SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. OOP concept of a taking attributes from the original or parent
Atomicity
Disk Mirroring
Inheritance
Hot Site
2. Is secondhand and usually not admissible in court
Guidelines
Hearsay Evidence
Locard's Principle
Concentrator
3. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Cross-Site Scripting
Alert
Top Secret
Picking
4. A design methodology which executes in a linear one way fashion
Risk Mitigation
Fault
Mandatory
Waterfall
5. A failure of an IDS to detect an actual attack
TCSEC (Orange Book)
False Negative
Modification
Keyed-Hashing For Message Authentication
6. A passive network attack involving monitoring of traffic.
Eavesdropping
Data Recovery
Intrusion Prevention Systems
True Attack Stimulus
7. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Prevention
Pervasive Computing and Mobile Computing Devices
Coaxial Cable
Disaster Recovery Teams (Business Recovery Teams)
8. Owner directed mediation of access
Discretionary
Hijacking
Virtual Memory
IDS Intrusion Detection System
9. The collection and summation of risk data relating to a particular asset and controls for that asset
Activation
Operational Test
Risk Assessment
Rootkit
10. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.
File Shadowing
Data Hiding
Authentic
Emergency
11. Memory management technique which allows data to be moved from one memory address to another
Relocation
Plaintext
Business Recovery Team
Blackout
12. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Authentication
Checklist Test (desk check)
Modification
Recovery Point Objective (RPO)
13. Narrow scope examination of a system
Targeted Testing
Sharing
File Level Deletion
Cold Site
14. An asymmetric cryptography mechanism that provides authentication.
Orange Book C2 Classification
Bumping
Digital Signature
Detection
15. Natural occurrence in circuits that are in close proximity
Interference (Noise)
Cross Certification
Compiler
Criminal Law
16. Information about data or records
Disaster Recovery Plan
Data Leakage
Botnet
Metadata
17. Reprogrammable basic startup instructions
Hash Function
Change Control
Firmware
Consistency
18. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Deleted File
Labeling
Application Programming Interface
Quantitative
19. Weak evidence
Key Management
Forward Recovery
ISO/IEC 27001
Hearsay
20. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Recovery Point Objective (RPO)
Dictionary Attack
Acronym for American Standard Code for Information Interchange (ASCII)
Maximum Tolerable Downtime (MTD)
21. Malware that subverts the detective controls of an operating system
Database Replication
Journaling
Rootkit
Bollard
22. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
Copyright
Alternate Site
The ACID Test
Accurate
23. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Operational Impact Analysis
Mirrored Site
On-Site
Integrated Test
24. A template for the designing the architecture
Access Control Attacks
Security Blueprint
Strong Authentication
Directive
25. Trading one for another
Protection
Substitution
Certification Authority
Least Privilege
26. A copy of transaction data - designed for querying and reporting
False Attack Stimulus
Data Warehouse
Executive Succession
File Extension
27. Granular decision by a system of permitting or denying access to a particular resource on the system
Chain Of Custody
Custodian
Key Escrow
Authorization
28. People protect their domain
Control
Capability Tables
Information Technology Security Evaluation Criteria - ITSEC
Territoriality
29. Planning with a goal of returning to the normal business function
Business Interruption
Emanations
Restoration
Spyware
30. Line noise that is superimposed on the supply circuit.
Electrostatic Discharge
Hard Disk
Shift Cipher (Caesar)
Transients
31. A covert storage channel on the file attribute
Log
Evidence
ff Site
Alternate Data Streams (File System Forks)
32. Unsolicited advertising software
Failure Modes and Effect Analysis (FEMA)
Non-Repudiation
TNI (Red Book)
Adware
33. To collect many small pieces of data
Aggregation
Asymmetric
Cryptanalysis
Checkpoint
34. One entity with two competing allegiances
Double Blind Testing
Prevention
Record Level Deletion
Conflict Of Interest
35. Identification and notification of an unauthorized and/or undesired action
Detection
Proxies
Routers
Lattice
36. High degree of visual control
Test Plan
Rollback
Buffer Overflow
Surveillance
37. Mediation of subject and object interactions
Protection
Access Control
Remote Journaling
Primary Storage
38. A database that contains the name - type - range of values - source and authorization for access for each data element
Security Domain
One Time Pad
Plan Maintenance Procedures
Data Dictionary
39. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Masquerading
Discretionary Access Control (DAC)
Civil Law
Binary
40. A record that must be preserved and available for retrieval if needed.
Lattice
Alternate Data Streams (File System Forks)
System Life Cycle
Vital Record
41. Firewalls - encryption - and access control lists
Examples of technical security components
Detection
Cryptanalysis
Payload
42. To start business continuity processes
Activation
Orange Book B1 Classification
Object Oriented Programming (OOP)
Database Shadowing
43. A system that enforces an access control policy between two networks.
Encapsulation
Fragmented Data
Alert/Alarm
Firewalls
44. Those who initiate the attack
Compression
Switches
Analysis
Threat Agent
45. For PKI - decertify an entities certificate
Encapsulation
Access Control Lists
Revocation
ITSEC
46. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
MOM
Data Integrity
Containment
Non-Discretionary Access Control
47. High level design or model with a goal of consistency - integrity - and balance
Databases
Data Marts
Cold Site
Architecture
48. Summary of a communication for the purpose of integrity
Message Digest
Wireless Fidelity (Wi-Fi )
Plan Maintenance Procedures
Kerberos
49. A structured group of teams ready to take control of the recovery operations if a disaster should occur.
Chain of Custody
Examples of technical security components
Disaster Recovery Teams (Business Recovery Teams)
Countermeasure
50. The technical and risk assesment of a system within the context of the operating environment
Content Dependent Access Control
Message Digest
UPS
Certification
