SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Object reuse protection and auditing
Worldwide Interoperability for Microwave Access (WI-MAX )
Race Condition
Orange Book C2 Classification
Ring Protection
2. A template for the designing the architecture
Embedded
Trade Secret
MOM
Security Blueprint
3. An availability attack - to consume resources to the point of exhaustion from multiple vectors
Distributed Denial Of Service
Threats
SYN Flooding
Disk Mirroring
4. A group or network of honeypots
High-Risk Areas
Honeynet
Open Mail Relay Servers
Parallel Test
5. The study of cryptography and cryptanalysis
Fraggle
Cryptology
Data Leakage
Hash Function
6. The partial or full duplication of data from a source database to one or more destination databases.
Database Replication
Mantrap (Double Door System)
Fire Detection
Top Secret
7. A design methodology which addresses risk early and often
Crisis
Classification
Spiral
Tactical
8. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Class
Orange Book D Classification
True Attack Stimulus
Examples of non-technical security components
9. Information about a particular data set
Metadata
Security Kernel
The ACID Test
Modems
10. Requirement of access to data for a clearly defined purpose
Need-To-Know
Transfer
UPS
Application Programming Interface
11. Recovery alternative - complete duplication of services including personnel
Triage
Mirrored Site
Administrative Access Controls
Mobile Recovery
12. The first rating that requires security labels
Data Marts
Orange Book B1 Classification
Business Unit Recovery
Private Branch Exchange (PBX)
13. Unused storage capacity
Plain Text
Failure Modes and Effect Analysis (FEMA)
Criminal Law
Slack Space
14. Independent malware that requires user interaction to execute
Virus
Locard's Principle
Authorization
Trademark
15. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Dictionary Attack
Access Control Attacks
Data Backup Strategies
Parallel Test
16. Momentary loss of power
TIFF (Tagged Image File Format)
Plan Maintenance Procedures
Surge Suppressor
Fault
17. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components
Near Site
Masked/Interruptible
Metadata
One Time Pad
18. Dedicated fast memory located on the same board as the CPU
Risk Assessment
CPU Cache
Off-Site Storage
Territoriality
19. An event which stops business from continuing.
Cryptography
Disaster
Payload
Masquerading
20. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.
Fragmented Data
Dictionary Attack
Policy
Key Escrow
21. Weak evidence
Reference Monitor
Masked/Interruptible
Hearsay
Hash Function
22. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
War Dialing
Emergency
Embedded Systems
Cryptanalysis
23. To segregate for the purposes of labeling
Information Flow Model
Analysis
Data Dictionary
Compartmentalize
24. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Business Unit Recovery
Change Control
Security Blueprint
Overlapping Fragment Attack
25. Recording activities at the keyboard level
Residual Risk
Keystroke Logging
Standalone Test
Polymorphism
26. Act of luring an intruder and is legal.
Residual Risk
Enticement
Malformed Input
Multi-Core
27. Use of specialized techniques for recovery - authentication - and analysis of electronic data
Forensic Copy
Business Recovery Team
Computer Forensics
Cache
28. A physical enclosure for verifying identity before entry to a facility
Archival Data
JPEG (Joint Photographic Experts Group)
Emanations
Mantrap (Double Door System)
29. The technical and risk assesment of a system within the context of the operating environment
Access Control Matrix
Fire Suppression
Walk Though
Certification
30. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
Shielding
Targeted Testing
Redundant Array Of Independent Drives (RAID)
BCP Testing Drills and Exercises
31. Responsibility of a user for the actions taken by their account which requires unique identification
User
Database Replication
Generator
Accountability
32. Mediation of covert channels must be addressed
Key Clustering
Risk Assessment
Information Flow Model
Business Continuity Steering Committee
33. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Hard Disk
Storage Area Network (SAN)
Fire Suppression
Ethics
34. Unauthorized wireless network access device.
Key Clustering
Switches
Rogue Access Points
Procedure
35. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.
Multilevel Security System
Masquerading
Sequence Attacks
Activation
36. Intellectual property management technique for identifying after distribution
Watermarking
System Life Cycle
High-Risk Areas
Checkpoint
37. Information about data or records
Hub
Recovery Time Objectives
TCSEC (Orange Book)
Metadata
38. The event signaling an IDS to produce an alarm when no attack has taken place
Compartmentalize
Debriefing/Feedback
False Attack Stimulus
Call Tree
39. Unsolicited advertising software
Adware
Object
Business Interruption Insurance
Trade Secret
40. A risk assessment method - measurable real money cost
Rootkit
Quantitative
Plan Maintenance Procedures
Quantitative Risk Analysis
41. High degree of visual control
Fire Prevention
Elements of Negligence
Surveillance
Quantitative
42. Firewalls - encryption - and access control lists
Examples of technical security components
Computer System Evidence
Data Recovery
Tort
43. Pertaining to law - lending it self to one side of an argument
Convincing
Examples of technical security components
Malformed Input
Shielding
44. A Denial of Service attack that floods the target system with connection requests that are not finalized.
SYN Flooding
Brownout
Boot (V.)
Data Marts
45. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Safeguard
Metadata
Evidence
Distributed Denial Of Service
46. To collect many small pieces of data
Aggregation
BCP Testing Drills and Exercises
Executive Succession
MOM
47. A collection of information designed to reduce duplication and increase integrity
Databases
Activation
Classification
Virus
48. Malware that subverts the detective controls of an operating system
Proprietary
True Attack Stimulus
Hacker
Rootkit
49. Small data files written to a user's hard drive by a web server.
Multi-Core
Cookie
ISO/IEC 27001
Non-Discretionary Access Control
50. Pertaining to law - no omissions
Remote Journaling
Databases
Complete
Sag/Dip
