SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
Eavesdropping
Reference Monitor
Disaster
Critical Functions
2. Program that inappropriately collects private data or activity
Spyware
Metadata
MOM
Recovery
3. Data or interference that can trigger a false positive
Qualitative
Double Blind Testing
Watermarking
Noise
4. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Non-Repudiation
Alarm Filtering
Recovery Time Objectives
Contingency Plan
5. Malware that subverts the detective controls of an operating system
Simulation Test
Disaster
Rootkit
Integrated Test
6. To segregate for the purposes of labeling
Mantrap (Double Door System)
Exposure
Compartmentalize
Atomicity
7. Inference about encrypted communications
Intrusion Detection Systems
Full Test (Full Interruption)
Site Policy Awareness
Side Channel Attack
8. Induces a crime - tricks a person - and is illegal
Entrapment
Convincing
Patent
Mirrored Site
9. Inappropriate data
Malformed Input
Data Custodian
Databases
Residual Data
10. One entity with two competing allegiances
Conflict Of Interest
Access Control Matrix
Interpreter
Key Management
11. Abstract and mathematical in nature - defining all possible states - transitions and operations
Recovery Time Objectives
State Machine Model
Logic Bomb
Public Key Infrastructure (PKI)
12. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Tracking
Warm Site
Sequence Attacks
Overlapping Fragment Attack
13. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Classification
Cache
Job Rotation
Chain of Custody
14. A template for the designing the architecture
Business Continuity Planning (BCP)
Security Blueprint
CPU Cache
Contact List
15. Hardware or software that is part of a larger system
Life Cycle of Evidence
Radio Frequency Interference (RFI)
Spiral
Embedded
16. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.
Teardrop
Compensating
File
Remanence
17. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Mandatory Access Control (MAC)
Top Secret
Moore's Law
Picking
18. Using many alphabets
Administrative Laws
Polyalphabetic
Operating
CPU Cache
19. Ertaining to a number system that has just two unique digits.
Fraggle
Life Cycle of Evidence
Binary
Checklist Test
20. A mathematical tool for verifying no unintentional changes have been made
Code
Civil Or Code Law
Non-Repudiation
Checksum
21. Process of statistically testing a data set for the likelihood of relevant information.
Sampling
Logic Bomb
Simulation
Fraggle
22. Hitting a filed down key in a lock with a hammer to open without real key
Top Secret
Maximum Tolerable Downtime (MTD)
Trademark
Bumping
23. Recognition of an individual's assertion of identity.
Standalone Test
Full Test (Full Interruption)
Identification
Trade Secret
24. A state for operating system tasks only
Dictionary Attack
Central Processing Unit (CPU)
Supervisor Mode (monitor - system - privileged)
Shielding
25. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
SYN Flooding
Access Control Matrix
Business Impact Analysis
Civil Law
26. Low level - pertaining to planning
Stopped
Tactical
ff Site
Burn
27. Recording the Who What When Where How of evidence
Administrative Laws
Chain Of Custody
Analysis
Risk Assessment / Analysis
28. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Mission-Critical Application
Intrusion Prevention Systems
SQL Injection
Disaster
29. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.
File Server
Fault Tolerance
Structured Walkthrough
Modification
30. Intellectual property management technique for identifying after distribution
Watermarking
Certification
Strategic
Processes are Isolated By
31. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Containment
Forward Recovery
Crisis
Asymmetric
32. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
SYN Flooding
Proprietary
Virtual Memory
Control
33. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Standalone Test
Authentication
Crisis
Enticement
34. Converts source code to an executable
Compiler
Containment
Initialization Vector
Cross-Site Scripting
35. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Elements of Negligence
Fraggle
Evidence
Object Oriented Programming (OOP)
36. Reprogrammable basic startup instructions
Bollard
E-Mail Spoofing
Firmware
Disaster
37. A type of attack involving attempted insertion - deletion or altering of data.
Non-Interference
High-Risk Areas
Modification
Security Domain
38. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.
Damage Assessment
Deleted File
Incident Response
Salami
39. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
Hot Site
Confidence Value
Critical Records
Hearsay Evidence
40. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
Liability
Injection
Noise
Legacy Data
41. Regular operations are stopped and where processing is moved to the alternate site.
Full-Interruption test
Database Shadowing
Examples of technical security components
Logic Bomb
42. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Smurf
Mission-Critical Application
Gateway
Multi-Party Control
43. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Due Diligence
Interception
Emergency
ISO/IEC 27001
44. Small data warehouse
Object Oriented Programming (OOP)
TEMPEST
Data Marts
File Server
45. High degree of visual control
Certification
UPS
Encryption
Surveillance
46. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Checklist Test (desk check)
Non-Discretionary Access Control
File Shadowing
Data Hiding
47. The hard drive
CobiT
Repeaters
Secondary Storage
On-Site
48. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Analysis
TCSEC (Orange Book)
Data Hiding
Incident Response
49. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
Key Clustering
True Attack Stimulus
Assembler
High-Risk Areas
50. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Compartmentalize
Data Integrity
Polymorphism
Rollback