SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Uncheck data input which results in redirection
HTTP Response Splitting
Decipher
Key Clustering
Mandatory Vacations
2. Control category- to give instructions or inform
Directive
ff Site
Intrusion Detection Systems
Physical Tampering
3. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
Concentrator
Public Key Infrastructure (PKI)
On-Site
Civil Law
4. Specific format of technical and physical controls that support the chosen framework and the architecture
Infrastructure
Fault
Basics Of Secure Design
Radio Frequency Interference (RFI)
5. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Database Shadowing
Education
Change Control
Hub
6. Mitigate damage by isolating compromised systems from the network.
False Negative
Full-Interruption test
Containment
Mock Disaster
7. A group or network of honeypots
Recovery Period
Honeynet
Business Impact Analysis
Orange Book A Classification
8. Hiding the fact that communication has occurred
Marking
Eavesdropping
Multi-Processor
Steganography
9. People who interact with assets
IP Fragmentation
User
Mandatory Vacations
Qualitative
10. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
Mitigate
Admissible
System Life Cycle
Event
11. Program that inappropriately collects private data or activity
Detection
Call Tree
Spyware
Firewalls
12. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Slack Space
Data Integrity
Preemptive
Kerberos
13. False memory reference
Pointer
Protection
Dangling Pointer
Modems
14. Act of luring an intruder and is legal.
Ring Protection
Packet Filtering
Enticement
Work Factor
15. Intellectual property protection for an confidential and critical process
Stopped
Mission-Critical Application
Trade Secret
Blind Testing
16. To evaluate the current situation and make basic decisions as to what to do
TNI (Red Book)
Triage
Atomicity
System Downtime
17. Try a list of words in passwords or encryption keys
Surge
Buffer Overflow
Service Bureau
Dictionary Attack
18. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
Wireless Fidelity (Wi-Fi )
Code
Basics Of Secure Design
Ring Protection
19. A database backup type which records at the transaction level
Remote Journaling
Embedded
Record Level Deletion
Compiler
20. Real-time data backup ( Data Mirroring)
Aggregation
Mobile Site
Object
Database Shadowing
21. Act of scrambling the cleartext message by using a key.
BCP Testing Drills and Exercises
Encipher
Hot Site
Algorithm
22. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
Discretionary
Embedded Systems
Accurate
Domain
23. An event which stops business from continuing.
Compensating
Alternate Site
Disaster
Incident Response
24. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
Business Continuity Steering Committee
Worm
Remote Journaling
Critical Functions
25. Granular decision by a system of permitting or denying access to a particular resource on the system
Switches
Authorization
Substitution
File Level Deletion
26. Return to a normal state
Recovery
Call Tree
Mock Disaster
Total Risk
27. Representatives from each functional area or department get together and walk through the plan from beginning to end.
Masked/Interruptible
Databases
Structured Walk-Through Test
Disaster
28. Computing power will double every 18 months
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
29. Some systems are actually run at the alternate site
Acronym for American Standard Code for Information Interchange (ASCII)
Parallel Test
Orange Book D Classification
Noise
30. The collection and summation of risk data relating to a particular asset and controls for that asset
Hearsay Evidence
Risk Assessment
Encryption
System Life Cycle
31. Unused storage capacity
Slack Space
One Time Pad
Investigation
Compensating
32. A record that must be preserved and available for retrieval if needed.
Vital Record
Alternate Data Streams (File System Forks)
Steganography
CobiT
33. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
ISO/IEC 27001
Authorization
Cold Site
Critical Functions
34. A layer 2 device that used to connect two or more network segments and regulate traffic.
Vital Record
Digital Signature
The ACID Test
Switches
35. Converts source code to an executable
Mandatory Vacations
Compiler
Modification
Directive
36. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Strong Authentication
Cryptovariable
Sequence Attacks
TIFF (Tagged Image File Format)
37. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
Trojan Horse
Cross Training
Risk Assessment / Analysis
SQL Injection
38. Can be statistical (monitor behavior) or signature based (watch for known attacks)
IDS Intrusion Detection System
Labeling
Authentic
Total Risk
39. Object based description of a system or a collection of resources
Access Control Matrix
Rollback
Sniffing
Trusted Computing Base
40. Short period of low voltage.
Threat Agent
Firewalls
Sag/Dip
Vulnerability
41. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Uninterruptible Power Supply (UPS)
Hearsay Evidence
Network Attached Storage (NAS)
Sampling
42. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.
Deleted File
User Mode (problem or program state)
Recovery
Primary Storage
43. Line by line translation from a high level language to machine code
State Machine Model
Brouter
Interpreter
Intrusion Prevention Systems
44. Momentary loss of power
Fault
Inrush Current
Procedure
Targeted Testing
45. Subjects will not interact with each other's objects
Triage
Adware
Liability
Non-Interference
46. Memory management technique that allows two processes to run concurrently without interaction
Protection
Standalone Test
Warm Site
Fire Classes
47. Control type- that is communication based - typically written or oral
Wait
Brute Force
Administrative
Surveillance
48. The core of a computer that calculates
Codec
Central Processing Unit (CPU)
Non-Repudiation
Malformed Input
49. Renders the file inaccessible to the operating system - available to reuse for data storage.
Simulation
Administrative
File Level Deletion
Hearsay
50. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.
Vital Record
Disk Mirroring
Standard
Man-In-The-Middle Attack