SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
Orange Book C Classification
Computer System Evidence
Alert
Complete
2. An individuals conduct that violates government laws developed to protect the public
Virus
Faraday Cage/ Shield
Analysis
Criminal Law
3. Physical description on the exterior of an object that communicates the existence of a label
Restoration
Digital Signature
Marking
Inheritance
4. Pertaining to law - lending it self to one side of an argument
Compiler
Inference
Tactical
Convincing
5. Using many alphabets
Polyalphabetic
Enticement
Detection
Patch Panels
6. Process whereby data is removed from active files and other data storage structures
Control
Decipher
Deletion
Faraday Cage/ Shield
7. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions
Resumption
Mandatory Vacations
Critical Infrastructure
Access Point
8. Induces a crime - tricks a person - and is illegal
Degauss
Entrapment
Emanations
Safeguard
9. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
Examples of non-technical security components
Structured Walk-Through Test
Shielding
Lattice
10. Most granular organization of controls
Distributed Denial Of Service
Control Category
Disaster Recovery Plan
Compiler
11. To move from location to location - keeping the same function
Orange Book C2 Classification
False (False Positive)
Multi-Processing
Job Rotation
12. Someone who want to know how something works - typically by taking it apart
Hacker
Aggregation
Computer Forensics
Bumping
13. To know more than one job
Double Blind Testing
Full Test (Full Interruption)
IDS Intrusion Detection System
Cross Training
14. Record of system activity - which provides for monitoring and detection.
File Server
Log
Disk Mirroring
Hacker
15. Memory management technique which allows data to be moved from one memory address to another
5 Rules Of Evidence
Deletion
Collisions
Relocation
16. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Wait
Collisions
Non-Discretionary Access Control
State Machine Model
17. Objects or programming that looks the different but act same
Polymorphism
Operational Impact Analysis
Critical Functions
Examples of technical security components
18. Eavesdropping on network communications by a third party.
Triage
Operational Test
Sniffing
Alert/Alarm
19. Is secondhand and usually not admissible in court
Hearsay Evidence
Threads
Satellite
Atomicity
20. Control category- to give instructions or inform
Data Recovery
Vulnerability
Directive
Data Hiding
21. Indivisible - data field must contain only one value that either all transactions take place or none do
DR Or BC Coordinator
Identification
Procedure
Atomicity
22. The core logic engine of an operating system which almost never changes
Crisis
Kernel
Total Risk
Layering
23. Alerts personnel to the presence of a fire
Risk Assessment
Fire Detection
Deleted File
Operational Test
24. Pertaining to law - accepted by a court
Double Blind Testing
Service Bureau
Admissible
Object Oriented Programming (OOP)
25. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Declaration
Spiral
Eavesdropping
Backup
26. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Forensic Copy
TEMPEST
Certification Authority
Non-Repudiation
27. Less granular organization of controls -
Ring Protection
Standalone Test
Control Type
Incident Handling
28. Moving letters around
Masked/Interruptible
Permutation /Transposition
Enticement
Tort
29. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.
Internal Use Only
Consistency
Need-To-Know
War Dialing
30. Real-time - automatic and transparent backup of data.
Spyware
Backup
Remote Journaling
Database Replication
31. Renders the record inaccessible to the database management system
Bridge
Criminal Law
Multi-Party Control
Record Level Deletion
32. Transaction controls for a database - a return to a previous state
Birthday Attack
Rollback
Trusted Computing Base
Due Diligence
33. Information about a particular data set
Metadata
Replication
Public Key Infrastructure (PKI)
Patent
34. One entity with two competing allegiances
Digital Signature
Data Backups
Examples of technical security components
Conflict Of Interest
35. Control type- that is communication based - typically written or oral
Emergency
IDS Intrusion Detection System
Infrastructure
Administrative
36. Recording activities at the keyboard level
Keystroke Logging
Bumping
Residual Risk
Polyalphabetic
37. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Damage Assessment
Database Shadowing
False Attack Stimulus
Data Backup Strategies
38. Can be statistical (monitor behavior) or signature based (watch for known attacks)
IDS Intrusion Detection System
Multi-Programming
False Attack Stimulus
Databases
39. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data
Alert
Byte Level Deletion
Administrative Law
SYN Flooding
40. Consume resources to a point of exhaustion - loss of availability
Key Escrow
Denial Of Service
Access Control Attacks
Application Programming Interface
41. A record that must be preserved and available for retrieval if needed.
Ring Protection
Forward Recovery
Containment
Vital Record
42. The chance that something negative will occur
Masked/Interruptible
Method
Decipher
Risk
43. Forging of an IP address.
Cross Training
Shadowing (file shadowing)
Trademark
IP Address Spoofing
44. A set of laws that the organization agrees to be bound by
Emergency Operations Center (EOC)
Administrative Law
Surge
System Downtime
45. Object reuse protection and auditing
Orange Book C2 Classification
Compression
Operating
User
46. Two certificate authorities that trust each other
Cross Certification
Fiber Optics
One Time Pad
Key Clustering
47. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
Identification
Substitution
ITSEC
Residual Risk
48. Searching for wireless networks in a moving car.
Contingency Plan
Polymorphism
War Driving
Qualitative
49. Vehicle or tool that exploits a weakness
Object
Reference Monitor
Threats
Hard Disk
50. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials
Separation Of Duties
Non-Interference
Administrative Laws
Algorithm