SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Encryption
SYN Flooding
Database Replication
UPS
2. A basic level of network access control that is based upon information contained in the IP packet header.
Substitution
Disaster Recovery Teams (Business Recovery Teams)
Packet Filtering
Analysis
3. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
Forward Recovery
Masquerading
Concentrator
Safeguard
4. A legal enforceable agreement between: two people - two organizations - a person and an organization.
Digital Signature
Tort
Administrative Access Controls
Access Control Attacks
5. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
IP Fragmentation
Data Dictionary
Concentrator
Critical Infrastructure
6. Define the way in which the organization operates.
Proprietary
Near Site
Fire Classes
Education
7. Event(s) that cause harm
Botnet
Protection
Business Records
Incident
8. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.
Examples of technical security components
Deleted File
Storage Area Network (SAN)
Recovery Point Objective (RPO)
9. A layer 2 device that used to connect two or more network segments and regulate traffic.
Switches
Due Care
Centralized Access Control Technologies
Information Technology Security Evaluation Criteria - ITSEC
10. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Reciprocal Agreement
Remanence
Network Attached Storage (NAS)
Standard
11. Sphere of influence
Domain
Replication
IP Fragmentation
Electronic Vaulting
12. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
Binary
Threads
Exposure
File Extension
13. The core logic engine of an operating system which almost never changes
Layering
Kernel
Microwave
Coaxial Cable
14. A distributed system's transaction control that requires updates to complete or rollback
Patch Management
2-Phase Commit
Total Risk
Electronic Vaulting
15. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.
Masquerading
Compression
Business Interruption Insurance
TCSEC (Orange Book)
16. High degree of visual control
Surveillance
Security Clearance
Data Backups
Teardrop
17. Return to a normal state
Checklist Test (desk check)
Tactical
Failure Modes and Effect Analysis (FEMA)
Recovery
18. Requirement to take time off
Residual Data
Mandatory Vacations
Deterrent
Teardrop
19. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
Non-Discretionary Access Control
TCSEC (Orange Book)
Access Control Lists
Crisis
20. A backup type - for databases at a point in time
Patch Management
Critical Records
Trade Secret
Shadowing (file shadowing)
21. Momentary loss of power
Parallel Test
Fault
Overlapping Fragment Attack
Key Clustering
22. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Keyed-Hashing For Message Authentication
Bridge
Cookie
Initialization Vector
23. To jump to a conclusion
Proprietary
CPU Cache
Inference
Open Mail Relay Servers
24. Long term knowledge building
Kerberos
Education
Stopped
Identification
25. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Reference Monitor
Activation
State Machine Model
Fault
26. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.
Kernel
Legacy Data
Authentic
Off-Site Storage
27. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Data Dictionary
Substitution
Quantitative Risk Analysis
Site Policy Awareness
28. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Plain Text
Technical Access Controls
Substitution
Metadata
29. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
Primary Storage
Plaintext
Legacy Data
Key Clustering
30. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Trade Secret
Digital Signature
Data Backup Strategies
Keyed-Hashing For Message Authentication
31. Moving the alphabet intact a certain number spaces
Shift Cipher (Caesar)
TCSEC (Orange Book)
Dangling Pointer
Workaround Procedures
32. Prolonged loss of commercial power
Blackout
Trojan Horse
Teardrop
Intrusion Detection Systems
33. Autonomous malware that requires a flaw in a service
HTTP Response Splitting
Recovery Period
Worm
Criminal Law
34. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Cookie
Modification
Exposure
Worm
35. A template for the designing the architecture
Alternate Data Streams (File System Forks)
Security Blueprint
Parallel Test
Trademark
36. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Recovery Period
Redundant Array Of Independent Drives (RAID)
Record Level Deletion
Wait
37. To know more than one job
Recovery
Orange Book B1 Classification
Cross Training
Directive
38. A unit of execution
Patch Management
Near Site
Threads
High-Risk Areas
39. Regular operations are stopped and where processing is moved to the alternate site.
Operational Test
Full-Interruption test
Method
Relocation
40. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
Data Custodian
Ring Protection
SQL Injection
Evidence
41. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Concentrator
Double Blind Testing
Incident Handling
Modification
42. All of the protection mechanism in a computer system
Malformed Input
Trusted Computing Base
Physical Tampering
Firmware
43. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Cryptology
Test Plan
Security Kernel
Brownout
44. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Business Continuity Steering Committee
ISO/IEC 27001
Acronym for American Standard Code for Information Interchange (ASCII)
Damage Assessment
45. A process state - to be either be unable to run waiting for an external event or terminated
Stopped
Brouter
Key Clustering
Risk Assessment
46. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Pervasive Computing and Mobile Computing Devices
CPU Cache
Containment
Orange Book B1 Classification
47. A documented battle plan for coordinating response to incidents.
Replication
Incident Handling
Hijacking
Processes are Isolated By
48. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Simulation
Trojan Horse
Top Secret
Layering
49. Intellectual property protection for an confidential and critical process
Shadowing (file shadowing)
Quantitative Risk Analysis
Trade Secret
Archival Data
50. Can be statistical (monitor behavior) or signature based (watch for known attacks)
IDS Intrusion Detection System
Digital Signature
Atomicity
ISO/IEC 27001