SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The level and label given to an individual for the purpose of compartmentalization
Moore's Law
Security Clearance
Digital Signature
Bridge
2. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Full-Interruption test
Data Dictionary
Kerberos
Substitution
3. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.
Procedure
Disaster
Business Recovery Team
Certificate Revocation List (CRL)
4. Recovery alternative - complete duplication of services including personnel
Polyalphabetic
Firmware
Remote Access Trojan
Mirrored Site
5. The event signaling an IDS to produce an alarm when no attack has taken place
False Attack Stimulus
Contingency Plan
Byte Level Deletion
Asymmetric
6. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Cryptovariable
Internal Use Only
Mandatory
CobiT
7. Converts a high level language into machine language
Embedded
Assembler
Multi-Tasking
Private Branch Exchange (PBX)
8. Malware that makes small random changes to many data points
Birthday Attack
Race Condition
Picking
Data Diddler
9. A planned or unplanned interruption in system availability.
Replication
Proxies
Accurate
System Downtime
10. The principles a person sets for themselves to follow
ISO/IEC 27001
Firewall
Checkpoint
Ethics
11. Periodic - automatic and transparent backup of data in bulk.
Databases
Electronic Vaulting
Architecture
Bollard
12. A set of laws that the organization agrees to be bound by
Entrapment
Administrative Law
Waterfall
Data Backup Strategies
13. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Multilevel Security System
Incident Response
Threats
Burn
14. Trading one for another
Civil Or Code Law
Simulation
Notification
Substitution
15. Converts source code to an executable
Multi-Processor
Dangling Pointer
Compiler
Criminal Law
16. Lower frequency noise
Keystroke Logging
SYN Flooding
Radio Frequency Interference (RFI)
Buffer Overflow
17. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.
Sag/Dip
Electronic Vaulting
Worldwide Interoperability for Microwave Access (WI-MAX )
Concentrator
18. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Overlapping Fragment Attack
Near Site
Compiler
Job Rotation
19. Intermediate level - pertaining to planning
Method
Operational
Hacker
Wait
20. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Forensic Copy
Orange Book A Classification
Trapdoors (Backdoors) (Maintenance Hooks)
Business Records
21. System directed mediation of access with labels
Mandatory
Security Kernel
Examples of technical security components
Backup
22. The one person responsible for data - its classification and control setting
5 Rules Of Evidence
Information Owner
Tracking
Key Escrow
23. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
Site Policy Awareness
Architecture
Information Owner
Faraday Cage/ Shield
24. Short period of low voltage.
Directive
Multi-Tasking
Sag/Dip
Content Dependent Access Control
25. Granular decision by a system of permitting or denying access to a particular resource on the system
User Mode (problem or program state)
Picking
Quantitative
Authorization
26. A choice in risk management - to convince another to assume risk - typically by payment
TCSEC (Orange Book)
Risk Assessment
Acronym for American Standard Code for Information Interchange (ASCII)
Transfer
27. Recovery alternative - a building only with sufficient power - and HVAC
Generator
Cold Site
Decipher
Operating
28. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Legacy Data
Authorization
Residual Risk
Corrective
29. Memory management technique which allows subjects to use the same resource
Sharing
Encapsulation
CPU Cache
Double Blind Testing
30. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.
Active Data
Fault Tolerance
Separation Of Duties
Checklist Test (desk check)
31. Potentially compromising leakage of electrical or acoustical signals.
Switches
Waterfall
Emanations
Instance
32. Object based description of a single resource and the permission each subject
Threads
Access Control Lists
Trademark
Business Impact Analysis
33. Unchecked data which spills into another location in memory
Buffer Overflow
Administrative
Kerberos
Wait
34. Scrambled form of the message or data
Cipher Text
Stopped
Declaration
ISO/IEC 27001
35. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Payload
Due Diligence
Security Blueprint
Business Records
36. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.
Framework
Distributed Processing
Residual Data
Administrative Law
37. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
Switches
IP Fragmentation
Data Backups
Modification
38. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.
Prevention
Switches
Orange Book A Classification
Containment
39. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Tar Pits
Due Care
Blind Testing
Brouter
40. Actions measured against either a policy or what a reasonable person would do
Due Diligence
Databases
Proxies
Access Control Attacks
41. Pertaining to law - verified as real
Authentic
Remote Journaling
Multilevel Security System
Machine Language (Machine Code)
42. Program that inappropriately collects private data or activity
Analysis
Spyware
Injection
Source Routing Exploitation
43. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Assembler
Injection
Data Custodian
Standalone Test
44. More than one processor sharing same memory - also know as parallel systems
Shadowing (file shadowing)
Conflict Of Interest
Moore's Law
Multi-Processor
45. Recovery alternative which includes cold site and some equipment and infrastructure is available
One Time Pad
Stopped
Warm Site
Patent
46. Induces a crime - tricks a person - and is illegal
Hot Spares
Entrapment
Identification
Steganography
47. The problems solving state - the opposite of supervisor mode
Liability
Alarm Filtering
Sag/Dip
User Mode (problem or program state)
48. The first rating that requires security labels
BCP Testing Drills and Exercises
Orange Book B1 Classification
Fragmented Data
Desk Check Test
49. Memory management technique which allows data to be moved from one memory address to another
Birthday Attack
Compartmentalize
Worldwide Interoperability for Microwave Access (WI-MAX )
Relocation
50. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.
Examples of technical security components
Bridge
Business Unit Recovery
ITSEC