SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
Elements of Negligence
Steganography
False Negative
Processes are Isolated By
2. Unsolicited advertising software
Data Hiding
Discretionary
Adware
Shift Cipher (Caesar)
3. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
Procedure
Embedded Systems
Custodian
IP Fragmentation
4. Effort/time needed to overcome a protective measure
Slack Space
Byte Level Deletion
Work Factor
Security Kernel
5. Pertaining to law - accepted by a court
Admissible
Interpreter
Control Category
Digital Signature
6. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Information Risk Management (IRM)
Declaration
Pervasive Computing and Mobile Computing Devices
Certification
7. What is will remain - persistence
Distributed Processing
Durability
Boot (V.)
Bridge
8. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
Coaxial Cable
Standard
TCSEC (Orange Book)
Secondary Storage
9. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Microwave
Aggregation
Orange Book B1 Classification
Framework
10. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Packet Filtering
Business Records
Due Care
Transients
11. Some systems are actually run at the alternate site
Patent
Copyright
Parallel Test
Polymorphism
12. A set of laws that the organization agrees to be bound by
Burn
Inference
Key Clustering
Administrative Law
13. Short period of low voltage.
Interpreter
Sag/Dip
Patch Panels
Assembler
14. Encryption system using shared key/private key/single key/secret key
Object Reuse
Compression
Brownout
Symmetric
15. Weakness or flaw in an asset
Debriefing/Feedback
Certification
Content Dependent Access Control
Vulnerability
16. Memory management technique which allows subjects to use the same resource
Sharing
Control Type
Algorithm
IDS Intrusion Detection System
17. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Information Flow Model
Cross Training
Voice Over IP (VOIP)
Forensic Copy
18. Identification and notification of an unauthorized and/or undesired action
Structured Walkthrough
File Extension
EMI
Detection
19. Unauthorized wireless network access device.
Rogue Access Points
Denial Of Service
Plain Text
Operational Exercise
20. Disruption of operation of an electronic device due to a competing electromagnetic field.
Mirroring
Computer Forensics
EMI
Chain Of Custody
21. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Emanations
CobiT
Radio Frequency Interference (RFI)
File Shadowing
22. For PKI - to have more than one person in charge of a sensitive function
Access Control Attacks
Threats
Multi-Party Control
Memory Management
23. An availability attack - to consume resources to the point of exhaustion
Patch Panels
Inrush Current
JPEG (Joint Photographic Experts Group)
Denial Of Service
24. OOP concept of a template that consist of attributes and behaviors
Encipher
Class
Tactical
Safeguard
25. Used to code/decode a digital data stream.
Deterrent
Pervasive Computing and Mobile Computing Devices
Codec
Rootkit
26. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Highly Confidential
Recovery Strategy
Deterrent
Recovery Point Objective (RPO)
27. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
Detection
Total Risk
Noise
Forward Recovery
28. Outputs within a given function are the same result
Repeaters
Collisions
Computer System Evidence
File
29. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Business Interruption
Coaxial Cable
Mission-Critical Application
Marking
30. Of a system without prior knowledge by the tester or the tested
On-Site
Service Bureau
Smurf
Double Blind Testing
31. A backup type - for databases at a point in time
Shadowing (file shadowing)
Control Type
Prevention
Desk Check Test
32. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
Remanence
Data Backups
Noise
Faraday Cage/ Shield
33. Renders the record inaccessible to the database management system
Physical Tampering
Record Level Deletion
Cross-Site Scripting
Pervasive Computing and Mobile Computing Devices
34. To evaluate the current situation and make basic decisions as to what to do
Worldwide Interoperability for Microwave Access (WI-MAX )
Technical Access Controls
Orange Book D Classification
Triage
35. Objects or programming that looks the different but act same
Evidence
Polymorphism
Notification
Integrated Test
36. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Simulation
Incident Response
HTTP Response Splitting
Threats
37. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Non-Interference
Plan Maintenance Procedures
Injection
Message Digest
38. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.
Plaintext
Structured Walkthrough
Trojan Horse
Ring Protection
39. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.
Alternate Data Streams (File System Forks)
Operational Impact Analysis
File Server
Interception
40. A device that converts between digital and analog representation of data.
Modems
Running
MOM
Orange Book B1 Classification
41. Creation distribution update and deletion
Trapdoors (Backdoors) (Maintenance Hooks)
Key Management
Injection
Life Cycle of Evidence
42. Wrong against society
Residual Data
Need-To-Know
Criminal Law
Remote Journaling
43. A computer designed for the purpose of studying adversaries
Honeypot
Framework
Digital Signature
Bollard
44. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Central Processing Unit (CPU)
Reference Monitor
Alternate Data Streams (File System Forks)
Embedded
45. An asymmetric cryptography mechanism that provides authentication.
Monitor
Digital Signature
Honeypot
Restoration
46. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?
Bollard
Examples of non-technical security components
Checklist Test (desk check)
Source Routing Exploitation
47. Inappropriate data
Protection
Critical Functions
Denial Of Service
Malformed Input
48. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Analysis
Virus
Discretionary Access Control (DAC)
Civil Law
49. Encryption system using a pair of mathematically related unequal keys
Asymmetric
Data Marts
Checkpoint
Access Control Lists
50. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services
Access Control Lists
Denial Of Service
Fire Classes
Computer System Evidence
