SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A control after attack
Checkpoint
Mantrap (Double Door System)
Incident Response Team
Countermeasure
2. Written suggestions that direct choice to a few alternatives
Guidelines
Access Control Lists
Complete
Evidence
3. To reduce sudden rises in current
Access Control Lists
Firmware
IP Fragmentation
Surge Suppressor
4. Try a list of words in passwords or encryption keys
Reference Monitor
Data Dictionary
Dictionary Attack
Prevention
5. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Relocation
Digital Certificate
Exposure
High-Risk Areas
6. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
Orange Book D Classification
Desk Check Test
Interference (Noise)
Forward Recovery
7. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
Memory Management
DR Or BC Coordinator
Multi-Processing
Proxies
8. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
Multi-Processor
Payload
Object Oriented Programming (OOP)
Business Unit Recovery
9. A mathematical tool for verifying no unintentional changes have been made
Classification Scheme
Liability
Checksum
Access Point
10. A collection of information designed to reduce duplication and increase integrity
Ethics
Civil Or Code Law
Databases
Orange Book C Classification
11. Joining two pieces of text
Concatenation
Multi-Core
Hijacking
Data Diddler
12. Final purpose or result
Payload
Procedure
War Dialing
Lattice
13. Scrambled form of the message or data
Control
Incident
Cipher Text
Recovery
14. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Routers
Residual Risk
IP Address Spoofing
Shielding
15. Record history of incident
Activation
Satellite
Tracking
IP Address Spoofing
16. Subjects will not interact with each other's objects
Polyalphabetic
Labeling
Non-Interference
Transfer
17. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
Compiler
File Extension
Business Recovery Timeline
Tapping
18. System mediation of access with the focus on the context of the request
Content Dependent Access Control
Recovery Strategy
Dictionary Attack
Incident Manager
19. Forging of an IP address.
IP Address Spoofing
Object Reuse
Durability
Embedded Systems
20. Mitigation of system or component loss or interruption through use of backup capability.
Fault Tolerance
Byte
Fiber Optics
Prevention
21. Mathematical function that determines the cryptographic operations
Algorithm
Orange Book D Classification
Alert
Discretionary Access Control (DAC)
22. A unit of execution
Machine Language (Machine Code)
Analysis
Workaround Procedures
Threads
23. A layer 3 device that used to connect two or more network segments and regulate traffic.
IP Address Spoofing
Domain
Initialization Vector
Routers
24. Unsolicited advertising software
Data Backups
Adware
Security Kernel
Evidence
25. Pertaining to law - accepted by a court
Control
Admissible
IDS Intrusion Detection System
Running
26. Autonomous malware that requires a flaw in a service
Access Control Lists
Worm
Mirroring
Deterrent
27. A documented battle plan for coordinating response to incidents.
Administrative
Memory Management
Masked/Interruptible
Incident Handling
28. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.
Surge
Privacy Laws
Business Interruption Insurance
Concentrator
29. A description of a database
Data Dictionary
Race Condition
Polymorphism
Full-Interruption test
30. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials
ISO/IEC 27002
Event
Administrative Laws
Keyed-Hashing For Message Authentication
31. Substitution at the word or phrase level
Watermarking
Surge
Electrostatic Discharge
Code
32. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept
Vulnerability
Non-Repudiation
False Attack Stimulus
Ring Protection
33. High level - pertaining to planning
Alert
Strategic
Access Control Matrix
Kerberos
34. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.
Burn
Deterrent
Side Channel Attack
Accreditation
35. The guardian of asset(s) - a maintenance activity
Log
Key Management
Spam
Custodian
36. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
Site Policy Awareness
Orange Book C2 Classification
Orange Book B1 Classification
Data Dictionary
37. The partial or full duplication of data from a source database to one or more destination databases.
Bit
Data Custodian
Database Replication
Data Backups
38. Measures followed to restore critical functions following a security incident.
Double Blind Testing
Rollback
Disaster Recovery Tape
Recovery
39. A signal suggesting a system has been or is being attacked.
Incident
Multi-Processing
Multi-Core
Alert/Alarm
40. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
Parallel Test
Accreditation
3 Types of harm Addressed in computer crime laws
Data Recovery
41. A system designed to prevent unauthorized access to or from a private network.
Residual Data
Firewall
Modification
Deletion
42. Object based description of a single resource and the permission each subject
Alternate Data Streams (File System Forks)
Access Control Lists
Spam
Accreditation
43. Identification and notification of an unauthorized and/or undesired action
Classification Scheme
CobiT
Labeling
Detection
44. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.
Message Digest
Electronic Vaulting
Mandatory Vacations
Multi-Party Control
45. Lower frequency noise
Standard
Radio Frequency Interference (RFI)
Business Impact Analysis
Cross-Site Scripting
46. Searching for wireless networks in a moving car.
Risk
War Driving
Honeypot
Chain Of Custody
47. Location to perform the business function
Alternate Site
Metadata
Emergency Procedures
Firewalls
48. An availability attack - to consume resources to the point of exhaustion
Denial Of Service
Authentication
Incident
Privacy Laws
49. Malware that subverts the detective controls of an operating system
Inheritance
Public Key Infrastructure (PKI)
Rootkit
Orange Book B1 Classification
50. Subset of operating systems components dedicated to protection mechanisms
Security Kernel
Satellite
Journaling
War Dialing
