SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A world-wide wireless technology
Admissible
Hard Disk
Wireless Fidelity (Wi-Fi )
Transfer
2. Line noise that is superimposed on the supply circuit.
Forensic Copy
Orange Book A Classification
Transients
Crisis
3. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.
Certification Authority
Tactical
Internal Use Only
Cross Certification
4. Specific format of technical and physical controls that support the chosen framework and the architecture
Object
Orange Book A Classification
Reference Monitor
Infrastructure
5. A signal suggesting a system has been or is being attacked.
Open Mail Relay Servers
Uninterruptible Power Supply (UPS)
Alert/Alarm
Packet Filtering
6. Recovery alternative - everything needed for the business function - except people and last backup
Patch Management
Incident Response Team
Hot Site
Site Policy Awareness
7. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
Masquerading
Storage Area Network (SAN)
Key Management
Embedded Systems
8. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Restoration
Accurate
Entrapment
TIFF (Tagged Image File Format)
9. A risk assessment method - measurable real money cost
Quantitative
File
Open Mail Relay Servers
Boot (V.)
10. System of law based upon what is good for society
Interpreter
Information Owner
Custodian
Civil Or Code Law
11. The guardian of asset(s) - a maintenance activity
Durability
Rootkit
Custodian
Labeling
12. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Business Records
Malformed Input
Remanence
Object Reuse
13. Forging of an IP address.
Risk Mitigation
Targeted Testing
Information Technology Security Evaluation Criteria - ITSEC
IP Address Spoofing
14. Regular operations are stopped and where processing is moved to the alternate site.
Modems
Full-Interruption test
Integrated Test
Identification
15. Reduces causes of fire
System Downtime
Fire Prevention
Side Channel Attack
Binary
16. Momentary loss of power
Fault
Intrusion Detection Systems
Architecture
Recovery Period
17. A device that sequentially switches multiple analog inputs to the output.
Multiplexers
Access Control Lists
Crisis
Centralized Access Control Technologies
18. Of a system without prior knowledge by the tester or the tested
Reference Monitor
Double Blind Testing
CobiT
Recovery Strategy
19. RADIUS - TACACS+ - Diameter
Complete
Ethics
Centralized Access Control Technologies
Restoration
20. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Kerberos
Hard Disk
Time Of Check/Time Of Use
Electronic Vaulting
21. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
Databases
Virtual Memory
TNI (Red Book)
Orange Book B2 Classification
22. Intellectual property protection for the expression of an idea
Active Data
TCSEC (Orange Book)
Copyright
Declaration
23. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Surge
Trapdoors (Backdoors) (Maintenance Hooks)
Fiber Optics
Executive Succession
24. A Trojan horse with the express underlying purpose of controlling host from a distance
State Machine Model
Repeaters
Business Continuity Program
Remote Access Trojan
25. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Emergency Procedures
File Server
Operational Impact Analysis
Layering
26. Hiding the fact that communication has occurred
Quantitative
Steganography
Radio Frequency Interference (RFI)
Parallel Test
27. An availability attack - to consume resources to the point of exhaustion
Multiplexers
Alternate Site
Denial Of Service
Picking
28. The chance that something negative will occur
Risk
Information Owner
Critical Records
Sniffing
29. The partial or full duplication of data from a source database to one or more destination databases.
Application Programming Interface
Database Replication
ISO/IEC 27002
Incident Handling
30. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Mandatory Vacations
Network Attached Storage (NAS)
Information Risk Management (IRM)
Procedure
31. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
Brute Force
File Extension
Hub
Tar Pits
32. Define the way in which the organization operates.
Code
Certificate Revocation List (CRL)
Proprietary
File Sharing
33. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept
Business Continuity Steering Committee
Ring Protection
Overlapping Fragment Attack
Masked/Interruptible
34. Actions measured against either a policy or what a reasonable person would do
Maximum Tolerable Downtime (MTD)
Damage Assessment
ff Site
Due Diligence
35. A record that must be preserved and available for retrieval if needed.
Fiber Optics
Multi-Processor
Vital Record
Discretionary Access Control (DAC)
36. Policy or stated actions
Due Care
Instance
Double Blind Testing
Restoration
37. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.
Administrative
Patch Management
Damage Assessment
Patent
38. Intermediate level - pertaining to planning
Operational
Cold Site
Data Integrity
Examples of non-technical security components
39. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Civil Law
DR Or BC Coordinator
Source Routing Exploitation
Spyware
40. Someone who wants to cause harm
Mantrap (Double Door System)
Attacker (Black hat - Hacker)
Initialization Vector
Crisis
41. More than one CPU on a single board
Birthday Attack
Mandatory Vacations
Multi-Core
Fire Detection
42. A backup of data located where staff can gain access immediately
Encapsulation
Multi-Processing
Recovery Strategy
On-Site
43. Representatives from each functional area or department get together and walk through the plan from beginning to end.
Surge
Multi-Party Control
Structured Walk-Through Test
Labeling
44. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Deletion
Initialization Vector
Wireless Fidelity (Wi-Fi )
Civil Or Code Law
45. Dedicated fast memory located on the same board as the CPU
Slack Space
CPU Cache
Electronic Vaulting
Business Continuity Steering Committee
46. A telephone exchange for a specific office or business.
Private Branch Exchange (PBX)
Near Site
Emergency Procedures
Kerckhoff's Principle
47. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.
Corrective
Threats
Structured Walkthrough
Declaration
48. Most granular organization of controls
Risk Mitigation
Control Category
Man-In-The-Middle Attack
Mobile Site
49. A perpetrator leaves something behind or takes something with them at the scene of a crime
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
50. Moving the alphabet intact a certain number spaces
Shift Cipher (Caesar)
Tar Pits
User Mode (problem or program state)
Basics Of Secure Design