SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. System of law based upon what is good for society
Civil Or Code Law
Hot Spares
Buffer Overflow
Forensic Copy
2. A process state - (blocked) needing input before continuing
Alternate Site
Key Management
Damage Assessment
Wait
3. To stop damage from spreading
Masked/Interruptible
Mobile Recovery
Containment
Database Shadowing
4. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
Analysis
Fire Prevention
Confidence Value
Encapsulation
5. Narrow scope examination of a system
Targeted Testing
One Time Pad
Checkpoint
Information Risk Management (IRM)
6. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.
Information Technology Security Evaluation Criteria - ITSEC
Interpreter
Threats
Restoration
7. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Noise
Asymmetric
Administrative
Open Mail Relay Servers
8. A control before attack
Safeguard
Full Test (Full Interruption)
Separation Of Duties
Multi-Processing
9. Reduces causes of fire
Fire Prevention
Classification
Shadowing (file shadowing)
Proprietary
10. Control category- to record an adversary's actions
Recovery
Detective
Architecture
Accreditation
11. Joining two pieces of text
Backup
Analysis
DR Or BC Coordinator
Concatenation
12. Used to code/decode a digital data stream.
Public Key Infrastructure (PKI)
Examples of non-technical security components
Disaster Recovery Teams (Business Recovery Teams)
Codec
13. With enough computing power trying all possible combinations
Honeypot
Digital Certificate
Brute Force
Mission-Critical Application
14. Subjects will not interact with each other's objects
Trapdoors (Backdoors) (Maintenance Hooks)
Quantitative Risk Analysis
CPU Cache
Non-Interference
15. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?
Checklist Test (desk check)
Legacy Data
Chain Of Custody
Fragmented Data
16. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
Memory Management
Gateway
Custodian
Alert/Alarm
17. A secure connection to another network.
Entrapment
Gateway
Payload
Distributed Denial Of Service
18. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.
Electronic Vaulting
War Driving
Multiplexers
Certificate Revocation List (CRL)
19. Firewalls - encryption - and access control lists
Examples of technical security components
IP Fragmentation
Keyed-Hashing For Message Authentication
ISO/IEC 27001
20. Memory - RAM
Cookie
Primary Storage
Integrated Test
Gateway
21. Mitigate damage by isolating compromised systems from the network.
Alert/Alarm
Containment
Exposure
Common Law
22. Controls for logging and alerting
Business Recovery Timeline
Shielding
Intrusion Detection Systems
System Life Cycle
23. Written core statements that rarely change
Policy
Incident
Key Space
Risk Assessment / Analysis
24. Less granular organization of controls -
Picking
Key Space
Control Type
Recovery Strategy
25. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Reference Monitor
Kernel
Data Dictionary
Injection
26. System mediation of access with the focus on the context of the request
Byte Level Deletion
Containment
Honeypot
Content Dependent Access Control
27. Induces a crime - tricks a person - and is illegal
Central Processing Unit (CPU)
User Mode (problem or program state)
Checkpoint
Entrapment
28. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Disaster
Recovery Period
Standalone Test
Fire Suppression
29. Independent malware that requires user interaction to execute
Cache
Virus
Workaround Procedures
Standalone Test
30. A program that waits for a condition or time to occur that executes an inappropriate activity
Qualitative
Business Records
Data Warehouse
Logic Bomb
31. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.
Data Diddler
Separation Of Duties
Hijacking
Orange Book B2 Classification
32. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.
Surge Suppressor
Active Data
Strong Authentication
Recovery
33. Pertaining to law - lending it self to one side of an argument
Structured Walkthrough
Convincing
File
Sag/Dip
34. The event signaling an IDS to produce an alarm when no attack has taken place
Elements of Negligence
Checklist Test (desk check)
Compartmentalize
False Attack Stimulus
35. A running key using a random key that is never used again
IP Fragmentation
One Time Pad
Spam
Active Data
36. A disturbance that degrades performance of electronic devices and electronic communications.
Data Warehouse
Radio Frequency Interference (RFI)
Generator
Incident Manager
37. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data
Access Control
Byte Level Deletion
Full Test (Full Interruption)
Forensic Copy
38. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Atomicity
Non-Interference
Backup
Corrective
39. Location where coordination and execution of BCP or DRP is directed
Emergency Operations Center (EOC)
Teardrop
Class
Stopped
40. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services
Mirroring
Worm
Twisted Pair
Access Control Lists
41. A shield against leakage of electromagnetic signals.
Preemptive
War Driving
Faraday Cage/ Shield
Twisted Pair
42. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.
Journaling
Pointer
Orange Book D Classification
On-Site
43. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Top Secret
Salami
Remote Journaling
Sequence Attacks
44. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Quantitative Risk Analysis
Test Plan
Modification
Radio Frequency Interference (RFI)
45. Requirement to take time off
Standard
Total Risk
Mandatory Vacations
Man-In-The-Middle Attack
46. A electronic attestation of identity by a certificate authority
Accurate
Structured Walkthrough
Digital Certificate
Accreditation
47. A control after attack
Incident Manager
Countermeasure
Packet Filtering
Durability
48. Descrambling the encrypted message with the corresponding key
Compiler
Decipher
Complete
Data Dictionary
49. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.
Business Interruption Insurance
Tactical
Patent
Multi-Tasking
50. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
War Dialing
IP Fragmentation
Examples of technical security components
TCSEC (Orange Book)