SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
DR Or BC Coordinator
Trapdoors (Backdoors) (Maintenance Hooks)
Residual Risk
Multi-Programming
2. A test conducted on one or more components of a plan under actual operating conditions.
Operational Test
Man-In-The-Middle Attack
Orange Book A Classification
Checksum
3. A program that waits for a condition or time to occur that executes an inappropriate activity
Data Diddler
Supervisor Mode (monitor - system - privileged)
Containment
Logic Bomb
4. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.
Warm Site
Intrusion Detection Systems
Fragmented Data
Fire Detection
5. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept
Orange Book A Classification
Stopped
Instance
Ring Protection
6. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Phishing
Ethics
Exposure
Patch Panels
7. Intermediate level - pertaining to planning
Alternate Data Streams (File System Forks)
Intrusion Detection Systems
Containment
Operational
8. Specific format of technical and physical controls that support the chosen framework and the architecture
Bollard
Infrastructure
Top Secret
Administrative Laws
9. A secure connection to another network.
Identification
Gateway
Virtual Memory
Cryptography
10. A backup of data located where staff can gain access immediately
Computer System Evidence
War Driving
On-Site
Non-Discretionary Access Control
11. Code making
Cryptography
Structured Walkthrough
Emanations
Information Risk Management (IRM)
12. A design methodology which addresses risk early and often
Private Branch Exchange (PBX)
Spiral
Cross-Site Scripting
Certification Authority
13. Written internalized or nationalized norms that are internal to an organization
Operational
Standard
Data Marts
Orange Book C Classification
14. Recovery alternative - a building only with sufficient power - and HVAC
Distributed Denial Of Service
Business Continuity Steering Committee
Atomicity
Cold Site
15. To load the first piece of software that starts a computer.
Boot (V.)
Framework
Investigation
Walk Though
16. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Business Continuity Steering Committee
Administrative Access Controls
Blackout
Risk
17. Control category- to discourage an adversary from attempting to access
Deterrent
Faraday Cage/ Shield
Electronic Vaulting
Maximum Tolerable Downtime (MTD)
18. Process whereby data is removed from active files and other data storage structures
Deletion
Fault
Recovery Point Objective (RPO)
Data Recovery
19. A physical enclosure for verifying identity before entry to a facility
Spiral
Mantrap (Double Door System)
Backup
Damage Assessment
20. Control category- to give instructions or inform
Confidence Value
Directive
Classification
Job Rotation
21. Momentary loss of power
Fault
Cross Certification
Certification Authority
Classification Scheme
22. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Forensic Copy
Privacy Laws
Brownout
Business Impact Analysis
23. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
Time Of Check/Time Of Use
Key Escrow
The ACID Test
Restoration
24. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
Data Backups
Proprietary
Computer Forensics
Multi-Processing
25. High level design or model with a goal of consistency - integrity - and balance
Encapsulation
CobiT
Blackout
Architecture
26. Is secondhand and usually not admissible in court
Hearsay Evidence
E-Mail Spoofing
Moore's Law
Incident Response
27. Program instructions based upon the CPU's specific architecture
Masked/Interruptible
Machine Language (Machine Code)
Journaling
JPEG (Joint Photographic Experts Group)
28. With enough computing power trying all possible combinations
Domain
Compartmentalize
Brute Force
Mirrored Site
29. An unintended communication path
Admissible
Infrastructure
Capability Tables
Covert Channel
30. Independent malware that requires user interaction to execute
Checkpoint
Virus
Lattice
Physical Tampering
31. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
Classification Scheme
Burn
MOM
IP Fragmentation
32. To stop damage from spreading
Intrusion Prevention Systems
Critical Records
Non-Discretionary Access Control
Containment
33. Prolonged loss of commercial power
Certification Authority
Site Policy
Blackout
Alternate Data Streams (File System Forks)
34. Unsolicited advertising software
Adware
Modification
Inference
Basics Of Secure Design
35. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
Instance
TNI (Red Book)
Stopped
Simulation
36. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
Isolation
Threats
Processes are Isolated By
Business Impact Assessment (BIA)
37. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
Common Criteria
Object Oriented Programming (OOP)
Business Continuity Steering Committee
Key Escrow
38. Wrong against society
Overlapping Fragment Attack
Criminal Law
Alternate Data Streams (File System Forks)
Mirrored Site
39. A type a computer memory that temporarily stores frequently used information for quick access.
Vulnerability
Cache
Administrative Laws
Evidence
40. Potential danger to information or systems
Masquerading
Covert Channel
Embedded
Threats
41. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Plan Maintenance Procedures
Call Tree
Data Custodian
Adware
42. Tool which mediates access
Database Shadowing
Compartmentalize
Control
Hash Function
43. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
Class
Basics Of Secure Design
Declaration
Hijacking
44. Return to a normal state
Criminal Law
Voice Over IP (VOIP)
Recovery
Critical Records
45. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Mandatory Access Control (MAC)
Machine Language (Machine Code)
Steganography
Incident
46. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Physical Tampering
Desk Check Test
Deleted File
3 Types of harm Addressed in computer crime laws
47. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.
Data Integrity
Instance
Quantitative Risk Analysis
Orange Book A Classification
48. Real-time data backup ( Data Mirroring)
Dangling Pointer
Database Shadowing
Checksum
Multi-Programming
49. The partial or full duplication of data from a source database to one or more destination databases.
Database Replication
Race Condition
Certificate Revocation List (CRL)
Least Privilege
50. Binary decision by a system of permitting or denying access to the entire system
Rogue Access Points
Authentication
Service Bureau
Recovery