SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Pertaining to law - no omissions
Complete
Crisis
Residual Risk
Classification Scheme
2. Potential danger to information or systems
Service Bureau
Threats
Object Oriented Programming (OOP)
Checkpoint
3. Written suggestions that direct choice to a few alternatives
Message Digest
Multi-Processing
Guidelines
Control
4. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.
Access Control Matrix
Capability Tables
Sampling
Plaintext
5. Malware that subverts the detective controls of an operating system
Rootkit
Detection
Code
Control Category
6. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
Multi-Programming
Threads
Database Shadowing
Memory Management
7. Independent malware that requires user interaction to execute
Interference (Noise)
Virus
Mandatory Access Control (MAC)
Buffer Overflow
8. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Eavesdropping
Business Interruption
Metadata
Hot Site
9. Binary decision by a system of permitting or denying access to the entire system
Interception
Malformed Input
Authentication
Computer Forensics
10. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.
System Downtime
Substitution
Archival Data
Collisions
11. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Patch Panels
Object
E-Mail Spoofing
Administrative Access Controls
12. Eavesdropping on network communications by a third party.
Safeguard
Critical Functions
Tapping
Race Condition
13. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Business Continuity Planning (BCP)
Separation Of Duties
Business Records
Least Privilege
14. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.
Recovery Period
Mock Disaster
Least Privilege
File Sharing
15. Vehicle or tool that exploits a weakness
Failure Modes and Effect Analysis (FEMA)
Quantitative Risk Analysis
Mirroring
Threats
16. A shield against leakage of electromagnetic signals.
Smurf
Atomicity
Authentication
Faraday Cage/ Shield
17. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Kerberos
Physical Tampering
Plain Text
Data Integrity
18. Moving letters around
Internal Use Only
Aggregation
Orange Book C Classification
Permutation /Transposition
19. Policy or stated actions
Radio Frequency Interference (RFI)
Transfer
Data Diddler
Due Care
20. Code breaking - practice of defeating the protective properties of cryptography.
Hijacking
Cryptanalysis
Accreditation
Resumption
21. For PKI - to have more than one person in charge of a sensitive function
Incident Response
Damage Assessment
Shift Cipher (Caesar)
Multi-Party Control
22. Lower frequency noise
Multilevel Security System
Custodian
Radio Frequency Interference (RFI)
Codec
23. A control before attack
Safeguard
Walk Though
Fire Prevention
Mitigate
24. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Guidelines
IDS Intrusion Detection System
Non-Interference
Firmware
25. Trading one for another
Storage Area Network (SAN)
Interception
Substitution
Checklist Test
26. Intellectual property protection for marketing efforts
Trademark
Ethics
Complete
Orange Book A Classification
27. To segregate for the purposes of labeling
Cryptology
Due Diligence
Policy
Compartmentalize
28. Eavesdropping on network communications by a third party.
Sniffing
Quantitative
Workaround Procedures
Authentication
29. Uses two or more legal systems
Reference Monitor
Pervasive Computing and Mobile Computing Devices
Fault Tolerance
Mixed Law System
30. Organization way of classifying data by factors such as criticality - sensitivity and ownership.
File
Classification Scheme
Fiber Optics
Rollback
31. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)
Distributed Processing
Contingency Plan
Encipher
Business Continuity Steering Committee
32. A type of attack involving attempted insertion - deletion or altering of data.
Tracking
Incident
Trapdoors (Backdoors) (Maintenance Hooks)
Modification
33. Summary of a communication for the purpose of integrity
Message Digest
Recovery
Gateway
Supervisor Mode (monitor - system - privileged)
34. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.
False Attack Stimulus
Repeaters
Multilevel Security System
Faraday Cage/ Shield
35. High level design or model with a goal of consistency - integrity - and balance
Mobile Site
Voice Over IP (VOIP)
Architecture
Technical Access Controls
36. Intellectual property management technique for identifying after distribution
Process Isolation
Uninterruptible Power Supply (UPS)
Watermarking
Cipher Text
37. Encryption system using a pair of mathematically related unequal keys
Asymmetric
Data Leakage
Maximum Tolerable Downtime (MTD)
Total Risk
38. A record that must be preserved and available for retrieval if needed.
Detection
Application Programming Interface
Tracking
Vital Record
39. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Risk Assessment
Satellite
Restoration
Application Programming Interface
40. False memory reference
War Dialing
Remote Journaling
Dangling Pointer
Proxies
41. Just enough access to do the job
Least Privilege
Hash Function
Deterrent
Containment
42. An availability attack - to consume resources to the point of exhaustion
Information Owner
Denial Of Service
Disaster Recovery Plan
Smurf
43. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
Security Clearance
Integrated Test
Targeted Testing
The ACID Test
44. Inference about encrypted communications
Administrative Laws
Side Channel Attack
Total Risk
Repeaters
45. DoS - Spoofing - dictionary - brute force - wardialing
Recovery Period
Access Control Attacks
Interference (Noise)
Operational Exercise
46. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.
Hard Disk
Payload
Proxies
Off-Site Storage
47. The principles a person sets for themselves to follow
Phishing
Ethics
Public Key Infrastructure (PKI)
One Time Pad
48. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas
File Shadowing
Log
Incident Response Team
Public Key Infrastructure (PKI)
49. Owner directed mediation of access
Log
Discretionary
Warm Site
Service Bureau
50. Reduces causes of fire
HTTP Response Splitting
Moore's Law
Surge
Fire Prevention