SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Identification and notification of an unauthorized and/or undesired action
Virus
Detection
Recovery Time Objectives
E-Mail Spoofing
2. Evidence must be: admissible - authentic - complete - accurate - and convincing
5 Rules Of Evidence
Attacker (Black hat - Hacker)
Metadata
Risk Assessment
3. A type a computer memory that temporarily stores frequently used information for quick access.
Log
Cache
Noise
Parallel Test
4. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
Vital Record
Investigation
Public Key Infrastructure (PKI)
Operational Exercise
5. Record history of incident
Work Factor
Operational Impact Analysis
SQL Injection
Tracking
6. Something that happened
Notification
Digital Signature
Data Backup Strategies
Event
7. Lower frequency noise
Off-Site Storage
ISO/IEC 27002
Brute Force
Radio Frequency Interference (RFI)
8. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Highly Confidential
Object Reuse
Alarm Filtering
Smurf
9. Forgery of the sender's email address in an email header.
Preemptive
E-Mail Spoofing
Algorithm
3 Types of harm Addressed in computer crime laws
10. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
CobiT
Hacker
Object Oriented Programming (OOP)
Multi-Party Control
11. Unchecked data which spills into another location in memory
Governance
Workaround Procedures
Buffer Overflow
MOM
12. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Blind Testing
ISO/IEC 27002
Data Recovery
Simulation
13. A failure of an IDS to detect an actual attack
Proxies
Data Integrity
False Negative
Multi-Core
14. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Assembler
War Driving
Uninterruptible Power Supply (UPS)
Total Risk
15. High level - pertaining to planning
Strategic
Denial Of Service
Structured Walk-Through Test
Strong Authentication
16. Only the key protects the encrypted information
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
17. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance
Multi-Tasking
Redundant Array Of Independent Drives (RAID)
Alert
Remote Journaling
18. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.
Architecture
Data Leakage
Orange Book B2 Classification
Control
19. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
ISO/IEC 27002
Workaround Procedures
Database Shadowing
System Downtime
20. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Critical Records
Computer Forensics
Orange Book C2 Classification
Enticement
21. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Transfer
Quantitative Risk Analysis
Governance
5 Rules Of Evidence
22. Methodical research of an incident with the purpose of finding the root cause
Separation Of Duties
Side Channel Attack
Compression
Investigation
23. Long term knowledge building
Accurate
Education
File
Access Control Lists
24. Line by line translation from a high level language to machine code
Electrostatic Discharge
Triage
Interpreter
Deterrent
25. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur
Notification
Debriefing/Feedback
Cross Training
Failure Modes and Effect Analysis (FEMA)
26. Responsibility for actions
Non-Interference
Liability
Digital Signature
Recovery Point Objective (RPO)
27. Review of data
Technical Access Controls
Top Secret
Analysis
Dangling Pointer
28. What is will remain - persistence
Incident Handling
Domain
Durability
Access Control Lists
29. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
Ring Protection
Primary Storage
BCP Testing Drills and Exercises
SQL Injection
30. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Fragmented Data
Redundant Array Of Independent Drives (RAID)
Discretionary Access Control (DAC)
Isolation
31. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Workaround Procedures
Encipher
Microwave
Multilevel Security System
32. A shield against leakage of electromagnetic signals.
Shift Cipher (Caesar)
Burn
Disaster
Faraday Cage/ Shield
33. A layer 3 device that used to connect two or more network segments and regulate traffic.
Routers
Quantitative
E-Mail Spoofing
File Extension
34. Act of scrambling the cleartext message by using a key.
Pervasive Computing and Mobile Computing Devices
Fiber Optics
Encipher
Desk Check Test
35. To collect many small pieces of data
Prevention
Detection
Aggregation
Primary Storage
36. Of a system without prior knowledge by the tester or the tested
Declaration
Resumption
Rollback
Double Blind Testing
37. A collection of information designed to reduce duplication and increase integrity
Moore's Law
Analysis
Databases
Business Records
38. DoS - Spoofing - dictionary - brute force - wardialing
Surge
Access Control Attacks
Surveillance
Plan Maintenance Procedures
39. Memory management technique that allows two processes to run concurrently without interaction
CobiT
Protection
Surveillance
Standalone Test
40. The level and label given to an individual for the purpose of compartmentalization
TEMPEST
Security Clearance
Enticement
Mantrap (Double Door System)
41. Deals with discretionary protection
Classification Scheme
Orange Book C Classification
Business Unit Recovery
Computer System Evidence
42. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Teardrop
Administrative Laws
Business Recovery Timeline
Information Risk Management (IRM)
43. Organization way of classifying data by factors such as criticality - sensitivity and ownership.
Hard Disk
Intrusion Detection Systems
Walk Though
Classification Scheme
44. A covert storage channel on the file attribute
Maximum Tolerable Downtime (MTD)
Application Programming Interface
Alternate Data Streams (File System Forks)
Residual Data
45. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Bit
Voice Over IP (VOIP)
SYN Flooding
Deterrent
46. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Proxies
Object Oriented Programming (OOP)
Byte Level Deletion
Journaling
47. An event which stops business from continuing.
Disaster
Operational
Copyright
System Life Cycle
48. Location where coordination and execution of BCP or DRP is directed
Infrastructure
Threats
Emergency Operations Center (EOC)
Walk Though
49. Maximum tolerance for loss of certain business function - basis of strategy
Initialization Vector
Permutation /Transposition
Recovery Time Objectives
Inrush Current
50. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Fire Prevention
Due Care
File
Forensic Copy