SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?
Access Control Lists
Vital Record
Checklist Test (desk check)
Tort
2. Another subject cannot see an ongoing or pending update until it is complete
Trusted Computing Base
Steganography
Isolation
Spiral
3. A backup type which creates a complete copy
Replication
Job Training
Authentic
Slack Space
4. Location to perform the business function
Shadowing (file shadowing)
Application Programming Interface
Investigation
Alternate Site
5. Interception of a communication session by an attacker.
Encryption
Reference Monitor
Business Continuity Planning (BCP)
Hijacking
6. The technical and risk assesment of a system within the context of the operating environment
Hearsay
Convincing
Accountability
Certification
7. The chance that something negative will occur
Honeypot
Identification
Risk
Checkpoint
8. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Least Privilege
Overlapping Fragment Attack
Checksum
Simulation
9. Controls deployed to avert unauthorized and/or undesired actions.
TEMPEST
Prevention
Proxies
Process Isolation
10. An individuals conduct that violates government laws developed to protect the public
Cache
Central Processing Unit (CPU)
Business Interruption
Criminal Law
11. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)
Rollback
User Mode (problem or program state)
Codec
Contingency Plan
12. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
TNI (Red Book)
The ACID Test
Object Oriented Programming (OOP)
Kerberos
13. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Payload
Residual Risk
Contingency Plan
Desk Check Test
14. A race condition where the security changes during the object's access
Non-Discretionary Access Control
Cryptovariable
Time Of Check/Time Of Use
Fire Suppression
15. A device that provides the functions of both a bridge and a router.
Fault
Brouter
Threats
System Life Cycle
16. A layer 2 device that used to connect two network segments and regulate traffic.
Archival Data
Bridge
Mirrored Site
Polyalphabetic
17. To know more than one job
Sniffing
Cross Training
Hacker
Operational Test
18. An image compression standard for photographs
Covert Channel
Surge
JPEG (Joint Photographic Experts Group)
TIFF (Tagged Image File Format)
19. Sphere of influence
Public Key Infrastructure (PKI)
Emergency
Domain
Mitigate
20. A hash that has been further encrypted with a symmetric algorithm
Relocation
Keyed-Hashing For Message Authentication
Mission-Critical Application
Residual Data
21. Specific format of technical and physical controls that support the chosen framework and the architecture
Mobile Site
Data Backup Strategies
Infrastructure
Data Recovery
22. Control category- to give instructions or inform
Keyed-Hashing For Message Authentication
Stopped
Enticement
Directive
23. Communicate to stakeholders
Denial Of Service
Access Control Lists
Complete
Debriefing/Feedback
24. Unsolicited advertising software
Adware
SYN Flooding
Security Clearance
Physical Tampering
25. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Entrapment
Coaxial Cable
Contingency Plan
Classification Scheme
26. Provides a physical cross connect point for devices.
Patch Panels
Trade Secret
Worldwide Interoperability for Microwave Access (WI-MAX )
Shift Cipher (Caesar)
27. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Policy
Mandatory Access Control (MAC)
Firewall
Emergency Procedures
28. To break a business process into separate functions and assign to different people
Deadlock
Separation Of Duties
Computer System Evidence
Orange Book D Classification
29. Claiming another's identity at a physical level
Masquerading
Declaration
Vital Record
Inheritance
30. Encryption system using a pair of mathematically related unequal keys
Deadlock
Asymmetric
Public Key Infrastructure (PKI)
Injection
31. Recovery alternative - complete duplication of services including personnel
Plaintext
Mirrored Site
Cryptovariable
Incident Response Team
32. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
Proprietary
Tracking
Full Test (Full Interruption)
IP Fragmentation
33. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Tracking
Evidence
Business Continuity Program
Running
34. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Discretionary Access Control (DAC)
Strong Authentication
Identification
Security Clearance
35. Only the key protects the encrypted information
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
36. High degree of visual control
Certificate Revocation List (CRL)
Test Plan
Surveillance
Strategic
37. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
ITSEC
Degauss
Data Warehouse
Permutation /Transposition
38. More than one CPU on a single board
Remote Journaling
Multi-Core
Marking
Service Bureau
39. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Proxies
Central Processing Unit (CPU)
Open Mail Relay Servers
Simulation Test
40. System of law based upon what is good for society
Replication
Civil Or Code Law
Countermeasure
Structured Walk-Through Test
41. Potential danger to information or systems
Checksum
Warm Site
Threats
ISO/IEC 27002
42. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Common Criteria
Smurf
Access Control Lists
Emergency
43. A backup of data located where staff can gain access readily and a localized disaster will not cause harm
Trade Secret
Archival Data
Near Site
Control
44. A backup of data located where staff can gain access immediately
Man-In-The-Middle Attack
Governance
Pervasive Computing and Mobile Computing Devices
On-Site
45. Two different keys decrypt the same cipher text
Procedure
Key Clustering
Public Key Infrastructure (PKI)
Analysis
46. Data or interference that can trigger a false positive
Maximum Tolerable Downtime (MTD)
Mandatory Access Control (MAC)
Dictionary Attack
Noise
47. A state for operating system tasks only
Reciprocal Agreement
Byte
Labeling
Supervisor Mode (monitor - system - privileged)
48. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Injection
Business Recovery Timeline
Parallel Test
Ethics
49. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Data Integrity
Life Cycle of Evidence
Standard
Call Tree
50. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
ITSEC
Open Mail Relay Servers
Initialization Vector
Sniffing