SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Converts source code to an executable
Modification
Compiler
SYN Flooding
Confidence Value
2. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.
Job Training
File Shadowing
Information Risk Management (IRM)
Aggregation
3. Recognition of an individual's assertion of identity.
Masquerading
CobiT
Safeguard
Identification
4. Representatives from each functional area or department get together and walk through the plan from beginning to end.
Intrusion Detection Systems
Contingency Plan
Race Condition
Structured Walk-Through Test
5. Using small special tools all tumblers of the lock are aligned - opening the door
Database Shadowing
Backup
Masked/Interruptible
Picking
6. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.
Least Privilege
Exposure
Orange Book B2 Classification
Tar Pits
7. Wrong against society
Protection
Symmetric
Criminal Law
User
8. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Spam
Governance
Ring Protection
Compression
9. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Trojan Horse
Business Interruption Insurance
Encryption
Computer Forensics
10. High frequency noise
Quantitative Risk Analysis
Monitor
Fraggle
Electromagnetic Interference (EMI)
11. Regular operations are stopped and where processing is moved to the alternate site.
False Attack Stimulus
Full-Interruption test
Memory Management
Fire Detection
12. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Fault Tolerance
Method
Business Impact Analysis
Supervisor Mode (monitor - system - privileged)
13. Location where coordination and execution of BCP or DRP is directed
Open Mail Relay Servers
Surge Suppressor
Emergency Operations Center (EOC)
Boot (V.)
14. Eavesdropping on network communications by a third party.
Tapping
Modification
Desk Check Test
Buffer Overflow
15. Claiming another's identity at a physical level
Decipher
Rogue Access Points
Masquerading
Access Control Matrix
16. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
War Dialing
Directive
Declaration
Failure Modes and Effect Analysis (FEMA)
17. Total number of keys available that may be selected by the user of a cryptosystem
Uninterruptible Power Supply (UPS)
Least Privilege
Key Space
Information Technology Security Evaluation Criteria - ITSEC
18. Controls for logging and alerting
Intrusion Detection Systems
Cryptovariable
Forensic Copy
Denial Of Service
19. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Alarm Filtering
Encryption
Risk
Compression
20. To stop damage from spreading
Containment
Operating
Public Key Infrastructure (PKI)
Access Control Lists
21. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Trusted Computing Base
Method
Concentrator
Governance
22. Information about data or records
Trademark
Conflict Of Interest
Metadata
Crisis
23. Actions measured against either a policy or what a reasonable person would do
Due Diligence
Replication
File Server
Class
24. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Highly Confidential
Recovery
Disaster Recovery Tape
Complete
25. Line by line translation from a high level language to machine code
Interpreter
Microwave
Honeynet
Picking
26. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Object
Discretionary Access Control (DAC)
Codec
Non-Discretionary Access Control
27. The guardian of asset(s) - a maintenance activity
Custodian
Site Policy
Convincing
Administrative
28. A backup of data located where staff can gain access immediately
Code
Incident Manager
Database Replication
On-Site
29. A state for operating system tasks only
IP Fragmentation
Supervisor Mode (monitor - system - privileged)
File Extension
Residual Data
30. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Containment
Deletion
Masked/Interruptible
Chain of Custody
31. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.
Simulation Test
Patent
Mandatory Vacations
Spam
32. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Time Of Check/Time Of Use
Information Risk Management (IRM)
Due Diligence
Metadata
33. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Mantrap (Double Door System)
Authorization
Hard Disk
Codec
34. Using many alphabets
The ACID Test
Polyalphabetic
Fault Tolerance
Spam
35. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Business Interruption
Redundant Array Of Independent Drives (RAID)
Business Continuity Program
Remote Journaling
36. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
ISO/IEC 27002
Layering
Due Diligence
Fire Classes
37. A perpetrator leaves something behind or takes something with them at the scene of a crime
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
38. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Codec
Administrative
Injection
Privacy Laws
39. Intellectual property protection for an invention
Patent
Patch Management
Eavesdropping
Data Recovery
40. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Emergency Procedures
Investigation
Business Recovery Timeline
Discretionary
41. Moving letters around
Incident Response
Cookie
Marking
Permutation /Transposition
42. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Marking
Complete
Time Of Check/Time Of Use
Data Recovery
43. Policy or stated actions
Hijacking
Due Care
Chain Of Custody
Polymorphism
44. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Checklist Test
Instance
Satellite
File Extension
45. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.
Application Programming Interface
Multilevel Security System
Declaration
Fire Prevention
46. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Adware
Business Continuity Planning (BCP)
HTTP Response Splitting
CobiT
47. Collection of data on business functions which determines the strategy of resiliency
Event
Business Impact Assessment (BIA)
Rogue Access Points
Alarm Filtering
48. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.
Non-Discretionary Access Control
3 Types of harm Addressed in computer crime laws
Trusted Computing Base
Mock Disaster
49. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.
Monitor
DR Or BC Coordinator
Business Interruption Insurance
Administrative Law
50. Unsolicited commercial email
Sag/Dip
Spam
CobiT
Proxies