SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A description of a database
On-Site
Data Dictionary
Damage Assessment
Classification Scheme
2. Mathematical function that determines the cryptographic operations
Dangling Pointer
Distributed Denial Of Service
Kerckhoff's Principle
Algorithm
3. Vehicle stopping object
Corrective
Information Technology Security Evaluation Criteria - ITSEC
Bollard
Proxies
4. Malware that makes small random changes to many data points
Malformed Input
Site Policy Awareness
Data Diddler
Discretionary
5. Recognition of an individual's assertion of identity.
Restoration
TNI (Red Book)
Identification
Control Type
6. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Business Records
Encryption
Record Level Deletion
Cross Training
7. More than one process in the middle of executing at a time
Multi-Tasking
Class
Authentication
Object
8. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
Accountability
Proxies
Uninterruptible Power Supply (UPS)
Key Clustering
9. Data or interference that can trigger a false positive
Tar Pits
Cross Certification
Noise
Centralized Access Control Technologies
10. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Risk
Business Records
Log
Hijacking
11. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities
Checklist Test
Cookie
Tactical
True Attack Stimulus
12. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
Fire Classes
Elements of Negligence
Access Point
Network Attached Storage (NAS)
13. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance
Near Site
Redundant Array Of Independent Drives (RAID)
Desk Check Test
Alert/Alarm
14. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
Embedded Systems
Classification
Kernel
SQL Injection
15. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
Information Technology Security Evaluation Criteria - ITSEC
Processes are Isolated By
Evidence
Multi-Party Control
16. A copy of transaction data - designed for querying and reporting
Security Clearance
Integrated Test
Data Warehouse
Data Custodian
17. DoS - Spoofing - dictionary - brute force - wardialing
5 Rules Of Evidence
Elements of Negligence
Access Control Attacks
Dangling Pointer
18. Recovery alternative which outsources a business function at a cost
Microwave
Compression
Alarm Filtering
Service Bureau
19. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.
Codec
Trade Secret
Symmetric
Risk Assessment / Analysis
20. Part of a transaction control for a database which informs the database of the last recorded transaction
Slack Space
Examples of non-technical security components
Checkpoint
Workaround Procedures
21. Converts source code to an executable
Bollard
Compiler
Change Control
Hot Spares
22. The technical and risk assesment of a system within the context of the operating environment
Deterrent
Machine Language (Machine Code)
Chain of Custody
Certification
23. Lower frequency noise
Deterrent
Capability Tables
Certification
Radio Frequency Interference (RFI)
24. Intellectual property protection for an confidential and critical process
Information Technology Security Evaluation Criteria - ITSEC
Blackout
Hearsay Evidence
Trade Secret
25. High degree of visual control
Multiplexers
Surveillance
Detective
Patch Panels
26. A programming device use in development to circumvent controls
Forward Recovery
War Driving
Civil Or Code Law
Trapdoors (Backdoors) (Maintenance Hooks)
27. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Business Recovery Timeline
Custodian
Application Programming Interface
Common Law
28. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
Administrative Access Controls
Multi-Party Control
TCSEC (Orange Book)
Business Continuity Planning (BCP)
29. Summary of a communication for the purpose of integrity
Message Digest
Watermarking
Stopped
Burn
30. Review of data
Remote Access Trojan
Business Recovery Timeline
Analysis
Digital Signature
31. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Embedded
Operational Exercise
Control Type
Metadata
32. Some systems are actually run at the alternate site
Alarm Filtering
Parallel Test
Control Type
Identification
33. Abstract and mathematical in nature - defining all possible states - transitions and operations
Intrusion Prevention Systems
State Machine Model
Mantrap (Double Door System)
Deletion
34. All of the protection mechanism in a computer system
Trusted Computing Base
Recovery
CPU Cache
Firewall
35. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Disaster Recovery Tape
Bollard
Information Owner
Admissible
36. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.
Mantrap (Double Door System)
Cryptology
Restoration
Custodian
37. Moving the alphabet intact a certain number spaces
Kerberos
Shift Cipher (Caesar)
Capability Tables
Data Dictionary
38. Substitution at the word or phrase level
Executive Succession
Countermeasure
Transfer
Code
39. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.
Mitigate
Active Data
EMI
Compensating
40. Memory - RAM
Teardrop
Primary Storage
HTTP Response Splitting
Proprietary
41. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Wait
Voice Over IP (VOIP)
Log
Microwave
42. Eight bits.
State Machine Model
File Level Deletion
Byte
Generator
43. OOP concept of a class's details to be hidden from object
Storage Area Network (SAN)
Call Tree
Encryption
Encapsulation
44. Recovery alternative - short-term - high cost movable processing location
Mobile Site
Activation
Evidence
Standalone Test
45. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Sampling
Plain Text
Least Privilege
Reference Monitor
46. A device that converts between digital and analog representation of data.
Denial Of Service
Modems
Admissible
TIFF (Tagged Image File Format)
47. An individuals conduct that violates government laws developed to protect the public
Criminal Law
Access Control
Compression
Noise
48. For PKI - decertify an entities certificate
Revocation
Emergency Procedures
Evidence
Alternate Data Streams (File System Forks)
49. A legal enforceable agreement between: two people - two organizations - a person and an organization.
Switches
Fault
Backup
Tort
50. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur
CobiT
Failure Modes and Effect Analysis (FEMA)
Data Warehouse
Content Dependent Access Control