SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A technology that reduces the size of a file.
Compression
Disaster
Recovery
Dictionary Attack
2. A trusted issuer of digital certificates
Certification Authority
Disaster Recovery Teams (Business Recovery Teams)
Pervasive Computing and Mobile Computing Devices
Common Law
3. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
ISO/IEC 27001
Basics Of Secure Design
Overlapping Fragment Attack
Multi-Party Control
4. Mitigate damage by isolating compromised systems from the network.
Tort
Inference
Containment
Redundant Servers
5. Threats x Vulnerability x Asset Value = Total Risk
Key Escrow
Encapsulation
Total Risk
Denial Of Service
6. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Payload
Initialization Vector
Recovery Period
Packet Filtering
7. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
2-Phase Commit
Bridge
Key Management
High-Risk Areas
8. A process state - to be either be unable to run waiting for an external event or terminated
Stopped
Logic Bomb
Orange Book C Classification
Generator
9. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Emergency Procedures
Tort
Cross Certification
Journaling
10. Tool which mediates access
Control
Cryptology
Race Condition
Alert/Alarm
11. A template for the designing the architecture
Architecture
Security Blueprint
Spiral
Governance
12. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
Analysis
Confidence Value
Spiral
Recovery Strategy
13. Actions measured against either a policy or what a reasonable person would do
Due Diligence
Journaling
Damage Assessment
Consistency
14. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.
Damage Assessment
Protection
Botnet
Plaintext
15. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Running
Salami
Transients
Business Records
16. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Residual Risk
Admissible
Entrapment
Data Integrity
17. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Strong Authentication
Access Control
Accurate
Data Backups
18. A collection of information designed to reduce duplication and increase integrity
Buffer Overflow
Highly Confidential
Databases
Deterrent
19. Recording activities at the keyboard level
Disaster Recovery Plan
False (False Positive)
Keystroke Logging
Information Flow Model
20. The technical and risk assesment of a system within the context of the operating environment
Certification
Concentrator
Trademark
Cryptovariable
21. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
Multi-Programming
User Mode (problem or program state)
Quantitative Risk Analysis
Tapping
22. The problems solving state - the opposite of supervisor mode
Education
Mobile Recovery
Information Technology Security Evaluation Criteria - ITSEC
User Mode (problem or program state)
23. Claiming another's identity at a physical level
Virus
Masquerading
Residual Risk
Distributed Denial Of Service
24. A running key using a random key that is never used again
2-Phase Commit
One Time Pad
Electronic Vaulting
Data Warehouse
25. Try a list of words in passwords or encryption keys
Dictionary Attack
Noise
Call Tree
Residual Risk
26. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Debriefing/Feedback
Fire Classes
Classification
Memory Management
27. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
TIFF (Tagged Image File Format)
Plan Maintenance Procedures
Threat Agent
Highly Confidential
28. A risk assessment method - measurable real money cost
Shadowing (file shadowing)
Quantitative
Data Custodian
Hot Site
29. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Disaster Recovery Plan
Fire Prevention
Remote Access Trojan
Integrated Test
30. Used to code/decode a digital data stream.
Alert
Sampling
Codec
Polymorphism
31. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.
Redundant Array Of Independent Drives (RAID)
Teardrop
Bit
Mandatory Vacations
32. Statistical probabilities of a collision are more likely than one thinks
Birthday Attack
Attacker (Black hat - Hacker)
Radio Frequency Interference (RFI)
Business Records
33. To break a business process into separate functions and assign to different people
Injection
Separation Of Duties
Life Cycle of Evidence
Quantitative Risk Analysis
34. Potentially retrievable data residue that remains following intended erasure of data.
Remanence
DR Or BC Coordinator
Metadata
Archival Data
35. RADIUS - TACACS+ - Diameter
Centralized Access Control Technologies
Pointer
Labeling
Strong Authentication
36. OOP concept of a distinct copy of the class
Object
Running
Conflict Of Interest
System Life Cycle
37. To load the first piece of software that starts a computer.
Territoriality
Job Rotation
Boot (V.)
System Life Cycle
38. The first rating that requires security labels
Criminal Law
Internal Use Only
Orange Book B1 Classification
Disaster Recovery Teams (Business Recovery Teams)
39. Power surge
Executive Succession
Electrostatic Discharge
Class
Security Kernel
40. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
IDS Intrusion Detection System
Public Key Infrastructure (PKI)
Mission-Critical Application
Procedure
41. Control type- that is communication based - typically written or oral
Mitigate
Desk Check Test
Separation Of Duties
Administrative
42. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.
Process Isolation
Concatenation
Worldwide Interoperability for Microwave Access (WI-MAX )
5 Rules Of Evidence
43. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
Critical Functions
Business Recovery Timeline
Discretionary
Classification
44. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.
Security Clearance
Examples of non-technical security components
Total Risk
Residual Data
45. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
Honeypot
Attacker (Black hat - Hacker)
Algorithm
Full Test (Full Interruption)
46. For PKI - decertify an entities certificate
Cryptovariable
3 Types of harm Addressed in computer crime laws
Revocation
IP Fragmentation
47. A hash that has been further encrypted with a symmetric algorithm
Keyed-Hashing For Message Authentication
Surveillance
Application Programming Interface
Data Recovery
48. People protect their domain
Surge Suppressor
Machine Language (Machine Code)
Codec
Territoriality
49. Transaction controls for a database - a return to a previous state
Sag/Dip
JPEG (Joint Photographic Experts Group)
Rollback
Basics Of Secure Design
50. Creation distribution update and deletion
Key Management
File Level Deletion
Certificate Revocation List (CRL)
Trade Secret