SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Natural or human-readable form of message
Salami
Relocation
Plain Text
Accountability
2. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Access Control Attacks
Alarm Filtering
3 Types of harm Addressed in computer crime laws
User Mode (problem or program state)
3. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
Convincing
Tactical
Site Policy Awareness
Analysis
4. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Hub
Separation Of Duties
Cache
Non-Repudiation
5. The first rating that requires security labels
Orange Book B1 Classification
Denial Of Service
Relocation
Exercise
6. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Declaration
Incident Response
Framework
Deleted File
7. Subjects will not interact with each other's objects
Central Processing Unit (CPU)
Digital Certificate
Non-Interference
Data Custodian
8. Binary decision by a system of permitting or denying access to the entire system
Mixed Law System
Embedded Systems
Authentication
Dictionary Attack
9. A copy of transaction data - designed for querying and reporting
Job Rotation
Data Warehouse
Discretionary Access Control (DAC)
TCSEC (Orange Book)
10. Malware that makes many small changes over time to a single data point or system
Tort
Qualitative
Hot Site
Salami
11. For PKI - to store another copy of a key
Cross-Site Scripting
Key Escrow
System Life Cycle
Denial Of Service
12. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.
Pointer
Multi-Core
Site Policy Awareness
Risk Assessment / Analysis
13. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Replication
Data Recovery
Job Training
Monitor
14. Provides a physical cross connect point for devices.
Acronym for American Standard Code for Information Interchange (ASCII)
Risk Assessment
Patch Panels
Redundant Array Of Independent Drives (RAID)
15. Eavesdropping on network communications by a third party.
Mirroring
Framework
Sniffing
Initialization Vector
16. Review of data
Race Condition
Inference
Analysis
Domain
17. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.
Burn
Compartmentalize
Security Domain
Mandatory Vacations
18. High level design or model with a goal of consistency - integrity - and balance
Database Shadowing
Architecture
Journaling
Multi-Processing
19. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)
Data Backup Strategies
Trusted Computing Base
Contingency Plan
Atomicity
20. A layer 2 device that used to connect two network segments and regulate traffic.
Bridge
Archival Data
Debriefing/Feedback
Consistency
21. A mathematical tool for verifying no unintentional changes have been made
Checksum
Territoriality
Coaxial Cable
Process Isolation
22. Asymmetric encryption of a hash of message
Digital Signature
War Dialing
Database Shadowing
Trapdoors (Backdoors) (Maintenance Hooks)
23. Less granular organization of controls -
Data Owner
Authorization
Control Type
Surveillance
24. To create a copy of data as a precaution against the loss or damage of the original data.
Algorithm
Backup
Incident
Physical Tampering
25. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas
Forward Recovery
Teardrop
Notification
Incident Response Team
26. Inappropriate data
Incident Manager
Virtual Memory
Malformed Input
Authentic
27. The partial or full duplication of data from a source database to one or more destination databases.
Operational Impact Analysis
Orange Book B2 Classification
Tapping
Database Replication
28. Malware that subverts the detective controls of an operating system
Rootkit
2-Phase Commit
Key Clustering
Business Recovery Team
29. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Parallel Test
Radio Frequency Interference (RFI)
Locard's Principle
Discretionary Access Control (DAC)
30. Eight bits.
Byte
Running
Cross Certification
Debriefing/Feedback
31. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Orange Book D Classification
Layering
Decipher
Inrush Current
32. A choice in risk management - to implement a control that limits or lessens negative effects
Mitigate
Capability Tables
SQL Injection
Data Integrity
33. Location where coordination and execution of BCP or DRP is directed
Emergency Operations Center (EOC)
Authentic
Walk Though
Embedded
34. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Data Custodian
Classification
User
Brownout
35. An attack involving the hijacking of a TCP session by predicting a sequence number.
Detection
Object
Bit
Sequence Attacks
36. Written step-by-step actions
Examples of non-technical security components
Procedure
Disaster Recovery Plan
Time Of Check/Time Of Use
37. Dedicated fast memory located on the same board as the CPU
CPU Cache
Shadowing (file shadowing)
Mitigate
Kerberos
38. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Chain Of Custody
Twisted Pair
Basics Of Secure Design
Tar Pits
39. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Codec
Non-Discretionary Access Control
Mixed Law System
Mitigate
40. Uncleared buffers or media
Policy
Code
Object Reuse
Cryptovariable
41. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Application Programming Interface
Instance
CobiT
Business Impact Assessment (BIA)
42. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination
True Attack Stimulus
Qualitative
Hearsay
Man-In-The-Middle Attack
43. Actions measured against either a policy or what a reasonable person would do
Due Diligence
Common Law
Object Reuse
File Shadowing
44. May be responsible for overall recovery of an organization or unit(s).
Concentrator
Information Flow Model
DR Or BC Coordinator
Byte Level Deletion
45. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Interception
Denial Of Service
BCP Testing Drills and Exercises
Shift Cipher (Caesar)
46. A passive network attack involving monitoring of traffic.
Eavesdropping
Exercise
Contingency Plan
Computer Forensics
47. Memory - RAM
Electrostatic Discharge
Alert/Alarm
Chain Of Custody
Primary Storage
48. A test conducted on one or more components of a plan under actual operating conditions.
Certificate Revocation List (CRL)
Tracking
Operational Test
Marking
49. Pertaining to law - verified as real
Authentic
Access Control Lists
Object Oriented Programming (OOP)
Threats
50. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
Remanence
Entrapment
Authentication
TNI (Red Book)