SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Written internalized or nationalized norms that are internal to an organization
Standard
Discretionary
Maximum Tolerable Downtime (MTD)
Machine Language (Machine Code)
2. To start business continuity processes
Checkpoint
Activation
Computer System Evidence
Discretionary
3. Prolonged loss of commercial power
Data Integrity
Blackout
Storage Area Network (SAN)
Separation Of Duties
4. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Protection
Business Continuity Program
Permutation /Transposition
Data Owner
5. The problems solving state - the opposite of supervisor mode
Routers
User Mode (problem or program state)
Race Condition
Processes are Isolated By
6. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
Integrated Test
TEMPEST
Encipher
System Life Cycle
7. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept
Ring Protection
Simulation Test
Operating
Backup
8. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Basics Of Secure Design
Declaration
Patch Management
Containment
9. To execute more than one instruction at an instant in time
Multi-Processing
Due Care
Fault
Integrated Test
10. Pertaining to law - high degree of veracity
Access Control Attacks
Admissible
Electronic Vaulting
Accurate
11. Forging of an IP address.
Need-To-Know
IP Address Spoofing
Monitor
Physical Tampering
12. For PKI - to store another copy of a key
Elements of Negligence
Key Escrow
Plan Maintenance Procedures
Non-Discretionary Access Control
13. Mitigation of system or component loss or interruption through use of backup capability.
Orange Book B2 Classification
Sharing
Fault Tolerance
Incident
14. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Internal Use Only
Top Secret
Business Continuity Planning (BCP)
Faraday Cage/ Shield
15. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
SYN Flooding
Cross-Site Scripting
Pervasive Computing and Mobile Computing Devices
Voice Over IP (VOIP)
16. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.
Information Technology Security Evaluation Criteria - ITSEC
On-Site
Electronic Vaulting
Certificate Revocation List (CRL)
17. Uncheck data input which results in redirection
Administrative Laws
HTTP Response Splitting
Databases
2-Phase Commit
18. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Orange Book A Classification
Recovery Point Objective (RPO)
Data Integrity
Public Key Infrastructure (PKI)
19. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Discretionary
Security Domain
Data Integrity
SYN Flooding
20. Line noise that is superimposed on the supply circuit.
Man-In-The-Middle Attack
Transients
Capability Tables
Simulation Test
21. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Business Impact Analysis
Analysis
Payload
Mixed Law System
22. A mathematical tool for verifying no unintentional changes have been made
System Life Cycle
CPU Cache
Disk Mirroring
Checksum
23. Can be statistical (monitor behavior) or signature based (watch for known attacks)
The ACID Test
Identification
IDS Intrusion Detection System
Parallel Test
24. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Picking
Overlapping Fragment Attack
Discretionary Access Control (DAC)
Network Attached Storage (NAS)
25. To load the first piece of software that starts a computer.
Boot (V.)
Satellite
Relocation
Ring Protection
26. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
Birthday Attack
Source Routing Exploitation
Gateway
Denial Of Service
27. High level design or model with a goal of consistency - integrity - and balance
Architecture
Off-Site Storage
Slack Space
Durability
28. Used to code/decode a digital data stream.
Business Continuity Planning (BCP)
Orange Book C Classification
Codec
Domain
29. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Risk Assessment / Analysis
Intrusion Prevention Systems
Denial Of Service
Coaxial Cable
30. An availability attack - to consume resources to the point of exhaustion
Denial Of Service
Full Test (Full Interruption)
Business Interruption
Encryption
31. An alert or alarm that is triggered when no actual attack has taken place
False (False Positive)
Overlapping Fragment Attack
Investigation
Orange Book C Classification
32. People who interact with assets
File Extension
ISO/IEC 27001
Business Interruption
User
33. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
Shadowing (file shadowing)
Data Dictionary
Network Attached Storage (NAS)
TCSEC (Orange Book)
34. Converts source code to an executable
Redundant Array Of Independent Drives (RAID)
Compiler
Generator
Hearsay
35. Renders the record inaccessible to the database management system
Elements of Negligence
Record Level Deletion
Operational
Patch Management
36. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Non-Repudiation
Worldwide Interoperability for Microwave Access (WI-MAX )
Crisis
Aggregation
37. Recording activities at the keyboard level
On-Site
Salami
Integrated Test
Keystroke Logging
38. Owner directed mediation of access
Virus
Threads
Discretionary
Simulation Test
39. Natural occurrence in circuits that are in close proximity
Interference (Noise)
Targeted Testing
Brute Force
Bit
40. Tool which mediates access
Control
Method
Storage Area Network (SAN)
Cryptology
41. A planned or unplanned interruption in system availability.
Security Kernel
System Downtime
Multi-Processor
Near Site
42. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
Gateway
Class
Encapsulation
Public Key Infrastructure (PKI)
43. Controls deployed to avert unauthorized and/or undesired actions.
Embedded
Prevention
Active Data
Electronic Vaulting
44. Is secondhand and usually not admissible in court
Chain of Custody
Cache
Hearsay Evidence
Virtual Memory
45. To smooth out reductions or increases in power
UPS
Control Type
Contingency Plan
Keystroke Logging
46. Code breaking - practice of defeating the protective properties of cryptography.
Cryptanalysis
Switches
Accurate
Data Backup Strategies
47. More than one CPU on a single board
Domain
Multi-Core
Cryptography
Asymmetric
48. Pertaining to law - lending it self to one side of an argument
Botnet
Convincing
Byte Level Deletion
Steganography
49. A process state - to be either be unable to run waiting for an external event or terminated
Aggregation
Stopped
Incident Response Team
Repeaters
50. OOP concept of an object at runtime
Transfer
Log
Authentication
Instance