SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Mandatory Access Control (MAC)
Intrusion Detection Systems
Business Impact Assessment (BIA)
Job Training
2. Pertaining to law - no omissions
Complete
Critical Records
Permutation /Transposition
Running Key
3. A telephone exchange for a specific office or business.
Recovery Point Objective (RPO)
Deadlock
Replication
Private Branch Exchange (PBX)
4. A program that waits for a condition or time to occur that executes an inappropriate activity
Cross-Site Scripting
Simulation
Logic Bomb
Recovery Point Objective (RPO)
5. High level - pertaining to planning
Slack Space
Strategic
Codec
Data Recovery
6. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Orange Book A Classification
Forensic Copy
Operational Impact Analysis
Patch Management
7. Object reuse protection and auditing
Detective
Disaster Recovery Teams (Business Recovery Teams)
Public Key Infrastructure (PKI)
Orange Book C2 Classification
8. Identification and notification of an unauthorized and/or undesired action
ISO/IEC 27001
Detection
Sampling
Guidelines
9. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Risk Mitigation
Network Attached Storage (NAS)
Business Continuity Steering Committee
Disaster
10. A control before attack
Surge Suppressor
Mission-Critical Application
Safeguard
Fire Classes
11. A database that contains the name - type - range of values - source and authorization for access for each data element
Data Dictionary
Asymmetric
Backup
Full Test (Full Interruption)
12. High degree of visual control
Supervisor Mode (monitor - system - privileged)
Investigation
Burn
Surveillance
13. To move from location to location - keeping the same function
Radio Frequency Interference (RFI)
Rogue Access Points
Coaxial Cable
Job Rotation
14. Narrow scope examination of a system
Mantrap (Double Door System)
Reference Monitor
Targeted Testing
Fraggle
15. A secure connection to another network.
Examples of technical security components
Data Recovery
Gateway
Shadowing (file shadowing)
16. Controls deployed to avert unauthorized and/or undesired actions.
Incident Response Team
TEMPEST
Instance
Prevention
17. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Multilevel Security System
Information Flow Model
Incident
Analysis
18. An individuals conduct that violates government laws developed to protect the public
Analysis
Criminal Law
Capability Tables
Deadlock
19. A technology that reduces the size of a file.
Forward Recovery
Investigation
The ACID Test
Compression
20. Recording the Who What When Where How of evidence
Data Warehouse
Chain Of Custody
Birthday Attack
Database Replication
21. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Disaster Recovery Tape
Critical Functions
Brownout
Repeaters
22. A device that provides the functions of both a bridge and a router.
Incident Handling
Databases
Brouter
Plain Text
23. Inappropriate data
Malformed Input
Convincing
Side Channel Attack
Near Site
24. Policy or stated actions
Threads
Policy
Due Care
Sampling
25. Control category- to record an adversary's actions
Detective
Object Reuse
Backup
Proxies
26. Pertaining to law - high degree of veracity
Accurate
Acronym for American Standard Code for Information Interchange (ASCII)
Sniffing
Business Interruption Insurance
27. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.
Microwave
Orange Book B2 Classification
Logic Bomb
Open Mail Relay Servers
28. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Pervasive Computing and Mobile Computing Devices
Investigation
Cryptanalysis
Uninterruptible Power Supply (UPS)
29. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur
Entrapment
Hub
Failure Modes and Effect Analysis (FEMA)
Off-Site Storage
30. Descrambling the encrypted message with the corresponding key
Decipher
Trapdoors (Backdoors) (Maintenance Hooks)
Modems
Business Impact Assessment (BIA)
31. Mediation of subject and object interactions
Standalone Test
Access Control
Non-Discretionary Access Control
Exposure
32. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
Data Recovery
ff Site
Highly Confidential
Mandatory
33. A disturbance that degrades performance of electronic devices and electronic communications.
Aggregation
Salami
Radio Frequency Interference (RFI)
Surge
34. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
Adware
Decipher
Generator
MOM
35. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Trojan Horse
File
Corrective
Disaster
36. Event(s) that cause harm
Risk Assessment / Analysis
Incident
Repeaters
Debriefing/Feedback
37. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
Recovery Strategy
Certification Authority
Confidence Value
Mock Disaster
38. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Evidence
Generator
ff Site
Twisted Pair
39. Control type- that is communication based - typically written or oral
Cold Site
Masked/Interruptible
Administrative
Incident Response Team
40. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
Pointer
Packet Filtering
Processes are Isolated By
Common Criteria
41. A program with an inappropriate second purpose
Incident Response
Bit
Threats
Trojan Horse
42. Is secondhand and usually not admissible in court
Plan Maintenance Procedures
Hearsay Evidence
Hacker
Decipher
43. Autonomous malware that requires a flaw in a service
Trusted Computing Base
Worm
Disaster Recovery Plan
Compiler
44. Statistical probabilities of a collision are more likely than one thinks
Atomicity
Instance
Content Dependent Access Control
Birthday Attack
45. Actions measured against either a policy or what a reasonable person would do
Criminal Law
Due Diligence
HTTP Response Splitting
Recovery
46. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services
Work Factor
Call Tree
SQL Injection
Access Control Lists
47. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.
Data Leakage
Disaster
Satellite
Architecture
48. Joining two pieces of text
Electronic Vaulting
Accountability
Concatenation
Hot Site
49. Objects or programming that looks the different but act same
Polymorphism
Access Control Lists
Information Flow Model
Cryptanalysis
50. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Least Privilege
Access Control Matrix
High-Risk Areas
Monitor
