SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To segregate for the purposes of labeling
Threat Agent
Encapsulation
Compartmentalize
Accurate
2. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Emergency
CobiT
Multi-Processor
Physical Tampering
3. An image compression standard for photographs
JPEG (Joint Photographic Experts Group)
3 Types of harm Addressed in computer crime laws
Non-Discretionary Access Control
Distributed Processing
4. Tool which mediates access
Object Oriented Programming (OOP)
Examples of non-technical security components
Control
Total Risk
5. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Alert
Emanations
Tracking
Data Dictionary
6. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
System Life Cycle
Disaster Recovery Tape
Structured Walk-Through Test
Data Leakage
7. To jump to a conclusion
Data Recovery
IP Fragmentation
Inference
Multi-Party Control
8. A risk assessment method - measurable real money cost
Failure Modes and Effect Analysis (FEMA)
Quantitative
Surge Suppressor
Denial Of Service
9. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Memory Management
Concentrator
Life Cycle of Evidence
Emergency Operations Center (EOC)
10. Creation distribution update and deletion
Monitor
Ethics
Computer System Evidence
Key Management
11. Just enough access to do the job
Data Recovery
Least Privilege
Moore's Law
Prevention
12. Subject based description of a system or a collection of resources
Recovery Period
Capability Tables
Firmware
Digital Signature
13. Unsolicited commercial email
Surveillance
Governance
Spam
Fault Tolerance
14. A covert storage channel on the file attribute
Key Management
Key Escrow
Containment
Alternate Data Streams (File System Forks)
15. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Mission-Critical Application
User
Alarm Filtering
Payload
16. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
TNI (Red Book)
Aggregation
Desk Check Test
Asymmetric
17. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
Brute Force
Technical Access Controls
Object Reuse
Virtual Memory
18. Reduces causes of fire
Overlapping Fragment Attack
Fire Prevention
Bumping
Physical Tampering
19. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.
Orange Book A Classification
Critical Infrastructure
Identification
Distributed Processing
20. A planned or unplanned interruption in system availability.
Business Continuity Program
Criminal Law
EMI
System Downtime
21. Wrong against society
Criminal Law
Waterfall
Incident Response
Incident
22. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Fire Detection
Replication
Operational Impact Analysis
Mandatory Access Control (MAC)
23. A Trojan horse with the express underlying purpose of controlling host from a distance
Internal Use Only
Remote Access Trojan
False Attack Stimulus
Trademark
24. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
Need-To-Know
Corrective
Risk Mitigation
Certification Authority
25. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Data Custodian
Security Blueprint
Fault
Integrated Test
26. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
Site Policy Awareness
Denial Of Service
3 Types of harm Addressed in computer crime laws
Alarm Filtering
27. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
Complete
IP Fragmentation
Basics Of Secure Design
Simulation Test
28. A type of attack involving attempted insertion - deletion or altering of data.
Modification
Fragmented Data
Encapsulation
Territoriality
29. System of law based upon what is good for society
Checklist Test
Containment
Electronic Vaulting
Civil Or Code Law
30. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
Confidence Value
Permutation /Transposition
One Time Pad
Non-Repudiation
31. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress
Data Custodian
True Attack Stimulus
Trapdoors (Backdoors) (Maintenance Hooks)
Transients
32. A software design technique for abstraction of a process
Data Hiding
Structured Walk-Through Test
Multi-Processing
Data Leakage
33. Lower frequency noise
Event
Common Criteria
Data Custodian
Radio Frequency Interference (RFI)
34. Measures followed to restore critical functions following a security incident.
EMI
Phishing
Recovery
Surveillance
35. Guidelines within an organization that control the rules and configurations of an IDS
Operational Impact Analysis
Service Bureau
Site Policy
Threats
36. An encryption method that has a key as long as the message
Running Key
Trademark
Proxies
Brute Force
37. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
Fire Classes
Restoration
Remote Journaling
Access Control Lists
38. Controls for termination of attempt to access object
True Attack Stimulus
Trademark
Primary Storage
Intrusion Prevention Systems
39. Low level - pertaining to planning
ITSEC
Data Recovery
Off-Site Storage
Tactical
40. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Slack Space
Business Impact Analysis
Boot (V.)
Structured Walk-Through Test
41. Those who initiate the attack
UPS
Steganography
Proprietary
Threat Agent
42. Written step-by-step actions
Attacker (Black hat - Hacker)
Procedure
Mirroring
Kerckhoff's Principle
43. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Data Recovery
Secondary Storage
Data Dictionary
Risk Mitigation
44. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Firmware
Satellite
Processes are Isolated By
Interference (Noise)
45. Malware that subverts the detective controls of an operating system
Rootkit
Processes are Isolated By
Digital Certificate
Custodian
46. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Mock Disaster
Concatenation
Work Factor
Civil Law
47. Mediation of subject and object interactions
Mobile Recovery
Basics Of Secure Design
Governance
Access Control
48. Business and technical process of applying security software updates in a regulated periodic way
Investigation
Patch Management
Surveillance
Access Control Lists
49. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept
Intrusion Detection Systems
Fire Suppression
Inference
Ring Protection
50. Actions measured against either a policy or what a reasonable person would do
Detective
Due Diligence
Buffer Overflow
Basics Of Secure Design