SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Evidence must be: admissible - authentic - complete - accurate - and convincing
Information Technology Security Evaluation Criteria - ITSEC
Quantitative
5 Rules Of Evidence
Fiber Optics
2. Autonomous malware that requires a flaw in a service
Worm
Hot Site
Exposure
Exercise
3. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
Residual Data
Business Interruption Insurance
Disaster Recovery Plan
Permutation /Transposition
4. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Structured Walk-Through Test
Cross Training
Information Risk Management (IRM)
Multi-Processor
5. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
Sharing
Storage Area Network (SAN)
Information Owner
SQL Injection
6. Recovery alternative - everything needed for the business function - except people and last backup
Bumping
Hot Site
Recovery Time Objectives
Information Risk Management (IRM)
7. To know more than one job
Tracking
Disaster Recovery Plan
Cross Training
Proxies
8. Inference about encrypted communications
Elements of Negligence
Side Channel Attack
Access Point
Sharing
9. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.
Smurf
One Time Pad
The ACID Test
Restoration
10. Recognition of an individual's assertion of identity.
Data Dictionary
Teardrop
Identification
System Life Cycle
11. Hitting a filed down key in a lock with a hammer to open without real key
TEMPEST
Multiplexers
Bumping
Blackout
12. Real-time - automatic and transparent backup of data.
SYN Flooding
Waterfall
Remote Journaling
Metadata
13. A risk assessment method - intrinsic value
Data Hiding
TNI (Red Book)
Qualitative
Chain Of Custody
14. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Burn
Orange Book B1 Classification
Tactical
Data Backup Strategies
15. Periodic - automatic and transparent backup of data in bulk.
Trade Secret
Trademark
Electronic Vaulting
Security Blueprint
16. Methodical research of an incident with the purpose of finding the root cause
Damage Assessment
Cross-Site Scripting
Investigation
Trademark
17. To load the first piece of software that starts a computer.
Boot (V.)
Orange Book A Classification
Database Replication
Supervisor Mode (monitor - system - privileged)
18. Location where coordination and execution of BCP or DRP is directed
ff Site
Emergency Operations Center (EOC)
Data Recovery
Administrative Laws
19. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Disaster Recovery Teams (Business Recovery Teams)
Key Space
Open Mail Relay Servers
Business Records
20. Individuals and departments responsible for the storage and safeguarding of computerized data.
Mirroring
Multilevel Security System
Data Custodian
File
21. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
Data Backups
Public Key Infrastructure (PKI)
File Extension
Tar Pits
22. A device that provides the functions of both a bridge and a router.
Brouter
Warm Site
Accurate
Orange Book C Classification
23. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
Guidelines
Atomicity
False (False Positive)
Shielding
24. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur
Denial Of Service
Failure Modes and Effect Analysis (FEMA)
User
Control Type
25. Fault tolerance for power
The ACID Test
Threats
Man-In-The-Middle Attack
Generator
26. To start business continuity processes
Corrective
Activation
Byte Level Deletion
Warm Site
27. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
MOM
Total Risk
Firewalls
Source Routing Exploitation
28. Renders the record inaccessible to the database management system
Operating
Executive Succession
Record Level Deletion
Separation Of Duties
29. Renders the file inaccessible to the operating system - available to reuse for data storage.
Polyalphabetic
File Level Deletion
Process Isolation
Examples of non-technical security components
30. Security policy - procedures - and compliance enforcement
Examples of non-technical security components
Inheritance
Admissible
Highly Confidential
31. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Secondary Storage
Checklist Test (desk check)
Intrusion Detection Systems
Recovery Period
32. A perpetrator leaves something behind or takes something with them at the scene of a crime
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
33. Converts source code to an executable
Smurf
Compiler
Warm Site
Mandatory Access Control (MAC)
34. A Trojan horse with the express underlying purpose of controlling host from a distance
Radio Frequency Interference (RFI)
Hearsay Evidence
Remote Access Trojan
Checksum
35. A type of attack involving attempted insertion - deletion or altering of data.
Authentication
Consistency
Modification
Cryptography
36. Firewalls - encryption - and access control lists
False Negative
Non-Repudiation
Integrated Test
Examples of technical security components
37. Momentary loss of power
Prevention
Fault
Domain
Data Warehouse
38. A record that must be preserved and available for retrieval if needed.
Vital Record
Redundant Servers
Inference
Due Diligence
39. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Reference Monitor
Recovery Time Objectives
Byte Level Deletion
Standalone Test
40. Communication of a security incident to stakeholders and data owners.
Botnet
Notification
Access Control Matrix
Multi-Processor
41. Mathematical function that determines the cryptographic operations
Double Blind Testing
Algorithm
File Extension
Boot (V.)
42. A choice in risk management - to convince another to assume risk - typically by payment
Analysis
Transfer
Basics Of Secure Design
Alert/Alarm
43. An individuals conduct that violates government laws developed to protect the public
Criminal Law
Technical Access Controls
Full-Interruption test
Residual Risk
44. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Control Category
Fault
Common Criteria
Domain
45. A disturbance that degrades performance of electronic devices and electronic communications.
Education
Orange Book B2 Classification
Radio Frequency Interference (RFI)
Discretionary Access Control (DAC)
46. Subjects will not interact with each other's objects
Plain Text
Access Control Lists
Orange Book D Classification
Non-Interference
47. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Disaster Recovery Tape
Emergency
Simulation Test
Hijacking
48. Review of data
Proprietary
Mandatory Access Control (MAC)
Analysis
Access Control
49. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Countermeasure
Risk Assessment / Analysis
CobiT
Fragmented Data
50. Written step-by-step actions
Object Oriented Programming (OOP)
Procedure
IDS Intrusion Detection System
Interception