SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Recovery alternative which includes cold site and some equipment and infrastructure is available
Alternate Site
Business Impact Assessment (BIA)
Warm Site
Separation Of Duties
2. A protocol for the efficient transmission of voice over the Internet
Voice Over IP (VOIP)
Adware
Non-Discretionary Access Control
Security Kernel
3. The technical and risk assesment of a system within the context of the operating environment
Conflict Of Interest
TNI (Red Book)
Entrapment
Certification
4. Moving the alphabet intact a certain number spaces
Shift Cipher (Caesar)
Information Owner
Degauss
Total Risk
5. High level - pertaining to planning
Strategic
Procedure
Brouter
Incident Response Team
6. A back up type - where the organization has excess capacity in another location.
Distributed Processing
Business Records
Trade Secret
Operational Impact Analysis
7. The managerial approval to operate a system based upon knowledge of risk to operate
Accreditation
Interception
Record Level Deletion
Encapsulation
8. A subnetwork with storage devices servicing all servers on the attached network.
Emergency Procedures
Recovery
Storage Area Network (SAN)
Parallel Test
9. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Voice Over IP (VOIP)
Administrative
Common Criteria
Monitor
10. Written suggestions that direct choice to a few alternatives
Guidelines
Checksum
Source Routing Exploitation
Remanence
11. For PKI - to store another copy of a key
Electronic Vaulting
Security Domain
Key Escrow
TCSEC (Orange Book)
12. The collection and summation of risk data relating to a particular asset and controls for that asset
Data Hiding
Risk Assessment
Job Rotation
IP Fragmentation
13. A device that sequentially switches multiple analog inputs to the output.
Multiplexers
Multilevel Security System
Satellite
Test Plan
14. To jump to a conclusion
Polyalphabetic
Hot Spares
Inference
Noise
15. A world-wide wireless technology
Data Dictionary
Polyalphabetic
Layering
Wireless Fidelity (Wi-Fi )
16. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
Identification
Inference
Data Backups
System Life Cycle
17. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Fire Classes
Operational Exercise
Denial Of Service
Orange Book B1 Classification
18. Process whereby data is removed from active files and other data storage structures
Deletion
Technical Access Controls
Denial Of Service
Total Risk
19. A template for the designing the architecture
Incident Response
Security Blueprint
Data Dictionary
Data Custodian
20. A collection of data or information that has a name
Access Control Attacks
Gateway
Routers
File
21. A hash that has been further encrypted with a symmetric algorithm
Machine Language (Machine Code)
Honeypot
Change Control
Keyed-Hashing For Message Authentication
22. A system designed to prevent unauthorized access to or from a private network.
Monitor
Digital Signature
Firewall
Generator
23. A program with an inappropriate second purpose
Trojan Horse
Marking
Confidence Value
Examples of technical security components
24. A BCP testing type - (structured walkthrough) - a test that answers the question: Is everything need for recovery available?
Crisis
Network Attached Storage (NAS)
Walk Though
Fragmented Data
25. A basic level of network access control that is based upon information contained in the IP packet header.
Dangling Pointer
File Sharing
Packet Filtering
MOM
26. Hardware or software that is part of a larger system
Embedded
Transfer
Embedded Systems
Application Programming Interface
27. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Asymmetric
Remote Access Trojan
Reference Monitor
Data Backup Strategies
28. To reduce sudden rises in current
Orange Book B1 Classification
Surge Suppressor
Access Control
CobiT
29. Object reuse protection and auditing
Emanations
Strategic
Orange Book C2 Classification
Encipher
30. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Hot Spares
Sampling
Sniffing
War Dialing
31. A copy of transaction data - designed for querying and reporting
Data Warehouse
Data Integrity
Voice Over IP (VOIP)
Electromagnetic Interference (EMI)
32. Policy or stated actions
Residual Risk
Embedded
Criminal Law
Due Care
33. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.
Sniffing
Key Clustering
Capability Tables
Internal Use Only
34. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)
Faraday Cage/ Shield
Contingency Plan
Incident Response
Recovery Period
35. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Deletion
Infrastructure
High-Risk Areas
Exposure
36. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Highly Confidential
Corrective
Fragmented Data
Declaration
37. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Microwave
Authorization
Cross-Site Scripting
Digital Signature
38. System of law based upon what is good for society
Gateway
Cache
Civil Or Code Law
Chain of Custody
39. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Repeaters
Multilevel Security System
Security Blueprint
Confidence Value
40. Organized group of compromised computers
Botnet
Machine Language (Machine Code)
Malformed Input
Distributed Processing
41. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Checksum
Strong Authentication
5 Rules Of Evidence
Metadata
42. Intellectual property protection for an confidential and critical process
Checklist Test
Need-To-Know
Trade Secret
Separation Of Duties
43. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Technical Access Controls
One Time Pad
Exposure
Detective
44. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
Cross-Site Scripting
File Extension
Patent
Denial Of Service
45. A choice in risk management - to implement a control that limits or lessens negative effects
Mitigate
Analysis
Business Impact Assessment (BIA)
Monitor
46. An alert or alarm that is triggered when no actual attack has taken place
Parallel Test
Prevention
Digital Signature
False (False Positive)
47. Scrambled form of the message or data
File Shadowing
Analysis
Shadowing (file shadowing)
Cipher Text
48. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.
Structured Walkthrough
Mandatory Access Control (MAC)
Uninterruptible Power Supply (UPS)
Malformed Input
49. Collection of data on business functions which determines the strategy of resiliency
Need-To-Know
Inheritance
Technical Access Controls
Business Impact Assessment (BIA)
50. A process state - to be either be unable to run waiting for an external event or terminated
Instance
Multi-Tasking
Stopped
Highly Confidential
