SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Data Recovery
Mobile Recovery
Alternate Site
Service Bureau
2. A passive network attack involving monitoring of traffic.
Eavesdropping
5 Rules Of Evidence
Non-Repudiation
Convincing
3. Uncleared buffers or media
Object Reuse
Noise
Public Key Infrastructure (PKI)
Key Escrow
4. Momentary loss of power
Fault
Recovery
Certification Authority
Patch Panels
5. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.
Orange Book A Classification
File Shadowing
Damage Assessment
SYN Flooding
6. System mediation of access with the focus on the context of the request
Open Mail Relay Servers
Remote Access Trojan
Content Dependent Access Control
Data Hiding
7. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
False (False Positive)
Sharing
Walk Though
Quantitative Risk Analysis
8. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
Microwave
Polymorphism
Risk Mitigation
False Negative
9. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Tar Pits
TIFF (Tagged Image File Format)
Incident Response Team
False Negative
10. Using small special tools all tumblers of the lock are aligned - opening the door
2-Phase Commit
Administrative Access Controls
Picking
Fiber Optics
11. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Accountability
Disaster
Simulation
Change Control
12. A group or network of honeypots
Shift Cipher (Caesar)
Structured Walkthrough
Disaster
Honeynet
13. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.
Orange Book A Classification
Routers
Overlapping Fragment Attack
Risk Mitigation
14. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.
Active Data
Trapdoors (Backdoors) (Maintenance Hooks)
Recovery
Debriefing/Feedback
15. A signal suggesting a system has been or is being attacked.
Classification
Alert/Alarm
Territoriality
Data Owner
16. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
ITSEC
Analysis
Highly Confidential
Collisions
17. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
Risk
Inheritance
Computer System Evidence
Examples of non-technical security components
18. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
Orange Book A Classification
MOM
Journaling
Degauss
19. Hardware or software that is part of a larger system
Embedded
Business Interruption Insurance
Cross Certification
Application Programming Interface
20. An individuals conduct that violates government laws developed to protect the public
Criminal Law
Shielding
Restoration
Accurate
21. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
Digital Certificate
Moore's Law
The ACID Test
Orange Book B1 Classification
22. Interception of a communication session by an attacker.
Content Dependent Access Control
Database Shadowing
Full Test (Full Interruption)
Hijacking
23. Amount of time for restoring a business process or function to normal operations without major loss
Business Impact Assessment (BIA)
Maximum Tolerable Downtime (MTD)
CPU Cache
Quantitative Risk Analysis
24. A subnetwork with storage devices servicing all servers on the attached network.
Security Kernel
Transfer
Alert
Storage Area Network (SAN)
25. The event signaling an IDS to produce an alarm when no attack has taken place
Site Policy Awareness
Data Backups
False Attack Stimulus
Transfer
26. Periodic - automatic and transparent backup of data in bulk.
Authentic
Electronic Vaulting
Administrative Law
Brownout
27. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Capability Tables
Emergency Operations Center (EOC)
Multi-Processing
Phishing
28. Evidence must be: admissible - authentic - complete - accurate - and convincing
Teardrop
Dictionary Attack
Restoration
5 Rules Of Evidence
29. A database that contains the name - type - range of values - source and authorization for access for each data element
Hub
Generator
Metadata
Data Dictionary
30. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.
Dictionary Attack
Multiplexers
Covert Channel
Business Continuity Program
31. Prolonged loss of commercial power
Threads
Critical Functions
Blackout
Voice Over IP (VOIP)
32. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.
Non-Interference
Steganography
Common Law
Off-Site Storage
33. Converts source code to an executable
Routers
Compiler
Entrapment
Keyed-Hashing For Message Authentication
34. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
MOM
Plan Maintenance Procedures
Rollback
Tactical
35. Key
Denial Of Service
Pervasive Computing and Mobile Computing Devices
Cryptovariable
Education
36. The one person responsible for data - its classification and control setting
Information Owner
Electrostatic Discharge
Recovery Time Objectives
Copyright
37. Event(s) that cause harm
Incident
Key Clustering
Multi-Programming
Call Tree
38. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Remote Journaling
Trade Secret
Non-Discretionary Access Control
Disaster Recovery Tape
39. Recovery alternative - everything needed for the business function - except people and last backup
Hot Site
UPS
Domain
Business Unit Recovery
40. Written core statements that rarely change
Structured Walk-Through Test
Policy
Open Mail Relay Servers
Modification
41. The collection and summation of risk data relating to a particular asset and controls for that asset
Cryptovariable
Surge Suppressor
Multi-Party Control
Risk Assessment
42. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Residual Risk
Centralized Access Control Technologies
Side Channel Attack
Pervasive Computing and Mobile Computing Devices
43. Unused storage capacity
Time Of Check/Time Of Use
Slack Space
Classification
Entrapment
44. Real-time - automatic and transparent backup of data.
ISO/IEC 27002
Kerckhoff's Principle
Application Programming Interface
Remote Journaling
45. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Countermeasure
File
Recovery Strategy
Deletion
46. Unsolicited commercial email
Spam
Metadata
Repeaters
Executive Succession
47. A telephone exchange for a specific office or business.
Operational Test
Gateway
Private Branch Exchange (PBX)
Standard
48. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Emergency Procedures
Bit
Examples of technical security components
Firewall
49. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
Territoriality
Civil Or Code Law
Executive Succession
Mirroring
50. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Multi-Processor
Overlapping Fragment Attack
Recovery
Pervasive Computing and Mobile Computing Devices
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests