SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
Code
Data Backups
Object Reuse
Threads
2. Using many alphabets
Fire Prevention
Job Rotation
Polyalphabetic
Orange Book B1 Classification
3. A Denial of Service attack that floods the target system with connection requests that are not finalized.
File Shadowing
Access Control Lists
SYN Flooding
5 Rules Of Evidence
4. A control after attack
Operational Impact Analysis
Countermeasure
Trojan Horse
Object
5. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Desk Check Test
Examples of technical security components
Damage Assessment
Capability Tables
6. OOP concept of a template that consist of attributes and behaviors
File
Class
Generator
Spiral
7. Potential danger to information or systems
Incident Handling
Identification
Microwave
Threats
8. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
System Downtime
Remanence
Memory Management
Atomicity
9. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Virus
Reference Monitor
Cache
Orange Book B2 Classification
10. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Threats
Information Owner
Access Control
Change Control
11. RADIUS - TACACS+ - Diameter
File Level Deletion
Centralized Access Control Technologies
Polyalphabetic
Authentication
12. To move from location to location - keeping the same function
Smurf
Keystroke Logging
Job Rotation
Interception
13. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Simulation
Internal Use Only
Copyright
Time Of Check/Time Of Use
14. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Centralized Access Control Technologies
Cross-Site Scripting
Qualitative
Operational Exercise
15. A shield against leakage of electromagnetic signals.
Worm
Faraday Cage/ Shield
Mock Disaster
Operating
16. Act of scrambling the cleartext message by using a key.
Electromagnetic Interference (EMI)
Control Type
Operational Impact Analysis
Encipher
17. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Quantitative Risk Analysis
Workaround Procedures
Compression
Business Records
18. Try a list of words in passwords or encryption keys
Tort
Dictionary Attack
Non-Repudiation
Data Owner
19. An asymmetric cryptography mechanism that provides authentication.
Business Records
Targeted Testing
Digital Signature
Vulnerability
20. Unauthorized wireless network access device.
Backup
Rogue Access Points
Binary
IDS Intrusion Detection System
21. A program that waits for a condition or time to occur that executes an inappropriate activity
Enticement
Infrastructure
Examples of non-technical security components
Logic Bomb
22. To break a business process into separate functions and assign to different people
Separation Of Duties
Criminal Law
Business Impact Analysis
Recovery Time Objectives
23. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.
Exposure
Polyalphabetic
Pointer
Intrusion Detection Systems
24. OOP concept of a taking attributes from the original or parent
Assembler
Contact List
Custodian
Inheritance
25. Event(s) that cause harm
Standard
Brute Force
Incident
Permutation /Transposition
26. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress
Debriefing/Feedback
Containment
Checksum
True Attack Stimulus
27. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Backup
Transfer
Recovery Strategy
Interception
28. Physical description on the exterior of an object that communicates the existence of a label
TCSEC (Orange Book)
Marking
Service Bureau
Switches
29. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components
Mirrored Site
Damage Assessment
Central Processing Unit (CPU)
Masked/Interruptible
30. Computing power will double every 18 months
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
31. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Sharing
Parallel Test
Overlapping Fragment Attack
Site Policy Awareness
32. Claiming another's identity at a physical level
Labeling
Remote Journaling
Masquerading
UPS
33. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Keystroke Logging
Failure Modes and Effect Analysis (FEMA)
Non-Discretionary Access Control
Simulation Test
34. Subset of operating systems components dedicated to protection mechanisms
TNI (Red Book)
Security Kernel
Boot (V.)
Business Recovery Team
35. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
Computer System Evidence
Data Marts
Database Replication
Firewalls
36. Subject based description of a system or a collection of resources
Capability Tables
Database Shadowing
Classification
Electronic Vaulting
37. Code making
Cryptography
Countermeasure
File Server
Integrated Test
38. Interception of a communication session by an attacker.
Hijacking
Trademark
Countermeasure
Spyware
39. Inappropriate data
Proxies
Record Level Deletion
Administrative Law
Malformed Input
40. Pertaining to law - high degree of veracity
War Driving
Disaster Recovery Tape
Inheritance
Accurate
41. Most granular organization of controls
Business Unit Recovery
Computer Forensics
Deleted File
Control Category
42. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.
Ethics
Fragmented Data
Concentrator
File Server
43. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Binary
Administrative
Information Owner
Microwave
44. Autonomous malware that requires a flaw in a service
Chain Of Custody
Worm
Trade Secret
Incident Manager
45. Requirement to take time off
Mandatory Vacations
Burn
User Mode (problem or program state)
Tracking
46. Policy or stated actions
Network Attached Storage (NAS)
Due Care
Multi-Tasking
Noise
47. An event which stops business from continuing.
Interference (Noise)
Hot Spares
Alternate Data Streams (File System Forks)
Disaster
48. Unused storage capacity
Alternate Site
Bumping
Operational
Slack Space
49. Quantity of risk remaining after a control is applied
Quantitative Risk Analysis
Residual Risk
Inrush Current
Hard Disk
50. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Injection
Recovery
Threats
Recovery Strategy