SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Guidelines within an organization that control the rules and configurations of an IDS
Databases
Data Diddler
Site Policy
Metadata
2. Organized group of compromised computers
Multilevel Security System
TIFF (Tagged Image File Format)
Warm Site
Botnet
3. Evidence must be: admissible - authentic - complete - accurate - and convincing
5 Rules Of Evidence
Change Control
SQL Injection
Mitigate
4. OOP concept of an object's abilities - what it does
Contingency Plan
EMI
Method
JPEG (Joint Photographic Experts Group)
5. Record history of incident
ISO/IEC 27002
Trojan Horse
Tracking
Encryption
6. To create a copy of data as a precaution against the loss or damage of the original data.
Cryptology
Backup
Disk Mirroring
Running Key
7. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.
Damage Assessment
Memory Management
Revocation
ITSEC
8. An availability attack - to consume resources to the point of exhaustion from multiple vectors
Distributed Denial Of Service
Fire Detection
Policy
Custodian
9. Code making
Cryptography
Brute Force
File Server
Denial Of Service
10. Autonomous malware that requires a flaw in a service
Electrostatic Discharge
Switches
Common Criteria
Worm
11. Control category- to discourage an adversary from attempting to access
Deterrent
Top Secret
Threads
Multi-Core
12. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
File Extension
Bollard
Modification
Keystroke Logging
13. Security policy - procedures - and compliance enforcement
Threats
Protection
Object Reuse
Examples of non-technical security components
14. Sphere of influence
Exposure
Data Dictionary
Domain
Vital Record
15. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
Relocation
Symmetric
Checklist Test (desk check)
IP Fragmentation
16. Hiding the fact that communication has occurred
Steganography
Strategic
Data Backup Strategies
Inrush Current
17. Try a list of words in passwords or encryption keys
Threads
Guidelines
Rogue Access Points
Dictionary Attack
18. To stop damage from spreading
War Driving
Public Key Infrastructure (PKI)
Containment
Cache
19. System directed mediation of access with labels
File Extension
Compression
Mandatory
Interpreter
20. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.
Alternate Site
Plaintext
Running Key
Payload
21. OOP concept of an object at runtime
Instance
Compression
Business Recovery Team
Secondary Storage
22. An asymmetric cryptography mechanism that provides authentication.
E-Mail Spoofing
Digital Signature
Mirroring
Surge Suppressor
23. Uncleared buffers or media
Object Reuse
Administrative Access Controls
Spiral
Database Replication
24. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Radio Frequency Interference (RFI)
Fire Suppression
Recovery Period
Incident Manager
25. A process state - to be executing a process on the CPU
Lattice
Disk Mirroring
Running
Recovery Period
26. A mobilized resource purchased or contracted for the purpose of business recovery.
Log
Mobile Recovery
Codec
Legacy Data
27. Consume resources to a point of exhaustion - loss of availability
Denial Of Service
Multi-Processing
Compensating
Data Warehouse
28. OOP concept of a distinct copy of the class
Object
Data Diddler
State Machine Model
Multilevel Security System
29. Wrong against society
Inference
Criminal Law
Recovery
Tapping
30. A system designed to prevent unauthorized access to or from a private network.
2-Phase Commit
Business Continuity Planning (BCP)
Cryptanalysis
Firewall
31. Outputs within a given function are the same result
Collisions
Cryptography
Brownout
Orange Book D Classification
32. A back up type - where the organization has excess capacity in another location.
Critical Functions
Alert/Alarm
Distributed Processing
Dangling Pointer
33. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress
Database Replication
Alternate Data Streams (File System Forks)
True Attack Stimulus
Quantitative Risk Analysis
34. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
Governance
Public Key Infrastructure (PKI)
Disk Mirroring
Containment
35. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Cross Training
Orange Book C2 Classification
Simulation
Primary Storage
36. An encryption method that has a key as long as the message
Administrative Access Controls
Evidence
Threads
Running Key
37. Inappropriate data
Least Privilege
Malformed Input
File Server
Operational Exercise
38. Potentially compromising leakage of electrical or acoustical signals.
Information Technology Security Evaluation Criteria - ITSEC
Security Blueprint
Emanations
Fault Tolerance
39. The chance that something negative will occur
Residual Data
CobiT
Risk
Detective
40. A technology that reduces the size of a file.
Spam
Key Escrow
Threats
Compression
41. Recognition of an individual's assertion of identity.
Cryptanalysis
Compensating
Identification
Territoriality
42. The partial or full duplication of data from a source database to one or more destination databases.
Hash Function
Examples of non-technical security components
Database Replication
Due Care
43. OOP concept of a template that consist of attributes and behaviors
Data Marts
Class
Mobile Site
UPS
44. Pertaining to law - high degree of veracity
Corrective
Data Integrity
Accurate
Mitigate
45. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
Business Interruption Insurance
MOM
Public Key Infrastructure (PKI)
Emanations
46. To jump to a conclusion
Interference (Noise)
Inference
Cache
One Time Pad
47. Return to a normal state
Primary Storage
Recovery
Fault Tolerance
Virus
48. Memory - RAM
Primary Storage
TIFF (Tagged Image File Format)
Remote Journaling
Business Interruption Insurance
49. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Non-Discretionary Access Control
Legacy Data
Buffer Overflow
Information Technology Security Evaluation Criteria - ITSEC
50. An event which stops business from continuing.
Certification Authority
Patent
Disaster
Source Routing Exploitation