SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The event signaling an IDS to produce an alarm when no attack has taken place
Business Continuity Program
False Attack Stimulus
Mandatory Vacations
Job Rotation
2. Intellectual property protection for an invention
Patent
Distributed Processing
Administrative Laws
Encapsulation
3. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Recovery Strategy
Compression
Operating
Concentrator
4. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
IP Fragmentation
Spiral
True Attack Stimulus
Education
5. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Walk Though
Critical Records
Authentication
Patch Panels
6. To assert or claim credentialing to an authentication system
Cryptanalysis
Database Shadowing
Identification
Structured Walk-Through Test
7. A description of a database
False Negative
Data Dictionary
Decipher
Administrative Access Controls
8. To jump to a conclusion
Virus
Evidence
Domain
Inference
9. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Isolation
Denial Of Service
Non-Discretionary Access Control
Examples of technical security components
10. Small data files written to a user's hard drive by a web server.
Operating
Forward Recovery
Risk Mitigation
Cookie
11. To stop damage from spreading
Man-In-The-Middle Attack
Containment
Authentication
Territoriality
12. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.
Packet Filtering
Watermarking
Redundant Servers
Permutation /Transposition
13. OOP concept of an object's abilities - what it does
Electromagnetic Interference (EMI)
Journaling
Method
Alarm Filtering
14. A one way - directed graph which indicates confidentiality or integrity flow
Lattice
Brouter
Relocation
Adware
15. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Deterrent
Acronym for American Standard Code for Information Interchange (ASCII)
Key Clustering
Structured Walk-Through Test
16. An administrative unit or a group of objects and subjects controlled by one reference monitor
Electrostatic Discharge
Mobile Site
Call Tree
Security Domain
17. Encryption system using a pair of mathematically related unequal keys
Asymmetric
Teardrop
Hacker
Debriefing/Feedback
18. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
Reference Monitor
Embedded Systems
Data Diddler
Cryptography
19. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Watermarking
Encryption
TIFF (Tagged Image File Format)
Atomicity
20. A unit of execution
Inheritance
Threads
Degauss
Cryptology
21. Small data warehouse
Multi-Party Control
Tapping
Data Marts
Business Records
22. Real-time data backup ( Data Mirroring)
Mitigate
Acronym for American Standard Code for Information Interchange (ASCII)
Database Shadowing
Bridge
23. Pertaining to law - high degree of veracity
Data Dictionary
Accurate
Architecture
Vulnerability
24. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
Phishing
File
Top Secret
Site Policy Awareness
25. To know more than one job
Cross Training
Record Level Deletion
Risk Assessment
Radio Frequency Interference (RFI)
26. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Residual Risk
Detection
Interpreter
Fraggle
27. OOP concept of a class's details to be hidden from object
Recovery Time Objectives
Shift Cipher (Caesar)
Denial Of Service
Encapsulation
28. Act of luring an intruder and is legal.
Layering
Relocation
Intrusion Detection Systems
Enticement
29. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Call Tree
Accreditation
Change Control
Remote Journaling
30. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Authentication
Containment
Covert Channel
Journaling
31. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
BCP Testing Drills and Exercises
Masked/Interruptible
Permutation /Transposition
Alternate Site
32. Physical description on the exterior of an object that communicates the existence of a label
Marking
Administrative Access Controls
Satellite
Incident Response
33. A hash that has been further encrypted with a symmetric algorithm
Off-Site Storage
Directive
IP Fragmentation
Keyed-Hashing For Message Authentication
34. A backup type which creates a complete copy
Chain Of Custody
Replication
File Shadowing
Patent
35. Unsolicited advertising software
Vital Record
Adware
Event
User Mode (problem or program state)
36. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Control
Business Continuity Steering Committee
Fault
Surveillance
37. Employment education done once per position or at significant change of function
Data Warehouse
SQL Injection
Job Training
Guidelines
38. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Orange Book B2 Classification
Vital Record
Hot Spares
Top Secret
39. Written step-by-step actions
The ACID Test
Procedure
Permutation /Transposition
Redundant Array Of Independent Drives (RAID)
40. Just enough access to do the job
Least Privilege
Network Attached Storage (NAS)
Triage
Embedded
41. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Authorization
JPEG (Joint Photographic Experts Group)
Overlapping Fragment Attack
Examples of technical security components
42. Fault tolerance for power
Threat Agent
Recovery Point Objective (RPO)
Generator
Critical Infrastructure
43. Subset of operating systems components dedicated to protection mechanisms
Security Kernel
Data Marts
Hacker
Bit
44. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.
Discretionary
Business Interruption
System Downtime
Mock Disaster
45. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
Acronym for American Standard Code for Information Interchange (ASCII)
Overlapping Fragment Attack
Masquerading
TNI (Red Book)
46. A set of laws that the organization agrees to be bound by
File Level Deletion
Message Digest
Computer System Evidence
Administrative Law
47. A world-wide wireless technology
Symmetric
Work Factor
Wireless Fidelity (Wi-Fi )
Routers
48. Measures followed to restore critical functions following a security incident.
Boot (V.)
Orange Book C Classification
Recovery
Countermeasure
49. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
Birthday Attack
The ACID Test
Discretionary
Total Risk
50. Intellectual property management technique for identifying after distribution
File Server
Initialization Vector
Trademark
Watermarking
