SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Hitting a filed down key in a lock with a hammer to open without real key
Checkpoint
Pervasive Computing and Mobile Computing Devices
Data Recovery
Bumping
2. Reduction of voltage by the utility company for a prolonged period of time
Dictionary Attack
ITSEC
Off-Site Storage
Brownout
3. High frequency noise
Gateway
Electromagnetic Interference (EMI)
Encapsulation
Deterrent
4. Forging of an IP address.
Guidelines
Routers
Copyright
IP Address Spoofing
5. Power surge
Reference Monitor
Multi-Programming
Targeted Testing
Electrostatic Discharge
6. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.
Fire Classes
Data Recovery
Privacy Laws
Framework
7. A risk assessment method - measurable real money cost
Quantitative
Hijacking
Private Branch Exchange (PBX)
IDS Intrusion Detection System
8. Converts a high level language into machine language
Assembler
Tactical
Alternate Data Streams (File System Forks)
Hot Site
9. A structured group of teams ready to take control of the recovery operations if a disaster should occur.
Operational Impact Analysis
Cache
Education
Disaster Recovery Teams (Business Recovery Teams)
10. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Radio Frequency Interference (RFI)
Information Risk Management (IRM)
Legacy Data
Emergency Operations Center (EOC)
11. Momentary loss of power
Vulnerability
Fault
Proxies
Fraggle
12. Intellectual property protection for an confidential and critical process
Complete
Trade Secret
Metadata
Double Blind Testing
13. Methodical research of an incident with the purpose of finding the root cause
Layering
E-Mail Spoofing
Central Processing Unit (CPU)
Investigation
14. Control category- to give instructions or inform
Patch Management
Kernel
Incident Handling
Directive
15. A layer 2 device that used to connect two network segments and regulate traffic.
Security Domain
Disaster Recovery Teams (Business Recovery Teams)
Bridge
Alternate Data Streams (File System Forks)
16. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
Journaling
Virtual Memory
Sniffing
Inheritance
17. Quantity of risk remaining after a control is applied
Multi-Party Control
Hot Site
Multilevel Security System
Residual Risk
18. A programming device use in development to circumvent controls
Aggregation
Trapdoors (Backdoors) (Maintenance Hooks)
Concatenation
Governance
19. Unchecked data which spills into another location in memory
Cross-Site Scripting
Access Control Attacks
Initialization Vector
Buffer Overflow
20. Intermediate level - pertaining to planning
Information Flow Model
Trade Secret
Strategic
Operational
21. For PKI - decertify an entities certificate
Forensic Copy
Reciprocal Agreement
Hijacking
Revocation
22. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.
Remanence
ISO/IEC 27001
Access Control Attacks
Internal Use Only
23. What is will remain - persistence
Access Control Attacks
Durability
Decipher
Examples of non-technical security components
24. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Key Management
Polymorphism
Technical Access Controls
Kerberos
25. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions
Multiplexers
Risk Assessment
ITSEC
Resumption
26. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Encryption
Critical Records
Complete
Dictionary Attack
27. A design methodology which addresses risk early and often
Replication
Packet Filtering
Reciprocal Agreement
Spiral
28. Less granular organization of controls -
Digital Signature
Access Control Lists
Control Type
False Attack Stimulus
29. Sphere of influence
Domain
Compression
Directive
Shielding
30. Pertaining to law - accepted by a court
Admissible
DR Or BC Coordinator
Replication
UPS
31. Impossibility of denying authenticity and identity
Recovery
Non-Repudiation
Denial Of Service
Shadowing (file shadowing)
32. Identification and notification of an unauthorized and/or undesired action
Detection
Fire Detection
Hearsay Evidence
Collisions
33. The event signaling an IDS to produce an alarm when no attack has taken place
Remote Journaling
System Downtime
Journaling
False Attack Stimulus
34. The managerial approval to operate a system based upon knowledge of risk to operate
Distributed Denial Of Service
Accreditation
Disaster
Shadowing (file shadowing)
35. Those who initiate the attack
Recovery Period
File Extension
Cryptography
Threat Agent
36. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress
Polyalphabetic
Generator
True Attack Stimulus
Threats
37. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Service Bureau
Network Attached Storage (NAS)
Capability Tables
Satellite
38. Hiding the fact that communication has occurred
Trapdoors (Backdoors) (Maintenance Hooks)
Steganography
Polymorphism
Twisted Pair
39. Eight bits.
Infrastructure
Emergency Procedures
Custodian
Byte
40. Interception of a communication session by an attacker.
Redundant Servers
Logic Bomb
Hijacking
Operational
41. Threats x Vulnerability x Asset Value = Total Risk
Non-Interference
Patch Panels
Total Risk
One Time Pad
42. Alerts personnel to the presence of a fire
Fire Detection
Criminal Law
Embedded
Total Risk
43. Descrambling the encrypted message with the corresponding key
Copyright
Damage Assessment
Inference
Decipher
44. Consume resources to a point of exhaustion - loss of availability
Business Continuity Program
E-Mail Spoofing
SQL Injection
Denial Of Service
45. Moving letters around
Permutation /Transposition
Hard Disk
Eavesdropping
Mixed Law System
46. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Blind Testing
Inference
Overlapping Fragment Attack
Distributed Processing
47. Communicate to stakeholders
Debriefing/Feedback
Due Diligence
Operational Exercise
Generator
48. A documented battle plan for coordinating response to incidents.
Threats
Restoration
Incident Handling
Interference (Noise)
49. Mediation of covert channels must be addressed
Database Shadowing
Information Flow Model
Safeguard
Remote Journaling
50. Total number of keys available that may be selected by the user of a cryptosystem
Key Space
Record Level Deletion
Containment
True Attack Stimulus
