SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A one way - directed graph which indicates confidentiality or integrity flow
Lattice
Critical Functions
Infrastructure
3 Types of harm Addressed in computer crime laws
2. Asymmetric encryption of a hash of message
Threat Agent
Digital Signature
Operational Test
Access Control Matrix
3. Requirement to take time off
Mandatory Vacations
Workaround Procedures
Data Diddler
Trade Secret
4. An encryption method that has a key as long as the message
Information Technology Security Evaluation Criteria - ITSEC
Critical Infrastructure
Hearsay
Running Key
5. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Method
Threat Agent
Bollard
Kerberos
6. Responsibility of a user for the actions taken by their account which requires unique identification
Plaintext
Accountability
Technical Access Controls
Administrative Laws
7. May be responsible for overall recovery of an organization or unit(s).
DR Or BC Coordinator
True Attack Stimulus
Plan Maintenance Procedures
Infrastructure
8. Security policy - procedures - and compliance enforcement
Orange Book D Classification
Examples of non-technical security components
Classification
Transfer
9. A legal enforceable agreement between: two people - two organizations - a person and an organization.
Tort
Vulnerability
Firewall
Preemptive
10. A documented battle plan for coordinating response to incidents.
Total Risk
Twisted Pair
Remote Access Trojan
Incident Handling
11. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Shielding
Virtual Memory
Acronym for American Standard Code for Information Interchange (ASCII)
Access Control Lists
12. A backup type - for databases at a point in time
Deletion
Shadowing (file shadowing)
TEMPEST
Structured Walkthrough
13. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Guidelines
Content Dependent Access Control
Covert Channel
Microwave
14. A software design technique for abstraction of a process
Shielding
Analysis
Running
Data Hiding
15. To execute more than one instruction at an instant in time
Alternate Site
Binary
Due Care
Multi-Processing
16. Recognition of an individual's assertion of identity.
Firewalls
Preemptive
Double Blind Testing
Identification
17. Momentary loss of power
Fault
Policy
Tapping
Territoriality
18. Recovery alternative - everything needed for the business function - except people and last backup
Hot Site
Metadata
Business Interruption
Transfer
19. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
Full Test (Full Interruption)
SYN Flooding
Information Flow Model
Modification
20. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Need-To-Know
Critical Functions
Hot Spares
Atomicity
21. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Business Impact Analysis
Work Factor
ff Site
Administrative Access Controls
22. Memory management technique that allows two processes to run concurrently without interaction
Protection
Rollback
IDS Intrusion Detection System
Mobile Site
23. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Journaling
Business Continuity Planning (BCP)
Private Branch Exchange (PBX)
Checklist Test (desk check)
24. To reduce fire
Proprietary
Quantitative Risk Analysis
Fire Suppression
Physical Tampering
25. OOP concept of a distinct copy of the class
Preemptive
Key Escrow
Kerckhoff's Principle
Object
26. Control type- that is communication based - typically written or oral
Layering
Administrative
Replication
Criminal Law
27. Wrong against society
TNI (Red Book)
MOM
Criminal Law
Risk Mitigation
28. Third party processes used to organize the implementation of an architecture
Operating
Databases
Framework
State Machine Model
29. Summary of a communication for the purpose of integrity
Control Type
Plan Maintenance Procedures
Message Digest
Sharing
30. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
Electromagnetic Interference (EMI)
Threats
Cryptography
File Extension
31. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Orange Book A Classification
Disk Mirroring
Alternate Data Streams (File System Forks)
Data Owner
32. Renders the file inaccessible to the operating system - available to reuse for data storage.
Access Point
Interpreter
Declaration
File Level Deletion
33. Unchecked data which spills into another location in memory
Recovery
Access Control Lists
Buffer Overflow
Work Factor
34. Mitigate damage by isolating compromised systems from the network.
TEMPEST
Control
Workaround Procedures
Containment
35. A back up type - where the organization has excess capacity in another location.
Distributed Processing
Criminal Law
Spiral
Domain
36. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.
Business Continuity Program
Microwave
Access Control
Contact List
37. Small data warehouse
Bit
Logic Bomb
Malformed Input
Data Marts
38. For PKI - decertify an entities certificate
Mirroring
Revocation
Event
Collisions
39. To start business continuity processes
Ring Protection
Activation
Authentic
Revocation
40. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.
Record Level Deletion
Business Continuity Program
Blackout
DR Or BC Coordinator
41. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
Denial Of Service
CPU Cache
Crisis
ISO/IEC 27002
42. A system designed to prevent unauthorized access to or from a private network.
False (False Positive)
Denial Of Service
Firewall
Sharing
43. Renders the record inaccessible to the database management system
Satellite
Record Level Deletion
Recovery Point Objective (RPO)
Fraggle
44. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
E-Mail Spoofing
Information Technology Security Evaluation Criteria - ITSEC
Vital Record
Privacy Laws
45. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
Operational Exercise
Watermarking
MOM
BCP Testing Drills and Exercises
46. Malware that makes many small changes over time to a single data point or system
Salami
Interception
Steganography
Risk Mitigation
47. Most granular organization of controls
Control Category
False Negative
Business Records
Administrative
48. Quantity of risk remaining after a control is applied
Residual Risk
Digital Certificate
Critical Functions
IP Address Spoofing
49. A record that must be preserved and available for retrieval if needed.
Forward Recovery
Incident Manager
Vital Record
Framework
50. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Emergency
Mission-Critical Application
Virus
Proprietary