SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A group or network of honeypots
Contact List
Honeynet
Infrastructure
Data Backups
2. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Symmetric
Internal Use Only
Liability
Discretionary Access Control (DAC)
3. A basic level of network access control that is based upon information contained in the IP packet header.
Parallel Test
Satellite
Packet Filtering
Non-Interference
4. An alert or alarm that is triggered when no actual attack has taken place
False (False Positive)
Alert
Hard Disk
Identification
5. Someone who wants to cause harm
Man-In-The-Middle Attack
Attacker (Black hat - Hacker)
TIFF (Tagged Image File Format)
War Dialing
6. Of a system without prior knowledge by the tester or the tested
Fault Tolerance
Residual Risk
Disaster Recovery Teams (Business Recovery Teams)
Double Blind Testing
7. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Teardrop
Fault
Microwave
Access Control Matrix
8. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Wait
Cryptology
Brownout
Phishing
9. Memory management technique which allows data to be moved from one memory address to another
Business Recovery Team
Honeypot
Keyed-Hashing For Message Authentication
Relocation
10. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Integrated Test
Brownout
Targeted Testing
Deadlock
11. Control category - more than one control on a single asset
Compensating
Accreditation
Coaxial Cable
Dictionary Attack
12. Unused storage capacity
Slack Space
Cross-Site Scripting
Business Records
Business Interruption Insurance
13. Responsibility for actions
Remote Access Trojan
ITSEC
Orange Book D Classification
Liability
14. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.
Investigation
Business Interruption Insurance
Criminal Law
Basics Of Secure Design
15. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Tracking
Overlapping Fragment Attack
Database Shadowing
Routers
16. People protect their domain
Deterrent
Territoriality
Contact List
Inrush Current
17. An encryption method that has a key as long as the message
Running Key
Parallel Test
Race Condition
Access Point
18. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Forensic Copy
Open Mail Relay Servers
Faraday Cage/ Shield
Mobile Recovery
19. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
Orange Book B2 Classification
Active Data
IP Fragmentation
Bumping
20. One entity with two competing allegiances
Aggregation
Conflict Of Interest
Transfer
Contingency Plan
21. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Threads
Non-Discretionary Access Control
5 Rules Of Evidence
Coaxial Cable
22. Deals with discretionary protection
Risk
Cache
Orange Book C Classification
Attacker (Black hat - Hacker)
23. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.
Man-In-The-Middle Attack
TEMPEST
Multi-Programming
Attacker (Black hat - Hacker)
24. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Picking
Fire Prevention
Distributed Denial Of Service
War Dialing
25. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Virtual Memory
Containment
Crisis
Isolation
26. Subject based description of a system or a collection of resources
Work Factor
Capability Tables
Disaster
Compression
27. Those who initiate the attack
Data Dictionary
Threat Agent
Twisted Pair
Secondary Storage
28. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Exposure
Full-Interruption test
Near Site
Framework
29. Computing power will double every 18 months
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
30. A unit of execution
Threads
Alarm Filtering
TIFF (Tagged Image File Format)
War Driving
31. A structured group of teams ready to take control of the recovery operations if a disaster should occur.
Disaster Recovery Teams (Business Recovery Teams)
Embedded
Mandatory
Mobile Recovery
32. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
Instance
Fire Classes
Orange Book B1 Classification
Monitor
33. Requirement of access to data for a clearly defined purpose
Investigation
Need-To-Know
Blackout
Binary
34. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Mandatory Access Control (MAC)
Analysis
Firmware
IP Fragmentation
35. Indivisible - data field must contain only one value that either all transactions take place or none do
Sharing
Shift Cipher (Caesar)
Executive Succession
Atomicity
36. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due
Isolation
Elements of Negligence
Patch Panels
Disk Mirroring
37. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Collisions
Mission-Critical Application
Revocation
Emergency
38. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
Business Continuity Planning (BCP)
Computer System Evidence
Side Channel Attack
Object Reuse
39. To jump to a conclusion
Incident Handling
Framework
Inference
Triage
40. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Emergency Procedures
Mobile Recovery
Centralized Access Control Technologies
Corrective
41. Inference about encrypted communications
Memory Management
Operational Exercise
Side Channel Attack
Administrative
42. Control category- to discourage an adversary from attempting to access
Digital Signature
Journaling
Deterrent
Brute Force
43. Property that data is represented in the same manner at all times
Mandatory
Assembler
E-Mail Spoofing
Consistency
44. Controls deployed to avert unauthorized and/or undesired actions.
Prevention
Locard's Principle
Shift Cipher (Caesar)
Internal Use Only
45. Dedicated fast memory located on the same board as the CPU
Surge
Debriefing/Feedback
CPU Cache
Business Records
46. To stop damage from spreading
Containment
Total Risk
Business Continuity Program
Access Control
47. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
IP Address Spoofing
The ACID Test
Copyright
Remote Access Trojan
48. Maintenance procedures outline the process for the review and update of business continuity plans.
Chain of Custody
Plan Maintenance Procedures
Hijacking
Evidence
49. An asymmetric cryptography mechanism that provides authentication.
Intrusion Prevention Systems
Digital Signature
Storage Area Network (SAN)
Architecture
50. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Reference Monitor
Chain of Custody
Bollard
Surge