SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The one person responsible for data - its classification and control setting
Trade Secret
Information Owner
Man-In-The-Middle Attack
Keyed-Hashing For Message Authentication
2. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.
Kernel
Residual Data
Threats
2-Phase Commit
3. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Non-Interference
Access Control Attacks
Exposure
Keyed-Hashing For Message Authentication
4. Hiding the fact that communication has occurred
Steganography
Watermarking
Orange Book A Classification
Polymorphism
5. Unauthorized wireless network access device.
Rogue Access Points
Operational
Burn
Cross-Site Scripting
6. Indivisible - data field must contain only one value that either all transactions take place or none do
Atomicity
Labeling
Site Policy
Log
7. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Damage Assessment
Deletion
Hearsay Evidence
Microwave
8. A type of multitasking that allows for more even distribution of computing time among competing request
Alternate Data Streams (File System Forks)
Preemptive
Protection
Containment
9. Potential danger to information or systems
Hacker
Threats
Routers
TEMPEST
10. Information about a particular data set
Brownout
Security Clearance
Metadata
Education
11. Policy or stated actions
Journaling
Warm Site
Due Care
Containment
12. Highest level of authority at EOC with knowledge of the business process and the resources available
Assembler
Corrective
Incident Manager
Asymmetric
13. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Classification Scheme
SYN Flooding
Satellite
Boot (V.)
14. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Orange Book D Classification
Alert
Repeaters
Legacy Data
15. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
Recovery Period
TCSEC (Orange Book)
Parallel Test
Aggregation
16. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
Exposure
Microwave
Object
System Life Cycle
17. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.
Business Recovery Team
Malformed Input
Packet Filtering
Bumping
18. Small data files written to a user's hard drive by a web server.
Cookie
Business Records
Data Warehouse
Structured Walk-Through Test
19. A unit of execution
Threads
Access Point
Ring Protection
ISO/IEC 27002
20. Deals with discretionary protection
Mantrap (Double Door System)
Coaxial Cable
Orange Book C Classification
Enticement
21. Collection of data on business functions which determines the strategy of resiliency
Hot Site
Capability Tables
Business Impact Assessment (BIA)
Logic Bomb
22. An administrative unit or a group of objects and subjects controlled by one reference monitor
Orange Book B2 Classification
Discretionary Access Control (DAC)
Security Domain
Site Policy Awareness
23. Act of scrambling the cleartext message by using a key.
Criminal Law
Encipher
Business Recovery Timeline
Archival Data
24. Impossibility of denying authenticity and identity
Mandatory Access Control (MAC)
Non-Repudiation
Certification Authority
Generator
25. A copy of transaction data - designed for querying and reporting
Analysis
Separation Of Duties
Data Warehouse
Distributed Processing
26. Total number of keys available that may be selected by the user of a cryptosystem
File Server
TCSEC (Orange Book)
Emergency
Key Space
27. A temporary public file to inform others of a compromised digital certificate
Entrapment
Certificate Revocation List (CRL)
Redundant Array Of Independent Drives (RAID)
Denial Of Service
28. A world-wide wireless technology
Identification
Mobile Recovery
Wireless Fidelity (Wi-Fi )
Asymmetric
29. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Message Digest
Threads
Recovery Point Objective (RPO)
TEMPEST
30. A set of laws that the organization agrees to be bound by
Transfer
Radio Frequency Interference (RFI)
Administrative Law
Data Integrity
31. Scrambled form of the message or data
Recovery Point Objective (RPO)
Service Bureau
Warm Site
Cipher Text
32. Record of system activity - which provides for monitoring and detection.
Object Reuse
Mantrap (Double Door System)
Information Risk Management (IRM)
Log
33. The principles a person sets for themselves to follow
Archival Data
Ethics
Structured Walkthrough
Bit
34. To collect many small pieces of data
Mandatory Vacations
Electromagnetic Interference (EMI)
Aggregation
Alarm Filtering
35. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Work Factor
Boot (V.)
Labeling
Information Technology Security Evaluation Criteria - ITSEC
36. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
Site Policy Awareness
Relocation
Electrostatic Discharge
Durability
37. Information about data or records
Metadata
Non-Discretionary Access Control
Chain Of Custody
Hijacking
38. Consume resources to a point of exhaustion - loss of availability
Assembler
Recovery
Covert Channel
Denial Of Service
39. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data
Threads
Byte Level Deletion
Custodian
Corrective
40. A system that enforces an access control policy between two networks.
Guidelines
Mission-Critical Application
Compiler
Firewalls
41. Business and technical process of applying security software updates in a regulated periodic way
Separation Of Duties
Security Clearance
Patch Management
IP Fragmentation
42. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Incident Response
Life Cycle of Evidence
Embedded
Due Diligence
43. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Rollback
Residual Risk
Resumption
Authorization
44. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.
Bit
Restoration
Data Marts
Access Control Lists
45. Potentially compromising leakage of electrical or acoustical signals.
Containment
Emanations
Authentic
Interpreter
46. Written suggestions that direct choice to a few alternatives
Guidelines
Recovery
Highly Confidential
CPU Cache
47. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Satellite
Consistency
Call Tree
Activation
48. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
Administrative Access Controls
TNI (Red Book)
Database Replication
Intrusion Prevention Systems
49. Inference about encrypted communications
False Negative
Digital Signature
Botnet
Side Channel Attack
50. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.
Multilevel Security System
Spiral
Data Backups
Operating