicity
Aggregation
Recovery Period
Data Dictionary
13. Control category- to record an adversary's actions
Mantrap (Double Door System)
Detective
Authentication
Risk Assessment / Analysis
14. A layer 2 device that used to connect two or more network segments and regulate traffic.
Network Attached Storage (NAS)
Switches
Digital Certificate
Mirroring
15. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)
Deterrent
Race Condition
Incident Response Team
Contingency Plan
16. Uncheck data input which results in redirection
Administrative Access Controls
HTTP Response Splitting
Examples of non-technical security components
Control Category
17. Potential danger to information or systems
Encapsulation
Shadowing (file shadowing)
Threats
Failure Modes and Effect Analysis (FEMA)
18. Reduces causes of fire
Intrusion Detection Systems
Fire Prevention
Due Diligence
Botnet
19. High frequency noise
Electromagnetic Interference (EMI)
Fire Classes
Resumption
Examples of non-technical security components
20. The managerial approval to operate a system based upon knowledge of risk to operate
TIFF (Tagged Image File Format)
Sharing
Running
Accreditation
21. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Multi-Programming
Policy
Pervasive Computing and Mobile Computing Devices
Bridge
22. Third party processes used to organize the implementation of an architecture
Encapsulation
Framework
Security Domain
Data Hiding
23. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Common Law
Quantitative
Acronym for American Standard Code for Information Interchange (ASCII)
Least Privilege
24. Recovery alternative which outsources a business function at a cost
Orange Book B1 Classification
Service Bureau
Need-To-Know
Hijacking
25. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Electrostatic Discharge
System Life Cycle
Integrated Test
Simulation
26. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Uninterruptible Power Supply (UPS)
Classification
Information Owner
Incident Response Team
27. Some systems are actually run at the alternate site
Site Policy Awareness
Non-Repudiation
Kerckhoff's Principle
Parallel Test
28. Key
Governance
Cryptovariable
Business Recovery Timeline
Key Clustering
29. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
Identification
Encipher
Memory Management
Total Risk
30. A type of attack involving attempted insertion - deletion or altering of data.
Framework
Attacker (Black hat - Hacker)
Hijacking
Modification
31. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Civil Or Code Law
Data Owner
Incident
Business Impact Analysis
32. Written core statements that rarely change
Policy
Threats
Recovery Strategy
The ACID Test
33. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Classification
Initialization Vector
Inrush Current
Incident
34. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept
Class
Vital Record
Ring Protection
File Level Deletion
35. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
Accurate
Durability
3 Types of harm Addressed in computer crime laws
Radio Frequency Interference (RFI)
36. Controls deployed to avert unauthorized and/or undesired actions.
Ring Protection
Surge
Access Control Matrix
Prevention
37. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Incident Handling
Encryption
Backup
Botnet
38. Code making
Inference
Cryptography
Burn
Mitigate
39. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
Computer System Evidence
Residual Risk
Process Isolation
Remote Journaling
40. A electronic attestation of identity by a certificate authority
SQL Injection
Digital Certificate
True Attack Stimulus
Modification
41. What is will remain - persistence
Rollback
Generator
2-Phase Commit
Durability
42. Unsolicited advertising software
Modification
Adware
Encipher
Corrective
43. A copy of transaction data - designed for querying and reporting
Work Factor
Residual Data
Buffer Overflow
Data Warehouse
44. Process of statistically testing a data set for the likelihood of relevant information.
Checklist Test (desk check)
Emergency Procedures
Forensic Copy
Sampling
45. Of a system without prior knowledge by the tester or the tested
Complete
Double Blind Testing
Inrush Current
Plaintext
46. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.
Object Oriented Programming (OOP)
File Server
Mock Disaster
Contact List
47. High level design or model with a goal of consistency - integrity - and balance
Data Integrity
Architecture
Lattice
Labeling
48. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Recovery Strategy
Worm
Firewalls
Virus
49. Two different keys decrypt the same cipher text
Vulnerability
Capability Tables
Key Clustering
Inrush Current
50. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
Non-Discretionary Access Control
File Extension
Information Technology Security Evaluation Criteria - ITSEC
Activation