SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A planned or unplanned interruption in system availability.
Event
Patch Panels
System Downtime
Remote Journaling
2. Provides a physical cross connect point for devices.
Security Kernel
Cryptanalysis
Patch Panels
Fraggle
3. System mediation of access with the focus on the context of the request
Shift Cipher (Caesar)
Content Dependent Access Control
Discretionary
Permutation /Transposition
4. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Electromagnetic Interference (EMI)
Parallel Test
Administrative Access Controls
File
5. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Data Backup Strategies
Declaration
Honeynet
Infrastructure
6. Unauthorized access of network devices.
System Downtime
Investigation
Repeaters
Physical Tampering
7. Uncheck data input which results in redirection
Cold Site
SYN Flooding
HTTP Response Splitting
Tapping
8. To set the clearance of a subject or the classification of an object
Labeling
Keystroke Logging
Sharing
Information Owner
9. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance
Redundant Array Of Independent Drives (RAID)
Vulnerability
Byte
Patch Management
10. A failure of an IDS to detect an actual attack
Integrated Test
Packet Filtering
Operational Impact Analysis
False Negative
11. Quantity of risk remaining after a control is applied
Keystroke Logging
Orange Book B1 Classification
Business Recovery Team
Residual Risk
12. A layer 2 device that used to connect two network segments and regulate traffic.
Bridge
Deadlock
Orange Book B1 Classification
Criminal Law
13. A world-wide wireless technology
Private Branch Exchange (PBX)
Accountability
Wireless Fidelity (Wi-Fi )
EMI
14. Data or interference that can trigger a false positive
Operational Impact Analysis
Vital Record
Need-To-Know
Noise
15. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Repeaters
Information Technology Security Evaluation Criteria - ITSEC
Object Oriented Programming (OOP)
Identification
16. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Acronym for American Standard Code for Information Interchange (ASCII)
Race Condition
Operational Impact Analysis
Brute Force
17. Real-time - automatic and transparent backup of data.
Alert
Private Branch Exchange (PBX)
Remote Journaling
Tar Pits
18. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc
Security Domain
Critical Infrastructure
Incident Response
Tracking
19. Key
Cryptovariable
Encapsulation
Education
Dangling Pointer
20. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Alert
Stopped
Cache
Total Risk
21. The guardian of asset(s) - a maintenance activity
Custodian
IDS Intrusion Detection System
Chain of Custody
Exercise
22. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Surge Suppressor
Failure Modes and Effect Analysis (FEMA)
Overlapping Fragment Attack
Routers
23. Responsibility for actions
Machine Language (Machine Code)
Symmetric
Standard
Liability
24. Is secondhand and usually not admissible in court
Residual Data
Hearsay Evidence
Inference
System Life Cycle
25. Eavesdropping on network communications by a third party.
Proprietary
File Shadowing
Sniffing
File Sharing
26. Vehicle stopping object
Bollard
Due Care
Emergency Operations Center (EOC)
Admissible
27. Unsolicited advertising software
Job Rotation
Adware
Trusted Computing Base
Hijacking
28. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Lattice
Criminal Law
SYN Flooding
Total Risk
29. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Proprietary
Emergency
Crisis
Site Policy Awareness
30. To reduce fire
Byte
Machine Language (Machine Code)
Fire Suppression
Cross-Site Scripting
31. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Application Programming Interface
Emanations
Civil Law
Record Level Deletion
32. Control category- to give instructions or inform
Shadowing (file shadowing)
Job Rotation
Directive
Dictionary Attack
33. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
Forward Recovery
BCP Testing Drills and Exercises
SQL Injection
Method
34. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
3 Types of harm Addressed in computer crime laws
Exposure
War Driving
Key Clustering
35. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Overlapping Fragment Attack
Disaster Recovery Teams (Business Recovery Teams)
Exercise
Polyalphabetic
36. Recording activities at the keyboard level
Hearsay
Keystroke Logging
Blind Testing
Security Kernel
37. State of computer - to be running a process
Permutation /Transposition
Wait
Operating
Byte
38. The hard drive
Digital Certificate
Secondary Storage
Virtual Memory
Disk Mirroring
39. Guidelines within an organization that control the rules and configurations of an IDS
Critical Records
War Dialing
Compression
Site Policy
40. Controls for logging and alerting
Data Owner
Object
Time Of Check/Time Of Use
Intrusion Detection Systems
41. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
Mirroring
IP Fragmentation
Ethics
Monitor
42. A documented battle plan for coordinating response to incidents.
Security Clearance
Disaster
Incident Handling
Reference Monitor
43. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Distributed Processing
Discretionary
Triage
Smurf
44. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Business Continuity Steering Committee
Damage Assessment
Compensating
Data Dictionary
45. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.
Contact List
Deleted File
Full Test (Full Interruption)
Service Bureau
46. A device that sequentially switches multiple analog inputs to the output.
Multiplexers
Discretionary
Noise
Burn
47. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
Containment
Running Key
ISO/IEC 27001
Cross Certification
48. Descrambling the encrypted message with the corresponding key
Alert
Civil Law
Decipher
Lattice
49. A database that contains the name - type - range of values - source and authorization for access for each data element
Hard Disk
Transients
Data Dictionary
Worldwide Interoperability for Microwave Access (WI-MAX )
50. A layer 2 device that used to connect two or more network segments and regulate traffic.
Data Diddler
Switches
Vulnerability
War Dialing