SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A backup of data located where staff can gain access readily and a localized disaster will not cause harm
Resumption
3 Types of harm Addressed in computer crime laws
Data Owner
Near Site
2. Total number of keys available that may be selected by the user of a cryptosystem
Protection
Class
Key Space
Targeted Testing
3. Power surge
Total Risk
Primary Storage
Electrostatic Discharge
Non-Interference
4. Narrow scope examination of a system
Containment
Targeted Testing
Running
Orange Book B2 Classification
5. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Adware
Control
Reference Monitor
Data Owner
6. Final purpose or result
Payload
Mandatory Vacations
Keyed-Hashing For Message Authentication
Job Training
7. A technology that reduces the size of a file.
High-Risk Areas
Interception
Certification Authority
Compression
8. Reprogrammable basic startup instructions
Assembler
Copyright
Contact List
Firmware
9. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Hacker
IDS Intrusion Detection System
Protection
Attacker (Black hat - Hacker)
10. A system that enforces an access control policy between two networks.
Containment
Chain of Custody
Business Recovery Team
Firewalls
11. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Blind Testing
Call Tree
Non-Discretionary Access Control
Botnet
12. Act of luring an intruder and is legal.
Enticement
Cross Training
False (False Positive)
Orange Book B2 Classification
13. A choice in risk management - to convince another to assume risk - typically by payment
Transfer
Fragmented Data
Capability Tables
Embedded
14. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Alarm Filtering
Desk Check Test
Standalone Test
Legacy Data
15. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Cryptovariable
Information Technology Security Evaluation Criteria - ITSEC
Honeynet
Hard Disk
16. Recording activities at the keyboard level
Substitution
Moore's Law
Multi-Core
Keystroke Logging
17. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
Guidelines
Byte
Failure Modes and Effect Analysis (FEMA)
Site Policy Awareness
18. Review of data
Integrated Test
Malformed Input
Crisis
Analysis
19. Physical description on the exterior of an object that communicates the existence of a label
Marking
Keyed-Hashing For Message Authentication
Access Point
Machine Language (Machine Code)
20. The core of a computer that calculates
Life Cycle of Evidence
Message Digest
Phishing
Central Processing Unit (CPU)
21. Location where coordination and execution of BCP or DRP is directed
Total Risk
Emergency Operations Center (EOC)
ISO/IEC 27001
Voice Over IP (VOIP)
22. The study of cryptography and cryptanalysis
Access Control Lists
Cryptology
Relocation
Operational
23. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Metadata
Labeling
Application Programming Interface
The ACID Test
24. Sphere of influence
Brownout
Domain
Sampling
Governance
25. Abstract and mathematical in nature - defining all possible states - transitions and operations
Operational Impact Analysis
State Machine Model
False Attack Stimulus
Data Dictionary
26. Written internalized or nationalized norms that are internal to an organization
Preemptive
Botnet
Recovery Strategy
Standard
27. A disturbance that degrades performance of electronic devices and electronic communications.
Radio Frequency Interference (RFI)
Remote Journaling
Object
Authentication
28. A risk assessment method - measurable real money cost
ITSEC
Kerckhoff's Principle
Convincing
Quantitative
29. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Confidence Value
Locard's Principle
Tar Pits
Separation Of Duties
30. Asymmetric encryption of a hash of message
Metadata
Civil Or Code Law
Business Continuity Planning (BCP)
Digital Signature
31. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services
Instance
Access Control Lists
Containment
Discretionary
32. Code breaking - practice of defeating the protective properties of cryptography.
TIFF (Tagged Image File Format)
Algorithm
Network Attached Storage (NAS)
Cryptanalysis
33. A telephone exchange for a specific office or business.
Multi-Programming
Admissible
Brute Force
Private Branch Exchange (PBX)
34. Eavesdropping on network communications by a third party.
Hacker
Spyware
Tapping
ITSEC
35. Deals with discretionary protection
Criminal Law
Access Control Lists
Site Policy
Orange Book C Classification
36. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Alternate Data Streams (File System Forks)
Data Owner
Orange Book D Classification
Alert
37. The chance that something negative will occur
Risk
Cryptography
Fragmented Data
Change Control
38. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.
Process Isolation
Archival Data
Record Level Deletion
Secondary Storage
39. Consume resources to a point of exhaustion - loss of availability
Multi-Tasking
Alternate Site
Denial Of Service
Emergency Operations Center (EOC)
40. A choice in risk management - to implement a control that limits or lessens negative effects
Symmetric
False Attack Stimulus
Mitigate
Network Attached Storage (NAS)
41. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Change Control
Technical Access Controls
Time Of Check/Time Of Use
Layering
42. Pertaining to law - no omissions
Information Risk Management (IRM)
Radio Frequency Interference (RFI)
Complete
Countermeasure
43. A layer 2 device that used to connect two network segments and regulate traffic.
Threat Agent
Examples of non-technical security components
On-Site
Bridge
44. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
Vulnerability
MOM
Recovery Period
High-Risk Areas
45. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.
Total Risk
Payload
Teardrop
Accurate
46. Real-time data backup ( Data Mirroring)
Database Shadowing
Sag/Dip
Journaling
File Level Deletion
47. Lower frequency noise
Risk
Radio Frequency Interference (RFI)
Hearsay Evidence
Message Digest
48. A shield against leakage of electromagnetic signals.
Faraday Cage/ Shield
Running Key
Spiral
Digital Certificate
49. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.
File Level Deletion
Data Backup Strategies
Cipher Text
Plaintext
50. A Trojan horse with the express underlying purpose of controlling host from a distance
Blackout
Layering
Remote Access Trojan
Incident Manager
