SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Claiming another's identity at a physical level
Trade Secret
Active Data
Masquerading
Quantitative Risk Analysis
2. Security policy - procedures - and compliance enforcement
Due Diligence
Critical Functions
ISO/IEC 27002
Examples of non-technical security components
3. Malware that subverts the detective controls of an operating system
Rootkit
Code
Integrated Test
Highly Confidential
4. The one person responsible for data - its classification and control setting
Information Owner
Residual Risk
Business Records
Encryption
5. OOP concept of a distinct copy of the class
Disaster Recovery Tape
Binary
Trapdoors (Backdoors) (Maintenance Hooks)
Object
6. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
Class
Salami
Directive
ITSEC
7. Control category- to discourage an adversary from attempting to access
Elements of Negligence
Deterrent
File Shadowing
Concentrator
8. Hiding the fact that communication has occurred
Steganography
Walk Though
Investigation
Mobile Site
9. Substitution at the word or phrase level
Code
Masked/Interruptible
Routers
Policy
10. To stop damage from spreading
Control Type
Least Privilege
Containment
Reference Monitor
11. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Initialization Vector
Satellite
Patch Management
Discretionary Access Control (DAC)
12. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Data Marts
Reference Monitor
Control Category
Kerberos
13. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Deletion
Liability
Integrated Test
Restoration
14. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components
Education
Data Custodian
Masked/Interruptible
Data Recovery
15. Interception of a communication session by an attacker.
Remote Journaling
Alternate Data Streams (File System Forks)
Hijacking
Physical Tampering
16. Representatives from each functional area or department get together and walk through the plan from beginning to end.
Mandatory Vacations
Structured Walk-Through Test
Control Category
Security Domain
17. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
Administrative
IP Fragmentation
Access Control Lists
Plain Text
18. A system that enforces an access control policy between two networks.
Memory Management
Firewalls
Top Secret
Non-Repudiation
19. Line noise that is superimposed on the supply circuit.
Multi-Tasking
Capability Tables
Overlapping Fragment Attack
Transients
20. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
Countermeasure
Business Continuity Steering Committee
Object
ISO/IEC 27001
21. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Critical Records
Access Control
Hard Disk
Failure Modes and Effect Analysis (FEMA)
22. Vehicle stopping object
Physical Tampering
State Machine Model
Simulation Test
Bollard
23. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
TCSEC (Orange Book)
Common Criteria
Deterrent
Cross-Site Scripting
24. A design methodology which executes in a linear one way fashion
Waterfall
Embedded
Top Secret
Primary Storage
25. Encryption system using a pair of mathematically related unequal keys
Masked/Interruptible
Multi-Processor
Orange Book A Classification
Asymmetric
26. Two different keys decrypt the same cipher text
Multi-Party Control
Alarm Filtering
Key Clustering
Information Owner
27. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.
Wait
Residual Risk
Isolation
Structured Walkthrough
28. Sudden rise in voltage in the power supply.
SQL Injection
Surge
Threat Agent
Civil Law
29. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.
Rogue Access Points
Data Leakage
Data Marts
Metadata
30. Physical description on the exterior of an object that communicates the existence of a label
Multi-Party Control
Hot Spares
Marking
Orange Book B2 Classification
31. Fault tolerance for power
Bumping
Generator
Civil Law
One Time Pad
32. Uncleared buffers or media
Object Reuse
Operational Impact Analysis
Corrective
Malformed Input
33. Unsolicited advertising software
Adware
Log
Incident Response Team
CobiT
34. Act of scrambling the cleartext message by using a key.
Algorithm
Critical Infrastructure
Encipher
Hub
35. OOP concept of a taking attributes from the original or parent
Data Integrity
System Downtime
Inheritance
Administrative Access Controls
36. A collection of data or information that has a name
File
Copyright
Supervisor Mode (monitor - system - privileged)
Radio Frequency Interference (RFI)
37. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.
Malformed Input
Blackout
File Shadowing
Computer System Evidence
38. Owner directed mediation of access
Discretionary
Crisis
Burn
Multi-Tasking
39. An administrative unit or a group of objects and subjects controlled by one reference monitor
False Attack Stimulus
Security Domain
Attacker (Black hat - Hacker)
Key Escrow
40. Using many alphabets
Mixed Law System
Centralized Access Control Technologies
Symmetric
Polyalphabetic
41. Eavesdropping on network communications by a third party.
Digital Certificate
Sniffing
Top Secret
Due Care
42. To break a business process into separate functions and assign to different people
Remote Journaling
Durability
Contingency Plan
Separation Of Duties
43. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
Cryptography
The ACID Test
Intrusion Prevention Systems
Basics Of Secure Design
44. Final purpose or result
Multi-Party Control
Risk Assessment / Analysis
Payload
Site Policy
45. An asymmetric cryptography mechanism that provides authentication.
Emergency
Digital Signature
Multilevel Security System
Orange Book C Classification
46. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Analysis
Corrective
Security Kernel
Information Technology Security Evaluation Criteria - ITSEC
47. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Domain
Application Programming Interface
Memory Management
CPU Cache
48. A type of attack involving attempted insertion - deletion or altering of data.
File
Modification
Masked/Interruptible
Hard Disk
49. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Parallel Test
Business Records
Service Bureau
Digital Signature
50. Subjects will not interact with each other's objects
Journaling
SQL Injection
Non-Interference
Detection
