SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The core of a computer that calculates
Central Processing Unit (CPU)
Data Leakage
Information Flow Model
Switches
2. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Watermarking
Common Criteria
Slack Space
5 Rules Of Evidence
3. A collection of information designed to reduce duplication and increase integrity
Mission-Critical Application
Remote Journaling
Databases
Data Hiding
4. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Vital Record
Boot (V.)
Acronym for American Standard Code for Information Interchange (ASCII)
On-Site
5. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Byte
Chain Of Custody
Life Cycle of Evidence
Patch Management
6. An individuals conduct that violates government laws developed to protect the public
Criminal Law
Prevention
Business Records
Administrative Law
7. An availability attack - to consume resources to the point of exhaustion
File Level Deletion
Denial Of Service
Data Integrity
Masked/Interruptible
8. Mediation of covert channels must be addressed
Fragmented Data
Conflict Of Interest
Information Flow Model
Work Factor
9. To reduce sudden rises in current
Gateway
Surge Suppressor
Fire Classes
Virus
10. System directed mediation of access with labels
Degauss
Checksum
Keyed-Hashing For Message Authentication
Mandatory
11. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
Routers
Concatenation
MOM
Trapdoors (Backdoors) (Maintenance Hooks)
12. A template for the designing the architecture
False Attack Stimulus
Botnet
Risk Assessment
Security Blueprint
13. A passive network attack involving monitoring of traffic.
Triage
Eavesdropping
Injection
Education
14. Evidence must be: admissible - authentic - complete - accurate - and convincing
ITSEC
Proxies
5 Rules Of Evidence
Key Management
15. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Encipher
Operational Impact Analysis
Embedded Systems
Prevention
16. Renders the record inaccessible to the database management system
Record Level Deletion
Patent
Fire Classes
Restoration
17. Communication of a security incident to stakeholders and data owners.
Notification
Alert
Multi-Processing
Examples of non-technical security components
18. Potentially compromising leakage of electrical or acoustical signals.
Emanations
Recovery Time Objectives
Countermeasure
Fire Detection
19. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Mitigate
Checklist Test (desk check)
True Attack Stimulus
Corrective
20. Collection of data on business functions which determines the strategy of resiliency
Injection
Common Criteria
Technical Access Controls
Business Impact Assessment (BIA)
21. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.
Fragmented Data
Reciprocal Agreement
Shift Cipher (Caesar)
Object
22. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Consistency
False Attack Stimulus
SYN Flooding
Electromagnetic Interference (EMI)
23. A disturbance that degrades performance of electronic devices and electronic communications.
Threats
Data Custodian
Hash Function
Radio Frequency Interference (RFI)
24. Property that data is represented in the same manner at all times
Initialization Vector
Consistency
CobiT
Cryptography
25. A set of laws that the organization agrees to be bound by
Spam
Rootkit
Administrative Law
Multi-Programming
26. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Hash Function
E-Mail Spoofing
Emergency
IP Address Spoofing
27. A failure of an IDS to detect an actual attack
False Negative
File Sharing
War Driving
Data Marts
28. Small data files written to a user's hard drive by a web server.
Certificate Revocation List (CRL)
Cookie
Attacker (Black hat - Hacker)
Sniffing
29. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Evidence
Burn
Residual Risk
Metadata
30. A type of multitasking that allows for more even distribution of computing time among competing request
Identification
Supervisor Mode (monitor - system - privileged)
Preemptive
Kerckhoff's Principle
31. A condition in which neither party is willing to stop their activity for the other to complete
Interpreter
Tapping
Hearsay
Deadlock
32. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
Alternate Data Streams (File System Forks)
High-Risk Areas
Concentrator
Collisions
33. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
Code
Basics Of Secure Design
Privacy Laws
Repeaters
34. Of a system without prior knowledge by the tester or the tested
Fragmented Data
Double Blind Testing
HTTP Response Splitting
Analysis
35. Requirement to take time off
Routers
Mandatory Vacations
Accountability
Electrostatic Discharge
36. An image compression standard for photographs
JPEG (Joint Photographic Experts Group)
Recovery Point Objective (RPO)
Multi-Party Control
Multilevel Security System
37. Scrambled form of the message or data
Firmware
Secondary Storage
Threats
Cipher Text
38. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
Memory Management
Risk Assessment / Analysis
Patch Management
On-Site
39. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.
Primary Storage
Overlapping Fragment Attack
Mock Disaster
Restoration
40. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
Metadata
Backup
Deleted File
Mirroring
41. Someone who want to know how something works - typically by taking it apart
Hub
War Driving
Fraggle
Hacker
42. An unintended communication path
Total Risk
Convincing
Covert Channel
Overlapping Fragment Attack
43. A protocol for the efficient transmission of voice over the Internet
Hearsay Evidence
Voice Over IP (VOIP)
JPEG (Joint Photographic Experts Group)
Electronic Vaulting
44. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Supervisor Mode (monitor - system - privileged)
Recovery Strategy
Need-To-Know
Legacy Data
45. To evaluate the current situation and make basic decisions as to what to do
Triage
Checklist Test
Boot (V.)
Mock Disaster
46. Recovery alternative - a building only with sufficient power - and HVAC
Cold Site
Incident Manager
Acronym for American Standard Code for Information Interchange (ASCII)
Risk Assessment
47. Wrong against society
Race Condition
UPS
Site Policy
Criminal Law
48. Owner directed mediation of access
Corrective
Algorithm
Trapdoors (Backdoors) (Maintenance Hooks)
Discretionary
49. Most granular organization of controls
Control Category
Least Privilege
Codec
Emanations
50. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
Top Secret
Source Routing Exploitation
Blackout
Fire Classes