SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Evaluation of a system without prior knowledge by the tester
False (False Positive)
Blind Testing
Guidelines
Criminal Law
2. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities
Noise
Checklist Test
Generator
Strategic
3. An administrative unit or a group of objects and subjects controlled by one reference monitor
Inrush Current
Mixed Law System
Security Domain
Standalone Test
4. Weak evidence
Hearsay
Hot Site
Simulation
Safeguard
5. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.
Internal Use Only
Chain Of Custody
Concatenation
Walk Though
6. Most granular organization of controls
Honeypot
Mobile Site
Control Category
Keyed-Hashing For Message Authentication
7. Measures followed to restore critical functions following a security incident.
Recovery
False (False Positive)
Digital Certificate
Operational Impact Analysis
8. Unauthorized access of network devices.
Lattice
TIFF (Tagged Image File Format)
Physical Tampering
Transfer
9. Information about a particular data set
Metadata
Business Impact Assessment (BIA)
Analysis
Remote Journaling
10. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Governance
Compartmentalize
Inheritance
Storage Area Network (SAN)
11. Small data warehouse
Satellite
Voice Over IP (VOIP)
Data Marts
Modems
12. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Control
HTTP Response Splitting
Trademark
Test Plan
13. A program with an inappropriate second purpose
Parallel Test
HTTP Response Splitting
Containment
Trojan Horse
14. Program instructions based upon the CPU's specific architecture
Machine Language (Machine Code)
Business Continuity Steering Committee
Isolation
Compartmentalize
15. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
Fault
ITSEC
Method
Criminal Law
16. Pertaining to law - verified as real
Honeypot
Authentic
Intrusion Detection Systems
Double Blind Testing
17. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Fire Classes
Repeaters
TIFF (Tagged Image File Format)
Surge Suppressor
18. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)
Vital Record
Teardrop
Contingency Plan
Virus
19. To assert or claim credentialing to an authentication system
User Mode (problem or program state)
Identification
Business Recovery Team
Distributed Denial Of Service
20. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
Acronym for American Standard Code for Information Interchange (ASCII)
Disaster Recovery Plan
Business Impact Analysis
MOM
21. Something that happened
Keyed-Hashing For Message Authentication
Modems
Event
Kerberos
22. Written core statements that rarely change
Injection
Incident Response
False (False Positive)
Policy
23. A description of a database
Data Dictionary
Revocation
File Level Deletion
Vulnerability
24. Total number of keys available that may be selected by the user of a cryptosystem
Key Space
Incident
Threats
Full Test (Full Interruption)
25. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
Life Cycle of Evidence
Cross Training
Embedded Systems
Intrusion Detection Systems
26. OOP concept of an object at runtime
Control Category
CobiT
Instance
Operating
27. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Record Level Deletion
Phishing
False Negative
Tapping
28. To reduce fire
Electronic Vaulting
Cipher Text
Accountability
Fire Suppression
29. A design methodology which executes in a linear one way fashion
Slack Space
Infrastructure
Waterfall
Bumping
30. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Consistency
Desk Check Test
Adware
Acronym for American Standard Code for Information Interchange (ASCII)
31. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Running Key
Examples of technical security components
Coaxial Cable
Hearsay
32. More than one process in the middle of executing at a time
Burn
Multi-Tasking
Orange Book B2 Classification
Moore's Law
33. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Business Impact Analysis
Denial Of Service
Strategic
Hot Spares
34. Individuals and departments responsible for the storage and safeguarding of computerized data.
Data Custodian
Reference Monitor
System Life Cycle
Class
35. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Kernel
False Negative
Alert
Corrective
36. High level - pertaining to planning
Critical Functions
Dictionary Attack
Strategic
Disaster Recovery Teams (Business Recovery Teams)
37. Pertaining to law - lending it self to one side of an argument
Ring Protection
Hacker
Convincing
Incident
38. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Risk
Pointer
Workaround Procedures
Job Rotation
39. Is secondhand and usually not admissible in court
TEMPEST
Picking
Hearsay Evidence
Rootkit
40. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Mobile Site
Mission-Critical Application
Running Key
Control Type
41. The principles a person sets for themselves to follow
Ethics
Business Impact Assessment (BIA)
Picking
Trojan Horse
42. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.
Spiral
Fragmented Data
Fire Detection
Maximum Tolerable Downtime (MTD)
43. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
Data Marts
Infrastructure
Source Routing Exploitation
Key Space
44. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.
Sampling
Business Recovery Team
Data Leakage
Electronic Vaulting
45. A state for operating system tasks only
Checkpoint
Supervisor Mode (monitor - system - privileged)
Symmetric
On-Site
46. A layer 2 device that used to connect two network segments and regulate traffic.
Infrastructure
Certification
Switches
Bridge
47. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Trapdoors (Backdoors) (Maintenance Hooks)
Computer Forensics
Byte Level Deletion
Standalone Test
48. Indivisible - data field must contain only one value that either all transactions take place or none do
Electronic Vaulting
Atomicity
Alarm Filtering
Stopped
49. The study of cryptography and cryptanalysis
Cryptology
Data Recovery
Due Diligence
IP Fragmentation
50. Recovery alternative which outsources a business function at a cost
Byte
Picking
Access Point
Service Bureau