SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Only the key protects the encrypted information
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
2. What is will remain - persistence
Symmetric
Durability
Examples of non-technical security components
Threat Agent
3. Owner directed mediation of access
Discretionary
Disk Mirroring
Honeypot
Deadlock
4. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Disaster Recovery Tape
Preemptive
Business Records
Containment
5. Unchecked data which spills into another location in memory
Machine Language (Machine Code)
Activation
Buffer Overflow
Database Shadowing
6. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Executive Succession
Redundant Servers
Entrapment
Forensic Copy
7. Natural occurrence in circuits that are in close proximity
Triage
Interference (Noise)
Pervasive Computing and Mobile Computing Devices
Teardrop
8. A layer 2 device that used to connect two or more network segments and regulate traffic.
Fraggle
Switches
Service Bureau
Secondary Storage
9. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Investigation
Forensic Copy
Fire Detection
Strong Authentication
10. A copy of transaction data - designed for querying and reporting
Data Warehouse
ISO/IEC 27001
War Driving
Containment
11. Summary of a communication for the purpose of integrity
Business Interruption
Brouter
Recovery Time Objectives
Message Digest
12. Trading one for another
Sharing
Convincing
Inference
Substitution
13. Record of system activity - which provides for monitoring and detection.
Computer System Evidence
Triage
Log
Disaster
14. Actions measured against either a policy or what a reasonable person would do
Coaxial Cable
Due Diligence
Site Policy
Access Control Lists
15. An image compression standard for photographs
Debriefing/Feedback
File Server
Total Risk
JPEG (Joint Photographic Experts Group)
16. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Resumption
Business Interruption Insurance
Civil Law
Recovery Point Objective (RPO)
17. Two certificate authorities that trust each other
Recovery
Cross Certification
Lattice
Sharing
18. Provides a physical cross connect point for devices.
DR Or BC Coordinator
Data Integrity
Remote Journaling
Patch Panels
19. A temporary public file to inform others of a compromised digital certificate
Full Test (Full Interruption)
Containment
Payload
Certificate Revocation List (CRL)
20. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Overlapping Fragment Attack
Mandatory
Classification
Wait
21. OOP concept of an object at runtime
Key Management
Data Warehouse
Instance
Total Risk
22. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
Confidence Value
Least Privilege
Algorithm
Access Control Lists
23. Weakness or flaw in an asset
Quantitative
Vulnerability
Firewall
Picking
24. Program that inappropriately collects private data or activity
Spyware
Hijacking
Security Kernel
Concentrator
25. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.
Privacy Laws
Identification
Failure Modes and Effect Analysis (FEMA)
Cookie
26. A mathematical tool for verifying no unintentional changes have been made
Incident Manager
Distributed Denial Of Service
False Negative
Checksum
27. Code breaking - practice of defeating the protective properties of cryptography.
Mandatory
Control
Cryptanalysis
Packet Filtering
28. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.
Pointer
Supervisor Mode (monitor - system - privileged)
Checklist Test
Relocation
29. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Change Control
Conflict Of Interest
Surveillance
Emergency
30. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.
Fiber Optics
Running
Operational Impact Analysis
Restoration
31. People protect their domain
Instance
Territoriality
Microwave
System Downtime
32. OOP concept of an object's abilities - what it does
Method
Orange Book B2 Classification
Running Key
Initialization Vector
33. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions
Business Interruption Insurance
Computer Forensics
Resumption
Due Care
34. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Rootkit
Critical Records
BCP Testing Drills and Exercises
Sniffing
35. Abstract and mathematical in nature - defining all possible states - transitions and operations
State Machine Model
Emanations
Locard's Principle
Proprietary
36. Used to code/decode a digital data stream.
Firmware
Cipher Text
Security Domain
Codec
37. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Journaling
SYN Flooding
Shielding
Governance
38. A computer designed for the purpose of studying adversaries
Aggregation
Object Reuse
Certification Authority
Honeypot
39. Memory management technique which allows data to be moved from one memory address to another
Classification Scheme
Relocation
Orange Book A Classification
Multilevel Security System
40. More than one processor sharing same memory - also know as parallel systems
Procedure
Multi-Processor
Race Condition
Administrative Laws
41. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Journaling
Alarm Filtering
Tar Pits
TCSEC (Orange Book)
42. Indivisible - data field must contain only one value that either all transactions take place or none do
Integrated Test
Access Control
Atomicity
Collisions
43. Methodical research of an incident with the purpose of finding the root cause
Risk Assessment
Notification
Shadowing (file shadowing)
Investigation
44. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Integrated Test
Kerckhoff's Principle
SQL Injection
Data Warehouse
45. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
Security Clearance
Sag/Dip
Dangling Pointer
Risk Mitigation
46. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
ISO/IEC 27001
Business Unit Recovery
Backup
IDS Intrusion Detection System
47. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
Data Warehouse
TNI (Red Book)
Inrush Current
Evidence
48. Encryption system using shared key/private key/single key/secret key
Sampling
Open Mail Relay Servers
Key Management
Symmetric
49. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas
Orange Book B2 Classification
Honeypot
Compensating
Incident Response Team
50. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Isolation
Smurf
Alternate Data Streams (File System Forks)
Embedded Systems
