SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Liability
Sag/Dip
CobiT
Collisions
2. A risk assessment method - measurable real money cost
Discretionary
IDS Intrusion Detection System
Life Cycle of Evidence
Quantitative
3. To set the clearance of a subject or the classification of an object
Operational Exercise
Labeling
Cryptography
Trade Secret
4. Responsibility for actions
Quantitative
Job Rotation
Liability
Change Control
5. Specific format of technical and physical controls that support the chosen framework and the architecture
System Life Cycle
Infrastructure
Mock Disaster
Convincing
6. Individuals and departments responsible for the storage and safeguarding of computerized data.
Data Custodian
Detective
Hearsay
Microwave
7. Unsolicited advertising software
Faraday Cage/ Shield
Ethics
Adware
Sag/Dip
8. High degree of visual control
Surveillance
Full Test (Full Interruption)
Recovery Period
Dangling Pointer
9. Consume resources to a point of exhaustion - loss of availability
EMI
Denial Of Service
Trusted Computing Base
Emergency Operations Center (EOC)
10. Recovery alternative which includes cold site and some equipment and infrastructure is available
Off-Site Storage
Packet Filtering
Key Space
Warm Site
11. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
Disk Mirroring
Metadata
MOM
Site Policy Awareness
12. A distributed system's transaction control that requires updates to complete or rollback
2-Phase Commit
Risk Mitigation
Cryptanalysis
Overlapping Fragment Attack
13. Memory management technique that allows two processes to run concurrently without interaction
Preemptive
User
Declaration
Protection
14. Try a list of words in passwords or encryption keys
Dictionary Attack
Chain of Custody
Identification
Evidence
15. OOP concept of a class's details to be hidden from object
Cache
Fragmented Data
Interference (Noise)
Encapsulation
16. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Phishing
Executive Succession
Coaxial Cable
Consistency
17. A legal enforceable agreement between: two people - two organizations - a person and an organization.
Business Interruption Insurance
Tort
Work Factor
Shielding
18. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Highly Confidential
Conflict Of Interest
Alert/Alarm
Masquerading
19. An event which stops business from continuing.
Workaround Procedures
Interpreter
Supervisor Mode (monitor - system - privileged)
Disaster
20. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.
Hacker
Fiber Optics
False Attack Stimulus
Data Dictionary
21. The technical and risk assesment of a system within the context of the operating environment
Dangling Pointer
Intrusion Detection Systems
TEMPEST
Certification
22. Information about a particular data set
Business Recovery Timeline
Metadata
Policy
Data Marts
23. Firewalls - encryption - and access control lists
Voice Over IP (VOIP)
Data Hiding
Examples of technical security components
Restoration
24. For PKI - decertify an entities certificate
Confidence Value
Hub
Certification
Revocation
25. Recording activities at the keyboard level
Restoration
Checklist Test
Public Key Infrastructure (PKI)
Keystroke Logging
26. All of the protection mechanism in a computer system
Trusted Computing Base
True Attack Stimulus
UPS
Access Control Attacks
27. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
Data Backups
Fault Tolerance
Forensic Copy
Convincing
28. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc
Masked/Interruptible
Detection
Critical Infrastructure
SYN Flooding
29. A electronic attestation of identity by a certificate authority
Compensating
Blind Testing
Digital Certificate
Tracking
30. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
TNI (Red Book)
Recovery Point Objective (RPO)
Process Isolation
Layering
31. Using many alphabets
Spam
Polyalphabetic
Voice Over IP (VOIP)
Database Shadowing
32. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
Non-Discretionary Access Control
Degauss
Surveillance
IP Address Spoofing
33. Deals with discretionary protection
Orange Book C Classification
Threats
Damage Assessment
Event
34. Uncheck data input which results in redirection
Failure Modes and Effect Analysis (FEMA)
Algorithm
HTTP Response Splitting
Degauss
35. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Cross Training
Call Tree
Recovery Period
Waterfall
36. The chance that something negative will occur
Locard's Principle
Risk
Mission-Critical Application
Code
37. Measures followed to restore critical functions following a security incident.
Mock Disaster
Recovery
EMI
Remote Journaling
38. Total number of keys available that may be selected by the user of a cryptosystem
Transients
Key Space
UPS
Intrusion Prevention Systems
39. A template for the designing the architecture
Buffer Overflow
Site Policy
Security Blueprint
Record Level Deletion
40. The partial or full duplication of data from a source database to one or more destination databases.
Due Diligence
Deletion
Database Replication
Public Key Infrastructure (PKI)
41. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Reciprocal Agreement
Rogue Access Points
Control Type
Cipher Text
42. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Workaround Procedures
Common Law
Information Technology Security Evaluation Criteria - ITSEC
Deletion
43. Weakness or flaw in an asset
Overlapping Fragment Attack
Separation Of Duties
Checklist Test
Vulnerability
44. Property that data is represented in the same manner at all times
Consistency
Incident Response Team
Surveillance
Patch Management
45. Two certificate authorities that trust each other
Cross Certification
Inheritance
Certificate Revocation List (CRL)
Routers
46. Objects or programming that looks the different but act same
Polymorphism
Denial Of Service
Journaling
Cookie
47. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas
Uninterruptible Power Supply (UPS)
Quantitative Risk Analysis
Backup
Incident Response Team
48. Sudden rise in voltage in the power supply.
Authorization
Legacy Data
Recovery
Surge
49. Tool which mediates access
Fragmented Data
Control
Protection
Elements of Negligence
50. Act of luring an intruder and is legal.
Archival Data
Cross Certification
Enticement
Trusted Computing Base