SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Organization way of classifying data by factors such as criticality - sensitivity and ownership.
Custodian
Classification Scheme
Sharing
Fire Suppression
2. Joining two pieces of text
Multilevel Security System
Concatenation
Pointer
Orange Book C Classification
3. Used to code/decode a digital data stream.
Cross-Site Scripting
Hearsay Evidence
Warm Site
Codec
4. A signal suggesting a system has been or is being attacked.
Embedded
Alert/Alarm
High-Risk Areas
Concatenation
5. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
Site Policy
Degauss
Brute Force
Emergency Operations Center (EOC)
6. Code making
Alert
Cryptography
Databases
Blackout
7. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Attacker (Black hat - Hacker)
Alert
Least Privilege
Maximum Tolerable Downtime (MTD)
8. A layer 3 device that used to connect two or more network segments and regulate traffic.
Embedded Systems
Routers
Identification
Security Kernel
9. More than one processor sharing same memory - also know as parallel systems
Inheritance
Multi-Processor
Log
Inrush Current
10. A description of a database
Detective
Data Dictionary
Off-Site Storage
Orange Book A Classification
11. A race condition where the security changes during the object's access
Kerckhoff's Principle
Time Of Check/Time Of Use
Protection
Embedded Systems
12. What is will remain - persistence
Polymorphism
Territoriality
Durability
Concentrator
13. Pertaining to law - lending it self to one side of an argument
Honeynet
Convincing
Near Site
Warm Site
14. Potentially compromising leakage of electrical or acoustical signals.
Emanations
Operating
Ring Protection
Non-Discretionary Access Control
15. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data
Attacker (Black hat - Hacker)
Data Hiding
Digital Certificate
Byte Level Deletion
16. Pertaining to law - no omissions
Framework
Complete
Threat Agent
Multilevel Security System
17. A protocol for the efficient transmission of voice over the Internet
Injection
Sniffing
Parallel Test
Voice Over IP (VOIP)
18. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.
Pointer
System Downtime
Cache
Teardrop
19. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Public Key Infrastructure (PKI)
Operational Impact Analysis
Encryption
Deletion
20. A legal enforceable agreement between: two people - two organizations - a person and an organization.
Machine Language (Machine Code)
Tort
Activation
Concatenation
21. For PKI - to have more than one person in charge of a sensitive function
Recovery
Microwave
Business Unit Recovery
Multi-Party Control
22. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
Contingency Plan
SYN Flooding
Shielding
Deletion
23. A disturbance that degrades performance of electronic devices and electronic communications.
Sequence Attacks
MOM
Due Care
Radio Frequency Interference (RFI)
24. A program with an inappropriate second purpose
Information Owner
Trojan Horse
Security Domain
Central Processing Unit (CPU)
25. Reprogrammable basic startup instructions
Certificate Revocation List (CRL)
Evidence
Authentic
Firmware
26. To collect many small pieces of data
Waterfall
Aggregation
Electromagnetic Interference (EMI)
Incident Handling
27. To reduce fire
Trojan Horse
Territoriality
Intrusion Detection Systems
Fire Suppression
28. Potentially retrievable data residue that remains following intended erasure of data.
Deletion
Deadlock
Cross-Site Scripting
Remanence
29. A database backup type which records at the transaction level
Satellite
Message Digest
Remote Journaling
Digital Signature
30. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Recovery Period
Checksum
Governance
Patch Management
31. A hash that has been further encrypted with a symmetric algorithm
Keyed-Hashing For Message Authentication
Embedded Systems
Deterrent
Noise
32. Collection of data on business functions which determines the strategy of resiliency
Life Cycle of Evidence
Business Impact Assessment (BIA)
Compartmentalize
Plain Text
33. Actions measured against either a policy or what a reasonable person would do
Recovery
Cold Site
Due Diligence
Distributed Denial Of Service
34. Memory management technique which allows subjects to use the same resource
Business Continuity Program
Information Flow Model
Exercise
Sharing
35. Malware that makes many small changes over time to a single data point or system
Salami
Confidence Value
Buffer Overflow
Certification Authority
36. Short period of low voltage.
CPU Cache
Plain Text
Sag/Dip
Examples of non-technical security components
37. Key
Incident
Checkpoint
Cryptovariable
Damage Assessment
38. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Public Key Infrastructure (PKI)
Threats
Redundant Array Of Independent Drives (RAID)
CobiT
39. The collection and summation of risk data relating to a particular asset and controls for that asset
Emergency
Risk Assessment
Threats
ISO/IEC 27001
40. Transaction controls for a database - a return to a previous state
Threats
Event
Phishing
Rollback
41. Recovery alternative which includes cold site and some equipment and infrastructure is available
Liability
Transients
Warm Site
Critical Records
42. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Electronic Vaulting
Data Backups
Cryptanalysis
Governance
43. Substitution at the word or phrase level
Hot Site
Code
Discretionary
Data Owner
44. High frequency noise
Packet Filtering
Kerberos
Electromagnetic Interference (EMI)
Ring Protection
45. For PKI - decertify an entities certificate
Incident Manager
Hacker
Compensating
Revocation
46. A choice in risk management - to implement a control that limits or lessens negative effects
Mitigate
Digital Signature
Procedure
Data Warehouse
47. All of the protection mechanism in a computer system
Spyware
Common Criteria
Information Owner
Trusted Computing Base
48. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.
Encipher
Monitor
Emergency Operations Center (EOC)
TEMPEST
49. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.
HTTP Response Splitting
Enticement
Bit
Mirrored Site
50. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Hot Spares
Contact List
Key Management
Common Criteria
