SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Total number of keys available that may be selected by the user of a cryptosystem
True Attack Stimulus
Key Space
Cross-Site Scripting
Access Control Lists
2. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
File Level Deletion
Reciprocal Agreement
Administrative Laws
Non-Repudiation
3. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Voice Over IP (VOIP)
Microwave
Plaintext
Blackout
4. A process state - (blocked) needing input before continuing
Wait
Administrative Law
Masked/Interruptible
Spiral
5. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Ethics
Code
Strong Authentication
Internal Use Only
6. A database backup type which records at the transaction level
Remote Journaling
Accountability
Patent
Total Risk
7. The first rating that requires security labels
File Extension
Mantrap (Double Door System)
Orange Book B1 Classification
Cache
8. The collection and summation of risk data relating to a particular asset and controls for that asset
Running
Risk Assessment
Call Tree
Blind Testing
9. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.
Checkpoint
Forensic Copy
Active Data
Chain of Custody
10. Physical description on the exterior of an object that communicates the existence of a label
Mantrap (Double Door System)
Work Factor
Marking
Maximum Tolerable Downtime (MTD)
11. Amount of time for restoring a business process or function to normal operations without major loss
Common Criteria
Maximum Tolerable Downtime (MTD)
Journaling
Interpreter
12. To assert or claim credentialing to an authentication system
Threats
Identification
Standalone Test
Site Policy Awareness
13. System of law based upon precedence - with major divisions of criminal - tort - and administrative
Common Law
Keyed-Hashing For Message Authentication
Embedded Systems
Salami
14. A condition in which neither party is willing to stop their activity for the other to complete
Race Condition
EMI
Deadlock
Standalone Test
15. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Civil Law
Strategic
Deadlock
Policy
16. The managerial approval to operate a system based upon knowledge of risk to operate
Business Interruption
Operational Impact Analysis
Patch Management
Accreditation
17. Recovery alternative - a building only with sufficient power - and HVAC
Prevention
Information Technology Security Evaluation Criteria - ITSEC
Cold Site
IP Fragmentation
18. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
False Attack Stimulus
Centralized Access Control Technologies
Critical Records
Mandatory Access Control (MAC)
19. Less granular organization of controls -
Control Type
Monitor
Cryptovariable
5 Rules Of Evidence
20. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
Access Control Matrix
Object Oriented Programming (OOP)
Packet Filtering
Virtual Memory
21. A passive network attack involving monitoring of traffic.
Control Type
Contingency Plan
Eavesdropping
Examples of technical security components
22. A copy of transaction data - designed for querying and reporting
Birthday Attack
Change Control
Data Warehouse
2-Phase Commit
23. A backup of data located where staff can gain access immediately
Patch Panels
Common Law
Service Bureau
On-Site
24. Fault tolerance for power
Generator
IP Fragmentation
Checklist Test (desk check)
Smurf
25. Binary decision by a system of permitting or denying access to the entire system
File Sharing
Authentication
Deadlock
Patch Panels
26. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
Multi-Programming
Brouter
Blind Testing
Top Secret
27. Only the key protects the encrypted information
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
28. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components
Residual Data
Masked/Interruptible
Boot (V.)
Resumption
29. Joining two pieces of text
Marking
Shadowing (file shadowing)
Covert Channel
Concatenation
30. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
Due Care
Compensating
Shielding
Countermeasure
31. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
One Time Pad
Operational Impact Analysis
Exercise
Botnet
32. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
Confidence Value
Security Blueprint
Running Key
Data Recovery
33. Written step-by-step actions
Virtual Memory
Spiral
Separation Of Duties
Procedure
34. Property that data is represented in the same manner at all times
Public Key Infrastructure (PKI)
Tracking
Patent
Consistency
35. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
Call Tree
Spiral
SQL Injection
Trade Secret
36. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Twisted Pair
Notification
Evidence
Lattice
37. A trusted issuer of digital certificates
Strategic
Generator
Aggregation
Certification Authority
38. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
File Server
Identification
Operating
ISO/IEC 27001
39. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
Reference Monitor
Proxies
Business Unit Recovery
Isolation
40. A programming design concept which abstracts one set of functions from another in a serialized fashion
Processes are Isolated By
Layering
Cross Certification
High-Risk Areas
41. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
Symmetric
Fire Classes
Memory Management
Assembler
42. Objects or programming that looks the different but act same
Polymorphism
Digital Signature
User Mode (problem or program state)
Data Leakage
43. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Log
Authentication
Open Mail Relay Servers
Qualitative
44. Renders the record inaccessible to the database management system
Consistency
Side Channel Attack
Record Level Deletion
Labeling
45. Moving letters around
IDS Intrusion Detection System
Permutation /Transposition
Deterrent
Cross Training
46. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Encipher
Payload
Firmware
Exposure
47. The hard drive
Detective
Radio Frequency Interference (RFI)
Cookie
Secondary Storage
48. Controls for termination of attempt to access object
Triage
Operational Impact Analysis
Intrusion Prevention Systems
Cryptology
49. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.
BCP Testing Drills and Exercises
File Shadowing
Virtual Memory
Access Control
50. A backup of data located where staff can gain access readily and a localized disaster will not cause harm
Executive Succession
Near Site
Vulnerability
Information Technology Security Evaluation Criteria - ITSEC