SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. RADIUS - TACACS+ - Diameter
Sampling
False Attack Stimulus
Centralized Access Control Technologies
Call Tree
2. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Smurf
Security Domain
Method
Incident Manager
3. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Emanations
Life Cycle of Evidence
Race Condition
Class
4. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions
Resumption
Investigation
Routers
Data Backup Strategies
5. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
Proprietary
Legacy Data
Memory Management
Orange Book D Classification
6. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Time Of Check/Time Of Use
Need-To-Know
Kerberos
Wait
7. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
IP Address Spoofing
Emergency Procedures
High-Risk Areas
Encryption
8. Mediation of covert channels must be addressed
Encapsulation
Information Flow Model
Identification
Full-Interruption test
9. Control category - more than one control on a single asset
Mandatory
Recovery
Remote Journaling
Compensating
10. A legal enforceable agreement between: two people - two organizations - a person and an organization.
Mandatory Access Control (MAC)
Liability
Tort
Key Clustering
11. Used to code/decode a digital data stream.
Territoriality
Asymmetric
Codec
Hearsay Evidence
12. A running key using a random key that is never used again
Security Blueprint
One Time Pad
Vital Record
Log
13. Recovery alternative - short-term - high cost movable processing location
Keyed-Hashing For Message Authentication
Mobile Site
ISO/IEC 27002
Substitution
14. Claiming another's identity at a physical level
Data Owner
Service Bureau
Masquerading
Distributed Denial Of Service
15. Pertaining to law - lending it self to one side of an argument
Rootkit
Trusted Computing Base
Convincing
Adware
16. Computing power will double every 18 months
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
17. System of law based upon precedence - with major divisions of criminal - tort - and administrative
Common Law
Sampling
Brute Force
Sequence Attacks
18. People who interact with assets
Business Impact Assessment (BIA)
True Attack Stimulus
User
Strong Authentication
19. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
SQL Injection
Copyright
Examples of technical security components
War Dialing
20. Owner directed mediation of access
Honeypot
Discretionary
Encipher
Exercise
21. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Hub
Discretionary
Evidence
Data Backup Strategies
22. Fault tolerance for power
Generator
Running
Running Key
Acronym for American Standard Code for Information Interchange (ASCII)
23. Specific format of technical and physical controls that support the chosen framework and the architecture
Infrastructure
Criminal Law
Central Processing Unit (CPU)
Analysis
24. Act of scrambling the cleartext message by using a key.
Modification
Risk Assessment / Analysis
Framework
Encipher
25. Program that inappropriately collects private data or activity
Standalone Test
Spyware
Data Hiding
Polyalphabetic
26. A process state - to be either be unable to run waiting for an external event or terminated
Brouter
Stopped
Business Records
ff Site
27. Some systems are actually run at the alternate site
Containment
Parallel Test
Sequence Attacks
Targeted Testing
28. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur
Generator
Failure Modes and Effect Analysis (FEMA)
Process Isolation
Sharing
29. A collection of information designed to reduce duplication and increase integrity
Generator
Business Impact Analysis
Databases
Cache
30. The core of a computer that calculates
TCSEC (Orange Book)
Central Processing Unit (CPU)
Process Isolation
Monitor
31. Data or interference that can trigger a false positive
Corrective
Noise
Directive
Class
32. An administrative unit or a group of objects and subjects controlled by one reference monitor
Security Domain
Firmware
Elements of Negligence
Remote Journaling
33. Joining two pieces of text
Metadata
Cache
Data Hiding
Concatenation
34. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.
Mock Disaster
Honeypot
Business Continuity Program
Plaintext
35. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.
Internal Use Only
Tapping
Phishing
Pervasive Computing and Mobile Computing Devices
36. Policy or stated actions
2-Phase Commit
Due Care
Masked/Interruptible
Orange Book B1 Classification
37. The partial or full duplication of data from a source database to one or more destination databases.
Sag/Dip
Database Replication
Spyware
Control Category
38. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Examples of technical security components
File
Alert/Alarm
Data Recovery
39. OOP concept of a distinct copy of the class
Object
Job Rotation
Full-Interruption test
Distributed Denial Of Service
40. Responsibility for actions
System Downtime
Centralized Access Control Technologies
E-Mail Spoofing
Liability
41. Hardware or software that is part of a larger system
Embedded
Memory Management
Electromagnetic Interference (EMI)
Recovery Strategy
42. Ertaining to a number system that has just two unique digits.
Binary
System Downtime
Switches
Checklist Test (desk check)
43. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.
Key Space
Adware
Plaintext
Business Impact Analysis
44. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Hot Spares
Gateway
State Machine Model
Exercise
45. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Payload
Eavesdropping
Recovery Point Objective (RPO)
Object Oriented Programming (OOP)
46. A layer 3 device that used to connect two or more network segments and regulate traffic.
Routers
Smurf
Process Isolation
Site Policy
47. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.
Radio Frequency Interference (RFI)
Data Recovery
Cross Certification
Damage Assessment
48. May be responsible for overall recovery of an organization or unit(s).
Ring Protection
DR Or BC Coordinator
Cookie
Private Branch Exchange (PBX)
49. Momentary loss of power
Top Secret
Running
Fault
Access Control Attacks
50. Encryption system using a pair of mathematically related unequal keys
Multi-Core
Detection
Asymmetric
State Machine Model