SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Business Interruption
Residual Risk
Simulation
Exposure
2. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Change Control
Cryptovariable
Quantitative
TIFF (Tagged Image File Format)
3. Object based description of a single resource and the permission each subject
Access Control Lists
Binary
Policy
Permutation /Transposition
4. OOP concept of an object at runtime
Object Oriented Programming (OOP)
Evidence
Instance
Cryptovariable
5. Evaluation of a system without prior knowledge by the tester
Surge Suppressor
Blind Testing
Directive
Critical Infrastructure
6. Intellectual property protection for marketing efforts
Cache
2-Phase Commit
Trademark
Relocation
7. Inappropriate data
Malformed Input
Relocation
Tracking
Time Of Check/Time Of Use
8. Memory - RAM
Primary Storage
CobiT
Rogue Access Points
Intrusion Detection Systems
9. A design methodology which executes in a linear one way fashion
Access Control Attacks
Examples of non-technical security components
Waterfall
Technical Access Controls
10. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Business Impact Analysis
Threat Agent
Contingency Plan
IDS Intrusion Detection System
11. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
BCP Testing Drills and Exercises
Business Impact Assessment (BIA)
Proxies
Embedded Systems
12. Converts source code to an executable
Critical Functions
Compiler
Primary Storage
Database Replication
13. Converts a high level language into machine language
Entrapment
Assembler
Risk
Non-Repudiation
14. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
War Dialing
Alternate Site
UPS
Data Diddler
15. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Phishing
Reference Monitor
Data Diddler
Centralized Access Control Technologies
16. A software design technique for abstraction of a process
Copyright
Elements of Negligence
Data Hiding
CobiT
17. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.
Confidence Value
Internal Use Only
Business Interruption Insurance
Exposure
18. Line by line translation from a high level language to machine code
Total Risk
Tracking
Administrative Laws
Interpreter
19. A type of multitasking that allows for more even distribution of computing time among competing request
Preemptive
Polymorphism
Triage
Computer System Evidence
20. Hiding the fact that communication has occurred
Rogue Access Points
Object
Steganography
Simulation Test
21. A process state - (blocked) needing input before continuing
Criminal Law
Wait
2-Phase Commit
ITSEC
22. Disruption of operation of an electronic device due to a competing electromagnetic field.
Substitution
Alternate Site
EMI
Checklist Test (desk check)
23. To set the clearance of a subject or the classification of an object
Structured Walkthrough
Degauss
Labeling
Keystroke Logging
24. Third party processes used to organize the implementation of an architecture
Standalone Test
File Server
Site Policy
Framework
25. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
HTTP Response Splitting
Storage Area Network (SAN)
Recovery Period
Sharing
26. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.
Eavesdropping
JPEG (Joint Photographic Experts Group)
Fragmented Data
Alarm Filtering
27. Asymmetric encryption of a hash of message
Convincing
Digital Signature
Legacy Data
ITSEC
28. Intermediate level - pertaining to planning
Tracking
Operational
Backup
Data Leakage
29. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Remote Journaling
Discretionary Access Control (DAC)
Accountability
HTTP Response Splitting
30. A state for operating system tasks only
Disk Mirroring
Territoriality
Supervisor Mode (monitor - system - privileged)
Data Owner
31. Total number of keys available that may be selected by the user of a cryptosystem
Shielding
Key Space
Framework
Business Interruption
32. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
Picking
Degauss
Redundant Array Of Independent Drives (RAID)
Embedded Systems
33. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.
Plaintext
Source Routing Exploitation
Kerckhoff's Principle
Certificate Revocation List (CRL)
34. Planning with a goal of returning to the normal business function
Off-Site Storage
Centralized Access Control Technologies
Restoration
Consistency
35. Collection of data on business functions which determines the strategy of resiliency
Business Impact Assessment (BIA)
Information Owner
Control
Security Clearance
36. Computing power will double every 18 months
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
37. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur
Checklist Test (desk check)
Failure Modes and Effect Analysis (FEMA)
Business Continuity Steering Committee
Cryptovariable
38. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Distributed Denial Of Service
Critical Functions
Job Training
Integrated Test
39. Of a system without prior knowledge by the tester or the tested
Double Blind Testing
Boot (V.)
Access Control Lists
Hacker
40. Memory management technique which allows data to be moved from one memory address to another
Dangling Pointer
Relocation
Desk Check Test
Attacker (Black hat - Hacker)
41. State of computer - to be running a process
Operating
Brute Force
Denial Of Service
Wireless Fidelity (Wi-Fi )
42. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Degauss
TIFF (Tagged Image File Format)
Encapsulation
Tactical
43. Unauthorized wireless network access device.
Education
Birthday Attack
Rogue Access Points
Malformed Input
44. An availability attack - to consume resources to the point of exhaustion
Smurf
Qualitative
Denial Of Service
Inheritance
45. A trusted issuer of digital certificates
Open Mail Relay Servers
Certification Authority
Total Risk
Physical Tampering
46. The study of cryptography and cryptanalysis
Mobile Site
Cryptology
Orange Book D Classification
Sniffing
47. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
Stopped
3 Types of harm Addressed in computer crime laws
Revocation
Key Clustering
48. Dedicated fast memory located on the same board as the CPU
Debriefing/Feedback
Protection
Sampling
CPU Cache
49. Identification and notification of an unauthorized and/or undesired action
Convincing
Deadlock
Detection
Orange Book B2 Classification
50. What is will remain - persistence
Durability
Transfer
Strategic
Non-Repudiation
