SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
True Attack Stimulus
Network Attached Storage (NAS)
Deleted File
Common Criteria
2. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.
Phishing
Damage Assessment
Site Policy
Business Continuity Program
3. Inappropriate data
Malformed Input
Salami
Denial Of Service
Metadata
4. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Information Flow Model
Investigation
Chain of Custody
Isolation
5. Memory management technique which allows subjects to use the same resource
Accreditation
Sharing
Accurate
Recovery Point Objective (RPO)
6. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.
Threads
Business Unit Recovery
Waterfall
Accreditation
7. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Initialization Vector
Lattice
Repeaters
Routers
8. More than one CPU on a single board
Cipher Text
Operational Test
Corrective
Multi-Core
9. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Event
Overlapping Fragment Attack
Eavesdropping
Compensating
10. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
Computer System Evidence
Threats
Accurate
Algorithm
11. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Business Records
IP Address Spoofing
Embedded Systems
Interpreter
12. To smooth out reductions or increases in power
Reciprocal Agreement
Risk
Bit
UPS
13. A program with an inappropriate second purpose
Mock Disaster
Non-Discretionary Access Control
Recovery Time Objectives
Trojan Horse
14. Amount of time for restoring a business process or function to normal operations without major loss
Double Blind Testing
Orange Book B2 Classification
Maximum Tolerable Downtime (MTD)
Payload
15. Impossibility of denying authenticity and identity
Containment
Non-Repudiation
CPU Cache
Need-To-Know
16. Object reuse protection and auditing
Orange Book C2 Classification
Record Level Deletion
Algorithm
Authentication
17. A device that sequentially switches multiple analog inputs to the output.
Remote Journaling
Multiplexers
Sharing
The ACID Test
18. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept
Ring Protection
Civil Or Code Law
Contact List
Incident Handling
19. Individuals and departments responsible for the storage and safeguarding of computerized data.
Data Custodian
Plain Text
Firewalls
Civil Law
20. Measures followed to restore critical functions following a security incident.
File Extension
Rogue Access Points
Recovery
Binary
21. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
Framework
Noise
Confidence Value
SQL Injection
22. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Modems
Initialization Vector
Threat Agent
Electrostatic Discharge
23. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Distributed Denial Of Service
Application Programming Interface
Running Key
Journaling
24. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.
Control Type
Bit
Burn
Information Flow Model
25. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Mantrap (Double Door System)
Encapsulation
Information Technology Security Evaluation Criteria - ITSEC
MOM
26. Renders the file inaccessible to the operating system - available to reuse for data storage.
Business Impact Assessment (BIA)
Internal Use Only
File Level Deletion
Desk Check Test
27. Two different keys decrypt the same cipher text
Key Clustering
Operational Impact Analysis
Microwave
Deleted File
28. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination
Classification Scheme
Data Marts
Man-In-The-Middle Attack
Durability
29. A planned or unplanned interruption in system availability.
System Downtime
TIFF (Tagged Image File Format)
IDS Intrusion Detection System
Restoration
30. OOP concept of a taking attributes from the original or parent
Checklist Test
Inheritance
Information Flow Model
Patch Panels
31. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.
Emanations
Coaxial Cable
Blackout
Archival Data
32. To set the clearance of a subject or the classification of an object
Civil Law
High-Risk Areas
Labeling
Business Continuity Planning (BCP)
33. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Fire Detection
Triage
Administrative Access Controls
Copyright
34. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Radio Frequency Interference (RFI)
Object Oriented Programming (OOP)
Administrative Access Controls
Journaling
35. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Twisted Pair
Access Control Lists
Denial Of Service
Remote Journaling
36. Deals with discretionary protection
Job Rotation
Territoriality
Orange Book C Classification
Architecture
37. Organized group of compromised computers
Access Control Lists
Hub
Noise
Botnet
38. Intellectual property protection for an confidential and critical process
Trade Secret
False (False Positive)
Confidence Value
Simulation Test
39. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Operating
Operational Impact Analysis
Trademark
Security Kernel
40. For PKI - to have more than one person in charge of a sensitive function
High-Risk Areas
Site Policy
Interference (Noise)
Multi-Party Control
41. Written step-by-step actions
Marking
Procedure
Discretionary Access Control (DAC)
Shift Cipher (Caesar)
42. System directed mediation of access with labels
File Sharing
Mandatory
EMI
Authentication
43. Owner directed mediation of access
Vital Record
Disaster Recovery Plan
Key Clustering
Discretionary
44. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Emergency Operations Center (EOC)
File Shadowing
Recovery Period
Spam
45. Firewalls - encryption - and access control lists
Examples of technical security components
Classification
Territoriality
Access Control Attacks
46. Location where coordination and execution of BCP or DRP is directed
Central Processing Unit (CPU)
Bollard
Emergency Operations Center (EOC)
Dangling Pointer
47. Provides a physical cross connect point for devices.
Business Interruption Insurance
Patch Panels
Data Leakage
Workaround Procedures
48. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.
Residual Data
Analysis
Patch Management
Remanence
49. Those who initiate the attack
Threat Agent
Firewalls
Certificate Revocation List (CRL)
Vital Record
50. A layer 2 device that used to connect two network segments and regulate traffic.
Security Clearance
Access Control Matrix
Business Continuity Planning (BCP)
Bridge
