SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Concentrator
Interference (Noise)
Revocation
Contact List
2. A database that contains the name - type - range of values - source and authorization for access for each data element
Message Digest
Entrapment
Data Dictionary
Off-Site Storage
3. Amount of time for restoring a business process or function to normal operations without major loss
Degauss
Maximum Tolerable Downtime (MTD)
Quantitative
Virtual Memory
4. Control category- to record an adversary's actions
Simulation
Disaster Recovery Tape
Detective
Public Key Infrastructure (PKI)
5. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
True Attack Stimulus
Exercise
Embedded Systems
Digital Signature
6. A temporary public file to inform others of a compromised digital certificate
IDS Intrusion Detection System
Time Of Check/Time Of Use
Certificate Revocation List (CRL)
Microwave
7. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Non-Interference
Integrated Test
DR Or BC Coordinator
Resumption
8. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Executive Succession
Countermeasure
Legacy Data
Source Routing Exploitation
9. A race condition where the security changes during the object's access
Analysis
Site Policy Awareness
Time Of Check/Time Of Use
Mission-Critical Application
10. Something that happened
Event
Database Shadowing
Modems
Side Channel Attack
11. For PKI - to store another copy of a key
Key Escrow
Administrative Law
Alarm Filtering
Mirroring
12. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Critical Functions
Cache
Worldwide Interoperability for Microwave Access (WI-MAX )
Information Risk Management (IRM)
13. OOP concept of an object's abilities - what it does
Method
Patent
Kerckhoff's Principle
Object Reuse
14. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.
Waterfall
Administrative Laws
Triage
Internal Use Only
15. Threats x Vulnerability x Asset Value = Total Risk
Man-In-The-Middle Attack
Total Risk
Uninterruptible Power Supply (UPS)
CPU Cache
16. Pertaining to law - verified as real
3 Types of harm Addressed in computer crime laws
Authentic
Data Warehouse
Test Plan
17. Maintenance procedures outline the process for the review and update of business continuity plans.
Site Policy Awareness
Plan Maintenance Procedures
MOM
Hub
18. Total number of keys available that may be selected by the user of a cryptosystem
Coaxial Cable
Key Space
Emergency Procedures
Dangling Pointer
19. To jump to a conclusion
Hot Spares
Orange Book A Classification
Inference
Intrusion Prevention Systems
20. A basic level of network access control that is based upon information contained in the IP packet header.
ISO/IEC 27001
Packet Filtering
Discretionary
Dictionary Attack
21. A technology that reduces the size of a file.
Remanence
Compression
Residual Risk
Mobile Recovery
22. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Standalone Test
Due Diligence
Remote Journaling
Certification
23. An asymmetric cryptography mechanism that provides authentication.
Electronic Vaulting
Firewall
Digital Signature
Surveillance
24. More than one processor sharing same memory - also know as parallel systems
Durability
Multi-Processor
Preemptive
Discretionary
25. Evaluation of a system without prior knowledge by the tester
Dangling Pointer
Access Control
Blind Testing
Disaster Recovery Plan
26. A subnetwork with storage devices servicing all servers on the attached network.
Firewalls
Storage Area Network (SAN)
Business Recovery Team
Database Replication
27. A collection of information designed to reduce duplication and increase integrity
Detective
Electronic Vaulting
Databases
Decipher
28. A set of laws that the organization agrees to be bound by
IP Fragmentation
Administrative Law
Checkpoint
Wait
29. Pertaining to law - accepted by a court
Targeted Testing
Assembler
Admissible
Exposure
30. Uncleared buffers or media
Cryptography
Log
Replication
Object Reuse
31. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Examples of non-technical security components
Disaster Recovery Tape
Cryptanalysis
Hard Disk
32. To smooth out reductions or increases in power
Workaround Procedures
Cipher Text
Multi-Party Control
UPS
33. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.
Tracking
Botnet
Active Data
Cross Certification
34. Act of luring an intruder and is legal.
Embedded
Enticement
Interference (Noise)
Bollard
35. Someone who wants to cause harm
Trapdoors (Backdoors) (Maintenance Hooks)
Policy
Attacker (Black hat - Hacker)
Inrush Current
36. The first rating that requires security labels
Picking
Class
Orange Book B1 Classification
Complete
37. A condition in which neither party is willing to stop their activity for the other to complete
Deadlock
Public Key Infrastructure (PKI)
Worm
Hearsay Evidence
38. A physical enclosure for verifying identity before entry to a facility
Memory Management
Mirrored Site
Mantrap (Double Door System)
Business Continuity Planning (BCP)
39. Deals with discretionary protection
Orange Book C Classification
Certification
Plan Maintenance Procedures
Data Dictionary
40. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.
Orange Book B2 Classification
Cross-Site Scripting
Data Backups
Multi-Party Control
41. Guidelines within an organization that control the rules and configurations of an IDS
Vital Record
Site Policy
Consistency
Detection
42. Memory management technique that allows two processes to run concurrently without interaction
Data Marts
Application Programming Interface
Protection
Business Continuity Program
43. Recovery alternative which outsources a business function at a cost
Tort
Service Bureau
Guidelines
Fraggle
44. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Control Type
Repeaters
TIFF (Tagged Image File Format)
Remanence
45. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Business Interruption
CPU Cache
Accountability
Critical Records
46. Pertaining to law - high degree of veracity
Access Control Lists
Information Technology Security Evaluation Criteria - ITSEC
Waterfall
Accurate
47. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
Cache
SQL Injection
Accreditation
Instance
48. Planning with a goal of returning to the normal business function
Smurf
Slack Space
Restoration
Infrastructure
49. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
3 Types of harm Addressed in computer crime laws
Slack Space
Interference (Noise)
TNI (Red Book)
50. Code breaking - practice of defeating the protective properties of cryptography.
Cryptanalysis
Common Criteria
Site Policy Awareness
Locard's Principle
