SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Someone who wants to cause harm
Attacker (Black hat - Hacker)
Residual Risk
Denial Of Service
Incident Handling
2. Encryption system using a pair of mathematically related unequal keys
Checklist Test
Cipher Text
Asymmetric
Pointer
3. Communication of a security incident to stakeholders and data owners.
Notification
Private Branch Exchange (PBX)
Policy
Infrastructure
4. Substitution at the word or phrase level
Discretionary
Checkpoint
Code
Highly Confidential
5. Final purpose or result
Structured Walkthrough
Alternate Site
Payload
Digital Signature
6. The core logic engine of an operating system which almost never changes
Durability
Noise
File Sharing
Kernel
7. High level - pertaining to planning
File Shadowing
Strategic
Trade Secret
Rollback
8. Trading one for another
One Time Pad
Slack Space
Journaling
Substitution
9. Wrong against society
Encapsulation
Lattice
Standard
Criminal Law
10. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due
Administrative Access Controls
Elements of Negligence
Lattice
Relocation
11. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Firewalls
Tracking
Strong Authentication
TEMPEST
12. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
File Server
Change Control
Microwave
Risk Mitigation
13. Collection of data on business functions which determines the strategy of resiliency
Business Impact Assessment (BIA)
Workaround Procedures
Directive
Watermarking
14. Binary decision by a system of permitting or denying access to the entire system
Authentication
Symmetric
False Negative
Warm Site
15. People who interact with assets
Database Shadowing
User
Transfer
Administrative
16. A database that contains the name - type - range of values - source and authorization for access for each data element
Interpreter
Compartmentalize
Security Clearance
Data Dictionary
17. An encryption method that has a key as long as the message
Running Key
Sniffing
Disaster Recovery Teams (Business Recovery Teams)
Incident
18. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Key Clustering
Dictionary Attack
Prevention
War Dialing
19. Mathematical function that determines the cryptographic operations
Blackout
Top Secret
Simulation
Algorithm
20. Unchecked data which spills into another location in memory
Buffer Overflow
Sharing
Encipher
State Machine Model
21. Periodic - automatic and transparent backup of data in bulk.
Generator
Electronic Vaulting
Remanence
Proxies
22. Control category- to give instructions or inform
Directive
Source Routing Exploitation
Convincing
Simulation
23. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
HTTP Response Splitting
ISO/IEC 27001
Technical Access Controls
Legacy Data
24. A hash that has been further encrypted with a symmetric algorithm
Chain Of Custody
Assembler
Threads
Keyed-Hashing For Message Authentication
25. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
Moore's Law
Liability
Hearsay
Virtual Memory
26. Weakness or flaw in an asset
Vulnerability
User Mode (problem or program state)
Encryption
Off-Site Storage
27. OOP concept of a class's details to be hidden from object
Hearsay
TNI (Red Book)
Twisted Pair
Encapsulation
28. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
Journaling
ITSEC
Access Control Lists
Business Impact Analysis
29. Ertaining to a number system that has just two unique digits.
Binary
Repeaters
Virus
Degauss
30. The hard drive
Executive Succession
Blackout
Object Oriented Programming (OOP)
Secondary Storage
31. Eight bits.
Emergency Procedures
Byte
Information Flow Model
Inrush Current
32. Potential danger to information or systems
Cryptography
Redundant Servers
Application Programming Interface
Threats
33. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.
Worldwide Interoperability for Microwave Access (WI-MAX )
Critical Functions
Compensating
Multilevel Security System
34. Record of system activity - which provides for monitoring and detection.
Checksum
Compiler
Basics Of Secure Design
Log
35. An availability attack - to consume resources to the point of exhaustion
Keyed-Hashing For Message Authentication
Application Programming Interface
Redundant Servers
Denial Of Service
36. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Strong Authentication
Hearsay Evidence
Crisis
Alarm Filtering
37. A template for the designing the architecture
Stopped
Payload
Orange Book D Classification
Security Blueprint
38. Code making
Qualitative
Cryptography
Deterrent
Physical Tampering
39. Security policy - procedures - and compliance enforcement
Interference (Noise)
Key Clustering
Examples of non-technical security components
Modification
40. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Hot Site
Simulation Test
Technical Access Controls
Declaration
41. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Hacker
Shift Cipher (Caesar)
Desk Check Test
Locard's Principle
42. Recovery alternative which outsources a business function at a cost
Cookie
Debriefing/Feedback
Blind Testing
Service Bureau
43. A covert storage channel on the file attribute
Authorization
Alternate Data Streams (File System Forks)
Electronic Vaulting
Technical Access Controls
44. Memory management technique that allows two processes to run concurrently without interaction
Simulation Test
Alternate Data Streams (File System Forks)
Active Data
Protection
45. Pertaining to law - lending it self to one side of an argument
Electrostatic Discharge
Analysis
Convincing
Alert
46. A system designed to prevent unauthorized access to or from a private network.
Life Cycle of Evidence
Restoration
Message Digest
Firewall
47. Specific format of technical and physical controls that support the chosen framework and the architecture
Infrastructure
User
Plaintext
Quantitative
48. Written suggestions that direct choice to a few alternatives
Quantitative Risk Analysis
Application Programming Interface
Key Clustering
Guidelines
49. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.
Picking
Active Data
Custodian
Procedure
50. A layer 2 device that used to connect two network segments and regulate traffic.
Public Key Infrastructure (PKI)
Database Shadowing
Bridge
IDS Intrusion Detection System