SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Just enough access to do the job
Fire Prevention
Polymorphism
Multi-Processor
Least Privilege
2. Responsibility for actions
Liability
Tapping
Threats
Computer Forensics
3. An image compression standard for photographs
Deleted File
JPEG (Joint Photographic Experts Group)
Hard Disk
Hot Spares
4. An encryption method that has a key as long as the message
Protection
File Shadowing
Legacy Data
Running Key
5. Summary of a communication for the purpose of integrity
Message Digest
Deletion
Brownout
Damage Assessment
6. A secure connection to another network.
Injection
Remanence
Rollback
Gateway
7. Natural or human-readable form of message
Plain Text
Slack Space
Copyright
Mitigate
8. Disruption of operation of an electronic device due to a competing electromagnetic field.
Object Oriented Programming (OOP)
Orange Book A Classification
Discretionary
EMI
9. A distributed system's transaction control that requires updates to complete or rollback
Electromagnetic Interference (EMI)
Alert/Alarm
2-Phase Commit
Service Bureau
10. Mathematical function that determines the cryptographic operations
Brouter
Algorithm
Bit
Containment
11. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
Phishing
Shielding
Cross-Site Scripting
Elements of Negligence
12. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Orange Book B1 Classification
Operational Exercise
Business Continuity Program
Shift Cipher (Caesar)
13. Written suggestions that direct choice to a few alternatives
Guidelines
Critical Infrastructure
Surveillance
CobiT
14. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Declaration
JPEG (Joint Photographic Experts Group)
Emergency
Proprietary
15. Policy or stated actions
Physical Tampering
Alternate Data Streams (File System Forks)
Encipher
Due Care
16. A process state - to be either be unable to run waiting for an external event or terminated
Stopped
Strategic
Deterrent
Policy
17. Written internalized or nationalized norms that are internal to an organization
Hard Disk
Standard
On-Site
Disaster Recovery Plan
18. Business and technical process of applying security software updates in a regulated periodic way
Non-Discretionary Access Control
Patch Management
Central Processing Unit (CPU)
Brute Force
19. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Business Interruption
Monitor
Cookie
Polyalphabetic
20. Natural occurrence in circuits that are in close proximity
Buffer Overflow
Interference (Noise)
Content Dependent Access Control
Gateway
21. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.
Electromagnetic Interference (EMI)
Investigation
Asymmetric
Orange Book B2 Classification
22. Eavesdropping on network communications by a third party.
Race Condition
Checklist Test (desk check)
Tapping
Threats
23. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
Security Kernel
Failure Modes and Effect Analysis (FEMA)
ISO/IEC 27002
Lattice
24. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.
Access Control Lists
Critical Records
Recovery
Burn
25. To reduce fire
Procedure
Countermeasure
Isolation
Fire Suppression
26. Searching for wireless networks in a moving car.
Data Warehouse
War Driving
Cold Site
Control Category
27. Small data files written to a user's hard drive by a web server.
Basics Of Secure Design
Teardrop
Business Continuity Steering Committee
Cookie
28. System directed mediation of access with labels
Polymorphism
False (False Positive)
Mandatory
Simulation Test
29. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Exercise
Twisted Pair
Compensating
Change Control
30. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Emergency
Rootkit
Event
ff Site
31. Information about a particular data set
Routers
Metadata
Checksum
Brownout
32. A Trojan horse with the express underlying purpose of controlling host from a distance
Site Policy Awareness
Complete
Remote Access Trojan
Routers
33. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Multi-Core
Strong Authentication
Site Policy
Cryptology
34. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Deletion
Data Integrity
Mandatory Access Control (MAC)
Privacy Laws
35. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Reciprocal Agreement
Network Attached Storage (NAS)
Cross-Site Scripting
Architecture
36. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
Incident Manager
Job Rotation
Contingency Plan
Fire Classes
37. Act of luring an intruder and is legal.
Overlapping Fragment Attack
Evidence
CPU Cache
Enticement
38. To reduce sudden rises in current
The ACID Test
HTTP Response Splitting
Surge Suppressor
Remote Journaling
39. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Ethics
Business Continuity Planning (BCP)
Plain Text
DR Or BC Coordinator
40. Program instructions based upon the CPU's specific architecture
Machine Language (Machine Code)
Byte
Cipher Text
Architecture
41. Intellectual property protection for the expression of an idea
Initialization Vector
Fraggle
Copyright
Strong Authentication
42. Inappropriate data
Malformed Input
Protection
Confidence Value
Kerberos
43. Code breaking - practice of defeating the protective properties of cryptography.
Strong Authentication
Enticement
Cryptanalysis
Mock Disaster
44. Renders the record inaccessible to the database management system
Record Level Deletion
Residual Risk
Proprietary
Data Dictionary
45. Mitigate damage by isolating compromised systems from the network.
Initialization Vector
Data Custodian
Containment
Checklist Test
46. Recovery alternative - a building only with sufficient power - and HVAC
ff Site
Analysis
Common Criteria
Cold Site
47. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Pervasive Computing and Mobile Computing Devices
Denial Of Service
Deterrent
Analysis
48. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Botnet
Orange Book C Classification
Journaling
Risk
49. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Infrastructure
TIFF (Tagged Image File Format)
Fragmented Data
Data Recovery
50. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Brute Force
Exposure
Data Owner
Inheritance