SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
ff Site
Orange Book B2 Classification
Business Recovery Timeline
Corrective
2. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Prevention
Mandatory Access Control (MAC)
Cryptology
Civil Law
3. Owner directed mediation of access
TEMPEST
Discretionary
Security Blueprint
Incident Response Team
4. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
Total Risk
Object Oriented Programming (OOP)
Security Blueprint
HTTP Response Splitting
5. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Business Continuity Planning (BCP)
Corrective
Damage Assessment
MOM
6. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Certification Authority
Logic Bomb
Birthday Attack
Uninterruptible Power Supply (UPS)
7. Control category - more than one control on a single asset
Access Control Matrix
Compensating
Memory Management
Mirroring
8. Communication of a security incident to stakeholders and data owners.
Satellite
Uninterruptible Power Supply (UPS)
Notification
Risk Mitigation
9. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Smurf
Interference (Noise)
Residual Data
Assembler
10. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Application Programming Interface
Education
Strategic
Identification
11. Unauthorized access of network devices.
Full-Interruption test
Physical Tampering
Running
Activation
12. High level design or model with a goal of consistency - integrity - and balance
Mandatory Access Control (MAC)
Locard's Principle
Concatenation
Architecture
13. Process of statistically testing a data set for the likelihood of relevant information.
Alternate Site
Liability
Cipher Text
Sampling
14. Indivisible - data field must contain only one value that either all transactions take place or none do
Structured Walk-Through Test
Atomicity
Business Impact Analysis
Debriefing/Feedback
15. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components
Record Level Deletion
Masked/Interruptible
Compiler
Firewall
16. Business and technical process of applying security software updates in a regulated periodic way
Patch Management
IP Fragmentation
Inference
Activation
17. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.
Reciprocal Agreement
Residual Data
Tort
Emergency
18. A Trojan horse with the express underlying purpose of controlling host from a distance
Incident Manager
Permutation /Transposition
Workaround Procedures
Remote Access Trojan
19. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.
Orange Book A Classification
Public Key Infrastructure (PKI)
Computer System Evidence
User Mode (problem or program state)
20. Unsolicited commercial email
Acronym for American Standard Code for Information Interchange (ASCII)
Business Records
Blackout
Spam
21. To segregate for the purposes of labeling
Isolation
Compartmentalize
Data Hiding
Technical Access Controls
22. Return to a normal state
Uninterruptible Power Supply (UPS)
Recovery
Entrapment
Mantrap (Double Door System)
23. To know more than one job
Kerberos
Labeling
Cross Training
Byte Level Deletion
24. Third party processes used to organize the implementation of an architecture
Remanence
Mantrap (Double Door System)
Watermarking
Framework
25. Induces a crime - tricks a person - and is illegal
Botnet
Job Training
Entrapment
Interference (Noise)
26. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Consistency
Electromagnetic Interference (EMI)
Information Risk Management (IRM)
Qualitative
27. Is secondhand and usually not admissible in court
Brute Force
Multi-Programming
Secondary Storage
Hearsay Evidence
28. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Distributed Denial Of Service
Hacker
Brouter
TIFF (Tagged Image File Format)
29. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Mobile Site
Disaster Recovery Tape
Safeguard
Denial Of Service
30. An asymmetric cryptography mechanism that provides authentication.
Framework
Analysis
Full-Interruption test
Digital Signature
31. Those who initiate the attack
Hash Function
IP Fragmentation
Checksum
Threat Agent
32. Written internalized or nationalized norms that are internal to an organization
Structured Walkthrough
Polyalphabetic
Remanence
Standard
33. Code making
Cryptography
Source Routing Exploitation
Access Point
Strategic
34. Malware that makes small random changes to many data points
Access Control Lists
Examples of technical security components
Data Diddler
Executive Succession
35. Long term knowledge building
Digital Certificate
Education
Data Marts
ISO/IEC 27002
36. A layer 2 device that used to connect two or more network segments and regulate traffic.
Noise
Protection
Wireless Fidelity (Wi-Fi )
Switches
37. To reduce sudden rises in current
War Driving
Surge Suppressor
Backup
Isolation
38. Key
Trade Secret
Metadata
Cryptovariable
Due Diligence
39. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
Modems
Degauss
Atomicity
Cryptovariable
40. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Quantitative Risk Analysis
Simulation
True Attack Stimulus
Layering
41. Mediation of covert channels must be addressed
System Life Cycle
Business Continuity Program
Keyed-Hashing For Message Authentication
Information Flow Model
42. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
ISO/IEC 27001
Database Replication
Mobile Site
Key Management
43. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Simulation
Virus
Algorithm
Hub
44. Intellectual property protection for marketing efforts
Workaround Procedures
Residual Risk
Trademark
Physical Tampering
45. A planned or unplanned interruption in system availability.
System Downtime
Data Warehouse
Recovery Strategy
Criminal Law
46. Weakness or flaw in an asset
Critical Functions
Fraggle
Vulnerability
Business Recovery Timeline
47. The level and label given to an individual for the purpose of compartmentalization
Revocation
Faraday Cage/ Shield
Security Clearance
Interception
48. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
On-Site
Directive
Operational Exercise
Hacker
49. Vehicle stopping object
Bollard
Mandatory Access Control (MAC)
Governance
Fire Classes
50. A state for operating system tasks only
Transfer
Supervisor Mode (monitor - system - privileged)
Byte
Cryptology
