SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Impossibility of denying authenticity and identity
File Extension
Non-Repudiation
Analysis
Tort
2. Effort/time needed to overcome a protective measure
Worldwide Interoperability for Microwave Access (WI-MAX )
Work Factor
Remote Journaling
Vulnerability
3. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
Parallel Test
BCP Testing Drills and Exercises
Collisions
Reference Monitor
4. Another subject cannot see an ongoing or pending update until it is complete
Wait
Identification
Isolation
File
5. A Trojan horse with the express underlying purpose of controlling host from a distance
Recovery Period
Cross-Site Scripting
Masquerading
Remote Access Trojan
6. System of law based upon what is good for society
Keyed-Hashing For Message Authentication
Need-To-Know
Desk Check Test
Civil Or Code Law
7. Try a list of words in passwords or encryption keys
Dictionary Attack
Electromagnetic Interference (EMI)
Examples of technical security components
Buffer Overflow
8. Written core statements that rarely change
Proxies
Policy
ISO/IEC 27002
Concentrator
9. State of computer - to be running a process
Interference (Noise)
Operating
Admissible
Logic Bomb
10. Weak evidence
Data Diddler
Surveillance
Network Attached Storage (NAS)
Hearsay
11. To segregate for the purposes of labeling
Compartmentalize
Enticement
Business Unit Recovery
Desk Check Test
12. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
Conflict Of Interest
Standalone Test
Encapsulation
Object Oriented Programming (OOP)
13. The partial or full duplication of data from a source database to one or more destination databases.
Multilevel Security System
Database Replication
Deterrent
Multi-Processing
14. Intellectual property protection for an invention
Patent
2-Phase Commit
Intrusion Detection Systems
Due Diligence
15. Indivisible - data field must contain only one value that either all transactions take place or none do
Civil Or Code Law
Atomicity
Examples of non-technical security components
Emergency Operations Center (EOC)
16. Renders the file inaccessible to the operating system - available to reuse for data storage.
Accountability
File Level Deletion
Domain
Overlapping Fragment Attack
17. A backup of data located where staff can gain access readily and a localized disaster will not cause harm
Trademark
Boot (V.)
Copyright
Near Site
18. Uses two or more legal systems
File
Contact List
Orange Book A Classification
Mixed Law System
19. A basic level of network access control that is based upon information contained in the IP packet header.
Hot Site
Hot Spares
Qualitative
Packet Filtering
20. The core logic engine of an operating system which almost never changes
Teardrop
Multi-Party Control
Data Backups
Kernel
21. A copy of transaction data - designed for querying and reporting
Reciprocal Agreement
Discretionary Access Control (DAC)
Data Warehouse
Lattice
22. Business and technical process of applying security software updates in a regulated periodic way
Patch Management
Alternate Site
Trapdoors (Backdoors) (Maintenance Hooks)
Central Processing Unit (CPU)
23. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Satellite
Business Unit Recovery
Identification
Recovery Point Objective (RPO)
24. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Authentication
Satellite
Asymmetric
Machine Language (Machine Code)
25. An administrative unit or a group of objects and subjects controlled by one reference monitor
Firewall
Security Domain
Brouter
Public Key Infrastructure (PKI)
26. DoS - Spoofing - dictionary - brute force - wardialing
Change Control
Incident Response
Administrative Laws
Access Control Attacks
27. Methodical research of an incident with the purpose of finding the root cause
True Attack Stimulus
Intrusion Prevention Systems
Fragmented Data
Investigation
28. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
Public Key Infrastructure (PKI)
Steganography
Control
Sampling
29. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Repeaters
Basics Of Secure Design
Recovery Period
Need-To-Know
30. Act of luring an intruder and is legal.
Mobile Site
Critical Infrastructure
Enticement
Acronym for American Standard Code for Information Interchange (ASCII)
31. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.
Test Plan
Technical Access Controls
Worldwide Interoperability for Microwave Access (WI-MAX )
Top Secret
32. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Cross Training
Administrative Access Controls
Database Replication
Algorithm
33. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Cache
Alternate Site
Change Control
Hot Spares
34. Interception of a communication session by an attacker.
Hijacking
False Negative
Rogue Access Points
Malformed Input
35. A state where two subjects can access the same object without proper mediation
Forward Recovery
Race Condition
Initialization Vector
Buffer Overflow
36. A back up type - where the organization has excess capacity in another location.
Distributed Processing
Source Routing Exploitation
Governance
Compartmentalize
37. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.
Hearsay Evidence
Plaintext
Encapsulation
Malformed Input
38. To know more than one job
Checklist Test (desk check)
Containment
Tort
Cross Training
39. Hiding the fact that communication has occurred
Containment
Overlapping Fragment Attack
Steganography
Domain
40. Substitution at the word or phrase level
Disaster Recovery Tape
Code
Denial Of Service
Labeling
41. Power surge
Modems
Electrostatic Discharge
Fire Prevention
Trusted Computing Base
42. Mitigate damage by isolating compromised systems from the network.
Containment
Activation
Operational
False Negative
43. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Governance
Secondary Storage
Injection
Proxies
44. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data
Worldwide Interoperability for Microwave Access (WI-MAX )
Byte Level Deletion
Work Factor
Running
45. A protocol for the efficient transmission of voice over the Internet
Disaster
Active Data
Voice Over IP (VOIP)
Control
46. A backup of data located where staff can gain access immediately
Common Criteria
Surge
On-Site
High-Risk Areas
47. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.
Log
HTTP Response Splitting
Data Leakage
Business Recovery Timeline
48. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Chain of Custody
TNI (Red Book)
Information Risk Management (IRM)
Running
49. A programming device use in development to circumvent controls
Failure Modes and Effect Analysis (FEMA)
Operating
Event
Trapdoors (Backdoors) (Maintenance Hooks)
50. Claiming another's identity at a physical level
Instance
Entrapment
Information Risk Management (IRM)
Masquerading
