SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The core logic engine of an operating system which almost never changes
Man-In-The-Middle Attack
Kernel
Key Clustering
Threat Agent
2. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
Residual Data
Data Backups
Satellite
Information Risk Management (IRM)
3. A temporary public file to inform others of a compromised digital certificate
Certificate Revocation List (CRL)
Operating
Qualitative
Class
4. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.
Business Continuity Program
Standalone Test
Call Tree
Risk Assessment
5. Subjects will not interact with each other's objects
Non-Interference
Vulnerability
File
Damage Assessment
6. Dedicated fast memory located on the same board as the CPU
CPU Cache
Fragmented Data
MOM
Due Care
7. A hash that has been further encrypted with a symmetric algorithm
Electronic Vaulting
Keyed-Hashing For Message Authentication
Radio Frequency Interference (RFI)
Trojan Horse
8. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.
Administrative Laws
System Life Cycle
Consistency
TEMPEST
9. Employment education done once per position or at significant change of function
Emergency Operations Center (EOC)
Emanations
Job Training
3 Types of harm Addressed in computer crime laws
10. Encryption system using a pair of mathematically related unequal keys
Moore's Law
Intrusion Prevention Systems
Asymmetric
Denial Of Service
11. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
ISO/IEC 27001
Education
Fire Detection
Cryptography
12. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
Database Replication
Embedded Systems
Multi-Tasking
Virtual Memory
13. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
Electronic Vaulting
Boot (V.)
Internal Use Only
ITSEC
14. What is will remain - persistence
Tactical
Control Type
Durability
Ring Protection
15. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
Full Test (Full Interruption)
Concatenation
Criminal Law
Job Training
16. To stop damage from spreading
Containment
Degauss
SQL Injection
Hub
17. To break a business process into separate functions and assign to different people
Common Criteria
Chain of Custody
Business Unit Recovery
Separation Of Duties
18. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Birthday Attack
Keystroke Logging
Overlapping Fragment Attack
Multiplexers
19. A structured group of teams ready to take control of the recovery operations if a disaster should occur.
Debriefing/Feedback
Polymorphism
Disaster Recovery Teams (Business Recovery Teams)
Surveillance
20. Code breaking - practice of defeating the protective properties of cryptography.
Cryptanalysis
Sag/Dip
Multi-Processor
Digital Signature
21. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept
Ring Protection
Running Key
Primary Storage
Slack Space
22. Something that happened
Event
Classification Scheme
Locard's Principle
Embedded
23. A distributed system's transaction control that requires updates to complete or rollback
2-Phase Commit
Masked/Interruptible
Detection
Business Continuity Program
24. A unit of execution
Threads
SYN Flooding
Authentic
Coaxial Cable
25. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Double Blind Testing
Hot Spares
Twisted Pair
Identification
26. Computing power will double every 18 months
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
27. Total number of keys available that may be selected by the user of a cryptosystem
Mirroring
Information Technology Security Evaluation Criteria - ITSEC
Key Space
Quantitative
28. Controls deployed to avert unauthorized and/or undesired actions.
Residual Risk
Highly Confidential
Prevention
Asymmetric
29. Mitigation of system or component loss or interruption through use of backup capability.
Parallel Test
Fault Tolerance
Residual Data
Data Marts
30. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
Adware
MOM
Algorithm
Entrapment
31. Substitution at the word or phrase level
Tort
Code
Protection
Wireless Fidelity (Wi-Fi )
32. Mediation of subject and object interactions
Access Control
Resumption
Multilevel Security System
Mandatory
33. A backup of data located where staff can gain access readily and a localized disaster will not cause harm
Near Site
Information Owner
Trojan Horse
Voice Over IP (VOIP)
34. Requirement of access to data for a clearly defined purpose
Safeguard
Need-To-Know
Active Data
Mitigate
35. Periodic - automatic and transparent backup of data in bulk.
Electronic Vaulting
Mission-Critical Application
Restoration
Inference
36. The one person responsible for data - its classification and control setting
Bridge
Security Clearance
Information Owner
Wait
37. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Information Technology Security Evaluation Criteria - ITSEC
Shielding
Recovery
Worm
38. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Targeted Testing
Business Continuity Planning (BCP)
IP Fragmentation
Capability Tables
39. Creation distribution update and deletion
Encryption
Key Management
Intrusion Detection Systems
Sampling
40. Disruption of operation of an electronic device due to a competing electromagnetic field.
Classification Scheme
Legacy Data
Redundant Servers
EMI
41. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Job Rotation
Adware
Critical Records
Atomicity
42. Recognition of an individual's assertion of identity.
Orange Book B2 Classification
Orange Book B1 Classification
Identification
Fire Classes
43. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Test Plan
Disaster
False Attack Stimulus
Safeguard
44. Guidelines within an organization that control the rules and configurations of an IDS
Routers
Site Policy
Gateway
File Server
45. To segregate for the purposes of labeling
Orange Book A Classification
Compartmentalize
Fire Classes
Microwave
46. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
On-Site
Interference (Noise)
Integrated Test
Microwave
47. Long term knowledge building
Access Control Matrix
Data Owner
Education
Ring Protection
48. Memory management technique that allows two processes to run concurrently without interaction
Protection
War Dialing
System Downtime
Disaster Recovery Tape
49. Two certificate authorities that trust each other
Spyware
Cross Certification
Emergency Procedures
Modification
50. Unchecked data which spills into another location in memory
Buffer Overflow
Instance
Compartmentalize
Double Blind Testing