SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials
Compression
Administrative Laws
Activation
Cookie
2. DoS - Spoofing - dictionary - brute force - wardialing
Degauss
Mandatory Access Control (MAC)
Access Control Attacks
File Extension
3. One of the key benefits of a network is the ability to share files stored on the server among several users.
Covert Channel
EMI
File Sharing
3 Types of harm Addressed in computer crime laws
4. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Criminal Law
Network Attached Storage (NAS)
Checksum
Administrative Laws
5. Highest level of authority at EOC with knowledge of the business process and the resources available
Incident Manager
Common Criteria
Botnet
Metadata
6. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Isolation
Mandatory Access Control (MAC)
Replication
Race Condition
7. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.
Forward Recovery
Risk Assessment / Analysis
Classification Scheme
Simulation Test
8. Firewalls - encryption - and access control lists
Examples of technical security components
Journaling
E-Mail Spoofing
Brouter
9. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Overlapping Fragment Attack
Directive
Governance
Business Impact Assessment (BIA)
10. Potentially retrievable data residue that remains following intended erasure of data.
Race Condition
Architecture
Remanence
Consistency
11. Low level - pertaining to planning
Metadata
Tactical
Procedure
Restoration
12. Written step-by-step actions
Procedure
Full-Interruption test
Masked/Interruptible
Encryption
13. A record that must be preserved and available for retrieval if needed.
Radio Frequency Interference (RFI)
Content Dependent Access Control
Hijacking
Vital Record
14. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
Elements of Negligence
ISO/IEC 27002
Bumping
Virtual Memory
15. Responsibility of a user for the actions taken by their account which requires unique identification
Key Space
Control Category
Debriefing/Feedback
Accountability
16. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.
Cryptology
Resumption
Vulnerability
Worldwide Interoperability for Microwave Access (WI-MAX )
17. A state for operating system tasks only
Supervisor Mode (monitor - system - privileged)
EMI
Dangling Pointer
Boot (V.)
18. One way encryption
Hash Function
Firewall
Gateway
Surveillance
19. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Discretionary Access Control (DAC)
Declaration
Shadowing (file shadowing)
Emergency
20. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Faraday Cage/ Shield
Information Technology Security Evaluation Criteria - ITSEC
5 Rules Of Evidence
Reciprocal Agreement
21. The partial or full duplication of data from a source database to one or more destination databases.
Vital Record
Database Replication
Orange Book A Classification
Overlapping Fragment Attack
22. Define the way in which the organization operates.
Proprietary
Aggregation
Modification
Need-To-Know
23. Recovery alternative which outsources a business function at a cost
Layering
Service Bureau
Simulation Test
Legacy Data
24. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Steganography
Examples of non-technical security components
Contingency Plan
Quantitative Risk Analysis
25. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.
Redundant Servers
Cold Site
Critical Infrastructure
Damage Assessment
26. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.
EMI
Countermeasure
File Shadowing
Identification
27. To smooth out reductions or increases in power
Instance
Full-Interruption test
Workaround Procedures
UPS
28. Evidence must be: admissible - authentic - complete - accurate - and convincing
Shift Cipher (Caesar)
Data Diddler
On-Site
5 Rules Of Evidence
29. Mitigate damage by isolating compromised systems from the network.
Accreditation
Noise
Containment
Strategic
30. Computing power will double every 18 months
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
31. Control category - more than one control on a single asset
Compensating
Atomicity
Standard
Contingency Plan
32. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Generator
Data Recovery
Top Secret
Business Continuity Program
33. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.
Picking
Access Control Attacks
Routers
Risk Assessment / Analysis
34. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Framework
Alert
Code
Common Criteria
35. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
Legacy Data
Fire Classes
Buffer Overflow
Operational
36. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Firmware
Cipher Text
Acronym for American Standard Code for Information Interchange (ASCII)
Twisted Pair
37. Record history of incident
Incident Response Team
Malformed Input
Tracking
Quantitative Risk Analysis
38. A temporary public file to inform others of a compromised digital certificate
Certificate Revocation List (CRL)
Processes are Isolated By
Orange Book A Classification
Structured Walkthrough
39. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Fire Detection
Test Plan
Embedded
Orange Book B2 Classification
40. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Electromagnetic Interference (EMI)
Convincing
Embedded Systems
Desk Check Test
41. Requirement to take time off
Mandatory Vacations
Covert Channel
Business Recovery Team
Computer System Evidence
42. Pertaining to law - lending it self to one side of an argument
Security Clearance
Convincing
Voice Over IP (VOIP)
Routers
43. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
Operating
Conflict Of Interest
Computer System Evidence
Decipher
44. Granular decision by a system of permitting or denying access to a particular resource on the system
Interpreter
Botnet
Threads
Authorization
45. Mediation of covert channels must be addressed
Backup
Degauss
Information Flow Model
Conflict Of Interest
46. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
System Life Cycle
Recovery Time Objectives
Salami
Deterrent
47. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Uninterruptible Power Supply (UPS)
Residual Risk
Stopped
Digital Signature
48. A program with an inappropriate second purpose
Checksum
Network Attached Storage (NAS)
Trojan Horse
Non-Discretionary Access Control
49. The technical and risk assesment of a system within the context of the operating environment
CobiT
5 Rules Of Evidence
Capability Tables
Certification
50. A copy of transaction data - designed for querying and reporting
Multi-Processor
Workaround Procedures
Data Warehouse
Non-Interference