SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Collisions
Vulnerability
Confidence Value
Hard Disk
2. OOP concept of a class's details to be hidden from object
Safeguard
Encapsulation
Operational Test
ISO/IEC 27002
3. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.
Electronic Vaulting
Emanations
Detection
Archival Data
4. Short period of low voltage.
Debriefing/Feedback
Fraggle
Sag/Dip
TNI (Red Book)
5. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Repeaters
Administrative Access Controls
Residual Data
Work Factor
6. Low level - pertaining to planning
Inference
Multilevel Security System
Exposure
Tactical
7. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.
Archival Data
Fault
Recovery Point Objective (RPO)
Deleted File
8. Descrambling the encrypted message with the corresponding key
Decipher
Compensating
Redundant Array Of Independent Drives (RAID)
Physical Tampering
9. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Highly Confidential
Mandatory
Desk Check Test
Acronym for American Standard Code for Information Interchange (ASCII)
10. Intellectual property protection for the expression of an idea
Copyright
Top Secret
Education
Detection
11. Planning with a goal of returning to the normal business function
Simulation Test
Critical Functions
Restoration
Plan Maintenance Procedures
12. Review of data
Incident Manager
Analysis
Disk Mirroring
Hearsay Evidence
13. Intermediate level - pertaining to planning
Operational
Administrative Laws
Spiral
Switches
14. A layer 2 device that used to connect two network segments and regulate traffic.
Structured Walk-Through Test
Bridge
Change Control
Checkpoint
15. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Twisted Pair
Overlapping Fragment Attack
Mock Disaster
Adware
16. Binary decision by a system of permitting or denying access to the entire system
E-Mail Spoofing
Gateway
Authentication
Polyalphabetic
17. Business and technical process of applying security software updates in a regulated periodic way
Business Unit Recovery
Incident Manager
Internal Use Only
Patch Management
18. A type of attack involving attempted insertion - deletion or altering of data.
Modification
Memory Management
Mobile Recovery
Top Secret
19. DoS - Spoofing - dictionary - brute force - wardialing
Accurate
Electronic Vaulting
Access Control Attacks
Assembler
20. Part of a transaction control for a database which informs the database of the last recorded transaction
Restoration
Object Oriented Programming (OOP)
Checkpoint
Sharing
21. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Trade Secret
IP Address Spoofing
Multilevel Security System
Technical Access Controls
22. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Hub
Cross Certification
JPEG (Joint Photographic Experts Group)
Analysis
23. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
Central Processing Unit (CPU)
Accountability
Multi-Programming
Safeguard
24. Someone who wants to cause harm
Attacker (Black hat - Hacker)
Due Diligence
Admissible
Monitor
25. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.
Burn
Symmetric
Network Attached Storage (NAS)
Hot Spares
26. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Rogue Access Points
False Attack Stimulus
Chain Of Custody
Alarm Filtering
27. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
Orange Book A Classification
Territoriality
Identification
ISO/IEC 27001
28. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Worm
BCP Testing Drills and Exercises
Wait
Strong Authentication
29. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
Cross Training
Deterrent
Virtual Memory
Recovery Point Objective (RPO)
30. Security policy - procedures - and compliance enforcement
Electronic Vaulting
Byte
Technical Access Controls
Examples of non-technical security components
31. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Total Risk
Revocation
Business Continuity Planning (BCP)
Slack Space
32. Object based description of a single resource and the permission each subject
Executive Succession
Man-In-The-Middle Attack
Access Control Lists
Physical Tampering
33. One of the key benefits of a network is the ability to share files stored on the server among several users.
Fault
File Sharing
UPS
Fraggle
34. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Interception
Recovery
Tapping
Forward Recovery
35. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
Information Technology Security Evaluation Criteria - ITSEC
Conflict Of Interest
TCSEC (Orange Book)
Virus
36. False memory reference
Critical Functions
Detection
Secondary Storage
Dangling Pointer
37. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.
Alternate Site
Multi-Processor
Residual Data
Surge Suppressor
38. What is will remain - persistence
Critical Infrastructure
Botnet
Event
Durability
39. Mathematical function that determines the cryptographic operations
Compensating
Threat Agent
Algorithm
Mandatory
40. Autonomous malware that requires a flaw in a service
Worm
Digital Signature
Encipher
Metadata
41. Responsibility for actions
Degauss
Liability
Burn
Restoration
42. Some systems are actually run at the alternate site
Interpreter
Parallel Test
Inference
Archival Data
43. Two certificate authorities that trust each other
3 Types of harm Addressed in computer crime laws
Cross Certification
Firewalls
Alternate Data Streams (File System Forks)
44. A unit of execution
Key Space
Shift Cipher (Caesar)
Threads
Notification
45. System directed mediation of access with labels
Mandatory
Uninterruptible Power Supply (UPS)
Denial Of Service
Vulnerability
46. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Common Law
Remanence
Pervasive Computing and Mobile Computing Devices
Data Owner
47. The hard drive
Secondary Storage
Pervasive Computing and Mobile Computing Devices
Alert/Alarm
Standalone Test
48. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Examples of non-technical security components
Electrostatic Discharge
Data Integrity
Orange Book D Classification
49. The collection and summation of risk data relating to a particular asset and controls for that asset
Phishing
Quantitative Risk Analysis
Electronic Vaulting
Risk Assessment
50. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Fire Suppression
Journaling
Information Technology Security Evaluation Criteria - ITSEC
Codec