SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
TNI (Red Book)
File Sharing
Tort
SQL Injection
2. Information about a particular data set
Metadata
State Machine Model
Packet Filtering
Custodian
3. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Incident Manager
Fraggle
HTTP Response Splitting
Quantitative
4. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services
Access Control Lists
Data Leakage
Generator
Data Dictionary
5. Potentially compromising leakage of electrical or acoustical signals.
Interference (Noise)
Remote Journaling
Triage
Emanations
6. One way encryption
Hash Function
Internal Use Only
Ethics
Keystroke Logging
7. A backup of data located where staff can gain access immediately
Mobile Recovery
Decipher
Symmetric
On-Site
8. A collection of information designed to reduce duplication and increase integrity
Man-In-The-Middle Attack
Running
Databases
MOM
9. A group or network of honeypots
False Negative
Orange Book D Classification
Key Escrow
Honeynet
10. A one way - directed graph which indicates confidentiality or integrity flow
Computer System Evidence
Denial Of Service
Lattice
Inheritance
11. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
Triage
Spyware
ISO/IEC 27002
Test Plan
12. RADIUS - TACACS+ - Diameter
Centralized Access Control Technologies
Administrative Laws
Information Flow Model
Worldwide Interoperability for Microwave Access (WI-MAX )
13. Regular operations are stopped and where processing is moved to the alternate site.
Binary
Control Category
Message Digest
Full-Interruption test
14. Record of system activity - which provides for monitoring and detection.
Log
Firmware
E-Mail Spoofing
Business Interruption
15. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
Distributed Processing
Accreditation
Proxies
Incident Response
16. To execute more than one instruction at an instant in time
Multi-Processing
Access Control Attacks
Data Integrity
Analysis
17. Control category - more than one control on a single asset
Double Blind Testing
Compensating
Intrusion Prevention Systems
Security Blueprint
18. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
Fiber Optics
Fire Classes
Key Space
Contact List
19. A Denial of Service attack that floods the target system with connection requests that are not finalized.
SYN Flooding
Detection
CPU Cache
Sampling
20. Initial surge of current
Desk Check Test
Logic Bomb
Inrush Current
Job Training
21. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
IDS Intrusion Detection System
Relocation
Site Policy Awareness
Processes are Isolated By
22. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
IP Fragmentation
Discretionary Access Control (DAC)
Smurf
Business Interruption
23. Intellectual property management technique for identifying after distribution
Common Law
Multi-Processor
Intrusion Detection Systems
Watermarking
24. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Recovery Point Objective (RPO)
TCSEC (Orange Book)
Kernel
Crisis
25. Is secondhand and usually not admissible in court
Certification
Hearsay Evidence
Residual Data
Active Data
26. OOP concept of an object at runtime
Total Risk
Database Shadowing
Instance
Business Recovery Timeline
27. Asymmetric encryption of a hash of message
Generator
Digital Signature
Certification
Collisions
28. Line noise that is superimposed on the supply circuit.
Transients
Off-Site Storage
Alert/Alarm
Mandatory Vacations
29. To create a copy of data as a precaution against the loss or damage of the original data.
Method
Access Control Attacks
Backup
State Machine Model
30. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Kerberos
Steganography
Relocation
Hacker
31. Unauthorized wireless network access device.
Rogue Access Points
Simulation Test
Reference Monitor
Proprietary
32. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
Walk Though
Access Control Attacks
Virtual Memory
File Extension
33. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
Virtual Memory
Structured Walk-Through Test
Liability
Orange Book D Classification
34. For PKI - to store another copy of a key
Sequence Attacks
Isolation
Masked/Interruptible
Key Escrow
35. High level - pertaining to planning
Patch Panels
Hub
Surge
Strategic
36. A risk assessment method - measurable real money cost
Criminal Law
Detection
Mock Disaster
Quantitative
37. Moving the alphabet intact a certain number spaces
Shift Cipher (Caesar)
Least Privilege
Incident Handling
Uninterruptible Power Supply (UPS)
38. An image compression standard for photographs
Criminal Law
JPEG (Joint Photographic Experts Group)
Data Hiding
Triage
39. May be responsible for overall recovery of an organization or unit(s).
Digital Certificate
Business Impact Assessment (BIA)
Sniffing
DR Or BC Coordinator
40. Quantity of risk remaining after a control is applied
Residual Risk
Inheritance
Notification
Private Branch Exchange (PBX)
41. A process state - (blocked) needing input before continuing
Central Processing Unit (CPU)
Wait
Generator
Fragmented Data
42. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Centralized Access Control Technologies
Administrative Access Controls
Compartmentalize
Guidelines
43. Identification and notification of an unauthorized and/or undesired action
Detection
Orange Book C2 Classification
Multilevel Security System
Class
44. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Kerckhoff's Principle
Mandatory Access Control (MAC)
Picking
Examples of non-technical security components
45. Recording the Who What When Where How of evidence
Operational Impact Analysis
Reference Monitor
Voice Over IP (VOIP)
Chain Of Custody
46. A state for operating system tasks only
Infrastructure
Work Factor
Conflict Of Interest
Supervisor Mode (monitor - system - privileged)
47. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Aggregation
Investigation
Security Kernel
Application Programming Interface
48. A device that converts between digital and analog representation of data.
Disaster Recovery Teams (Business Recovery Teams)
Modems
Emergency Operations Center (EOC)
TCSEC (Orange Book)
49. Small data files written to a user's hard drive by a web server.
Education
Cookie
Alternate Data Streams (File System Forks)
Separation Of Duties
50. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Analysis
Cross Certification
2-Phase Commit
Data Backups
