SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Responsibility for actions
Databases
False Attack Stimulus
Ethics
Liability
2. Object based description of a single resource and the permission each subject
Stopped
Access Control Lists
Copyright
Adware
3. Organization way of classifying data by factors such as criticality - sensitivity and ownership.
Distributed Processing
Classification Scheme
Remote Journaling
Twisted Pair
4. Mitigation of system or component loss or interruption through use of backup capability.
Change Control
ISO/IEC 27002
Fault Tolerance
Workaround Procedures
5. Record history of incident
Multilevel Security System
Tracking
MOM
Mixed Law System
6. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Embedded
Residual Risk
War Dialing
Deterrent
7. To set the clearance of a subject or the classification of an object
Labeling
Integrated Test
Risk Assessment / Analysis
Multi-Party Control
8. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Metadata
Test Plan
Twisted Pair
Business Records
9. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Shadowing (file shadowing)
TNI (Red Book)
Interception
Brute Force
10. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.
Maximum Tolerable Downtime (MTD)
Civil Or Code Law
Disk Mirroring
Data Backups
11. Tool which mediates access
Bumping
Security Blueprint
Control
Hash Function
12. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Key Clustering
Business Continuity Steering Committee
Quantitative Risk Analysis
Operational
13. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Common Law
Business Continuity Planning (BCP)
Sniffing
Life Cycle of Evidence
14. To smooth out reductions or increases in power
Polymorphism
Prevention
Common Criteria
UPS
15. Small data warehouse
Data Marts
Code
Exercise
Layering
16. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
False Attack Stimulus
Pervasive Computing and Mobile Computing Devices
Sharing
Fiber Optics
17. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
Content Dependent Access Control
Administrative Laws
ISO/IEC 27001
Surge Suppressor
18. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
ISO/IEC 27002
Accountability
Degauss
Contact List
19. Subject based description of a system or a collection of resources
Orange Book B1 Classification
Total Risk
Capability Tables
Data Dictionary
20. An availability attack - to consume resources to the point of exhaustion
Risk Assessment
Masquerading
Denial Of Service
Wait
21. False memory reference
Business Records
Teardrop
Dangling Pointer
3 Types of harm Addressed in computer crime laws
22. Intellectual property protection for an invention
Access Point
File Server
Adware
Patent
23. Using small special tools all tumblers of the lock are aligned - opening the door
ISO/IEC 27001
Forensic Copy
Picking
Control Category
24. A programming design concept which abstracts one set of functions from another in a serialized fashion
Trademark
Layering
Recovery Point Objective (RPO)
Recovery
25. A physical enclosure for verifying identity before entry to a facility
Database Replication
Analysis
Mantrap (Double Door System)
Proprietary
26. Record of system activity - which provides for monitoring and detection.
Log
Remote Access Trojan
Substitution
Cryptology
27. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
Surge
Emergency
Running
Disaster Recovery Plan
28. Provides a physical cross connect point for devices.
Strategic
Strong Authentication
Crisis
Patch Panels
29. Uncheck data input which results in redirection
HTTP Response Splitting
Triage
Key Management
Common Law
30. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
Legacy Data
Control Type
Preemptive
Capability Tables
31. A covert storage channel on the file attribute
Alternate Data Streams (File System Forks)
Proxies
Metadata
Confidence Value
32. To evaluate the current situation and make basic decisions as to what to do
Triage
Fault Tolerance
SYN Flooding
Mobile Recovery
33. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Open Mail Relay Servers
Disaster Recovery Tape
Operational Exercise
Accreditation
34. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Alternate Site
Residual Risk
Non-Discretionary Access Control
Databases
35. More than one processor sharing same memory - also know as parallel systems
Contingency Plan
Multi-Processor
Job Training
Attacker (Black hat - Hacker)
36. Malware that subverts the detective controls of an operating system
Orange Book B2 Classification
Declaration
Walk Though
Rootkit
37. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Workaround Procedures
Code
Payload
Multi-Core
38. To start business continuity processes
Masquerading
Eavesdropping
Activation
File Extension
39. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Mobile Site
Common Criteria
Process Isolation
TIFF (Tagged Image File Format)
40. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Surveillance
2-Phase Commit
Blind Testing
Discretionary Access Control (DAC)
41. Creation distribution update and deletion
Restoration
Key Management
Technical Access Controls
Hacker
42. A failure of an IDS to detect an actual attack
Recovery
Authentic
True Attack Stimulus
False Negative
43. Written core statements that rarely change
Risk Mitigation
Policy
Source Routing Exploitation
Collisions
44. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Databases
Civil Law
Remote Access Trojan
Identification
45. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
TNI (Red Book)
Botnet
Network Attached Storage (NAS)
Technical Access Controls
46. Used to code/decode a digital data stream.
Exercise
Disaster Recovery Teams (Business Recovery Teams)
Codec
Quantitative Risk Analysis
47. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.
Risk
Masked/Interruptible
Bit
Business Recovery Team
48. A computer designed for the purpose of studying adversaries
File Level Deletion
Honeypot
Brouter
Running
49. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Discretionary Access Control (DAC)
Copyright
Residual Risk
Phishing
50. A temporary public file to inform others of a compromised digital certificate
Certificate Revocation List (CRL)
Certification
Incident Response
Copyright