SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Structured Walkthrough
Strong Authentication
Method
Executive Succession
2. An administrative unit or a group of objects and subjects controlled by one reference monitor
Record Level Deletion
Structured Walk-Through Test
Journaling
Security Domain
3. Someone who want to know how something works - typically by taking it apart
Hacker
Recovery Point Objective (RPO)
Transfer
Malformed Input
4. A form of data hiding which protects running threads of execution from using each other's memory
Chain of Custody
Emergency
Operational Impact Analysis
Process Isolation
5. An availability attack - to consume resources to the point of exhaustion
Denial Of Service
Data Backup Strategies
Plaintext
Data Warehouse
6. Creation distribution update and deletion
Supervisor Mode (monitor - system - privileged)
Off-Site Storage
Entrapment
Key Management
7. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Alert
Confidence Value
Governance
Executive Succession
8. A disturbance that degrades performance of electronic devices and electronic communications.
Radio Frequency Interference (RFI)
Revocation
Shift Cipher (Caesar)
Access Control Matrix
9. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Brute Force
Vital Record
Spam
Life Cycle of Evidence
10. Potentially compromising leakage of electrical or acoustical signals.
Vulnerability
Emanations
Certificate Revocation List (CRL)
Information Technology Security Evaluation Criteria - ITSEC
11. System mediation of access with the focus on the context of the request
Content Dependent Access Control
Twisted Pair
Denial Of Service
Cryptovariable
12. Using many alphabets
Polyalphabetic
3 Types of harm Addressed in computer crime laws
Restoration
Surge Suppressor
13. Something that happened
Key Clustering
Digital Certificate
Event
Admissible
14. False memory reference
Codec
Dangling Pointer
Residual Risk
Encryption
15. Natural occurrence in circuits that are in close proximity
Interference (Noise)
Electronic Vaulting
Total Risk
Simulation
16. A device that converts between digital and analog representation of data.
Modems
Security Kernel
E-Mail Spoofing
Firewalls
17. System of law based upon precedence - with major divisions of criminal - tort - and administrative
Notification
Key Clustering
Business Interruption Insurance
Common Law
18. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
Decipher
IP Fragmentation
Private Branch Exchange (PBX)
Residual Data
19. Planning with a goal of returning to the normal business function
Restoration
Surge Suppressor
Hash Function
Standard
20. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Information Technology Security Evaluation Criteria - ITSEC
Distributed Denial Of Service
Access Point
Discretionary
21. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Alarm Filtering
Procedure
Emanations
Liability
22. Evaluation of a system without prior knowledge by the tester
Redundant Array Of Independent Drives (RAID)
Blind Testing
On-Site
Disaster
23. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Masked/Interruptible
Shielding
Repeaters
Reciprocal Agreement
24. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Shielding
Deadlock
Data Owner
Birthday Attack
25. Potentially retrievable data residue that remains following intended erasure of data.
Trademark
Business Recovery Team
Remanence
Rogue Access Points
26. Small data warehouse
Wireless Fidelity (Wi-Fi )
Electronic Vaulting
Mixed Law System
Data Marts
27. Subject based description of a system or a collection of resources
Bollard
Simulation Test
CPU Cache
Capability Tables
28. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Business Continuity Planning (BCP)
Hijacking
Internal Use Only
Parallel Test
29. Uncheck data input which results in redirection
HTTP Response Splitting
Orange Book D Classification
Business Recovery Team
Botnet
30. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Crisis
Common Criteria
Compartmentalize
Incident Response
31. Statistical probabilities of a collision are more likely than one thinks
IP Fragmentation
Birthday Attack
Brownout
Mirrored Site
32. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Hard Disk
Test Plan
Risk Mitigation
Remote Journaling
33. Encryption system using shared key/private key/single key/secret key
Fire Classes
Ethics
Symmetric
Information Technology Security Evaluation Criteria - ITSEC
34. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Surge Suppressor
Change Control
High-Risk Areas
Due Diligence
35. A secure connection to another network.
Site Policy
Fire Classes
Gateway
Encryption
36. The hard drive
Kerberos
Restoration
Secondary Storage
E-Mail Spoofing
37. Quantity of risk remaining after a control is applied
Residual Risk
File Level Deletion
Threats
Intrusion Detection Systems
38. Act of scrambling the cleartext message by using a key.
Mirrored Site
Declaration
Instance
Encipher
39. Control category - more than one control on a single asset
Compensating
Recovery
Permutation /Transposition
Need-To-Know
40. Requirement of access to data for a clearly defined purpose
Masquerading
Object Reuse
Need-To-Know
Disaster Recovery Plan
41. Of a system without prior knowledge by the tester or the tested
Keystroke Logging
Cache
Denial Of Service
Double Blind Testing
42. A passive network attack involving monitoring of traffic.
Substitution
Detective
Eavesdropping
Remote Journaling
43. A hash that has been further encrypted with a symmetric algorithm
Computer System Evidence
Keyed-Hashing For Message Authentication
ff Site
SQL Injection
44. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Data Backups
Civil Or Code Law
Symmetric
Corrective
45. Malware that makes many small changes over time to a single data point or system
Control
Coaxial Cable
Inrush Current
Salami
46. A race condition where the security changes during the object's access
Convincing
Directive
Time Of Check/Time Of Use
Top Secret
47. Those who initiate the attack
Administrative Access Controls
Threat Agent
Data Recovery
War Dialing
48. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.
File Server
Simulation Test
Dictionary Attack
Common Criteria
49. Recovery alternative - everything needed for the business function - except people and last backup
Algorithm
Hot Site
Site Policy Awareness
Accreditation
50. Moving letters around
TNI (Red Book)
Rogue Access Points
Permutation /Transposition
Cryptovariable
