SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.
Satellite
Deleted File
ff Site
Hijacking
2. An alert or alarm that is triggered when no actual attack has taken place
Radio Frequency Interference (RFI)
False (False Positive)
Fiber Optics
Hash Function
3. Intellectual property protection for an confidential and critical process
Least Privilege
Multi-Processing
Trade Secret
Accurate
4. The first rating that requires security labels
Orange Book B1 Classification
Embedded
Electrostatic Discharge
Residual Risk
5. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
System Life Cycle
Standalone Test
Brute Force
Kerckhoff's Principle
6. Recovery alternative which includes cold site and some equipment and infrastructure is available
Near Site
Warm Site
Tar Pits
Business Impact Assessment (BIA)
7. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Disaster Recovery Teams (Business Recovery Teams)
Isolation
Proxies
Classification
8. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Operational Exercise
Least Privilege
Risk Mitigation
Interception
9. Dedicated fast memory located on the same board as the CPU
Plain Text
CPU Cache
Tracking
Plan Maintenance Procedures
10. Data or interference that can trigger a false positive
Data Recovery
Crisis
Certificate Revocation List (CRL)
Noise
11. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Dangling Pointer
Spiral
Physical Tampering
SYN Flooding
12. A running key using a random key that is never used again
Shielding
One Time Pad
Risk Assessment
Cold Site
13. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Tapping
Alarm Filtering
Spam
Data Warehouse
14. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Orange Book D Classification
Honeynet
Brownout
User
15. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
Administrative
Reciprocal Agreement
File Extension
Repeaters
16. Unused storage capacity
Logic Bomb
Threats
Slack Space
Recovery Strategy
17. Record of system activity - which provides for monitoring and detection.
Substitution
Log
Authorization
Class
18. Some systems are actually run at the alternate site
Plaintext
Recovery Strategy
Parallel Test
Deterrent
19. Creation distribution update and deletion
Key Management
Exposure
Method
Cross Training
20. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Orange Book B2 Classification
Critical Records
Emergency
System Life Cycle
21. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.
Threats
Brouter
Administrative
Off-Site Storage
22. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Discretionary Access Control (DAC)
BCP Testing Drills and Exercises
ITSEC
Brownout
23. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials
Containment
Hacker
Administrative Laws
Contingency Plan
24. Binary decision by a system of permitting or denying access to the entire system
Backup
Authentication
Cryptology
Transfer
25. A backup type which creates a complete copy
Business Recovery Timeline
Intrusion Prevention Systems
Business Recovery Team
Replication
26. To load the first piece of software that starts a computer.
Recovery
Protection
Boot (V.)
Switches
27. Statistical probabilities of a collision are more likely than one thinks
Lattice
Birthday Attack
Distributed Denial Of Service
On-Site
28. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Fraggle
Dangling Pointer
Workaround Procedures
Worm
29. A choice in risk management - to implement a control that limits or lessens negative effects
Mitigate
Data Custodian
Access Control Lists
Primary Storage
30. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
Control
Critical Functions
Adware
Bollard
31. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Binary
Containment
Contingency Plan
Technical Access Controls
32. One way encryption
Checklist Test
Critical Infrastructure
Hash Function
Rogue Access Points
33. Organization way of classifying data by factors such as criticality - sensitivity and ownership.
Classification Scheme
Criminal Law
Smurf
Primary Storage
34. Written step-by-step actions
Access Control
Procedure
Key Management
The ACID Test
35. Something that happened
Man-In-The-Middle Attack
Event
Atomicity
Business Recovery Timeline
36. Used to code/decode a digital data stream.
Risk
Memory Management
Access Control Attacks
Codec
37. Recognition of an individual's assertion of identity.
Access Control Attacks
Emanations
Bumping
Identification
38. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.
Business Continuity Planning (BCP)
Trojan Horse
File Server
Sag/Dip
39. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Fragmented Data
Threads
Intrusion Detection Systems
Network Attached Storage (NAS)
40. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Packet Filtering
Tapping
SQL Injection
Repeaters
41. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Emergency Procedures
Adware
Permutation /Transposition
Full-Interruption test
42. DoS - Spoofing - dictionary - brute force - wardialing
Access Control Attacks
Job Training
Byte
Separation Of Duties
43. Total number of keys available that may be selected by the user of a cryptosystem
Key Space
Archival Data
Proxies
War Driving
44. OOP concept of a taking attributes from the original or parent
Enticement
Hearsay
Mirrored Site
Inheritance
45. System mediation of access with the focus on the context of the request
Restoration
Content Dependent Access Control
Accreditation
Business Interruption Insurance
46. Object based description of a single resource and the permission each subject
Compiler
Education
Access Control Lists
Incident Manager
47. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
File Level Deletion
Non-Discretionary Access Control
Cross-Site Scripting
Simulation
48. What is will remain - persistence
Firmware
Routers
Full Test (Full Interruption)
Durability
49. Forging of an IP address.
IP Address Spoofing
Recovery Period
Non-Discretionary Access Control
Database Shadowing
50. The hard drive
Simulation Test
Secondary Storage
Orange Book A Classification
Botnet