SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Eavesdropping on network communications by a third party.
Sniffing
Cryptovariable
Birthday Attack
Kerckhoff's Principle
2. A programming design concept which abstracts one set of functions from another in a serialized fashion
SQL Injection
Vital Record
Layering
Denial Of Service
3. Control type- that is communication based - typically written or oral
Proprietary
Checkpoint
Administrative
Common Law
4. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Polyalphabetic
Hub
Key Escrow
Mock Disaster
5. Narrow scope examination of a system
Targeted Testing
Information Flow Model
Multi-Core
Public Key Infrastructure (PKI)
6. Weakness or flaw in an asset
Qualitative
Vulnerability
Reference Monitor
Cryptography
7. A failure of an IDS to detect an actual attack
Modification
False Negative
Object Oriented Programming (OOP)
Simulation Test
8. To set the clearance of a subject or the classification of an object
Multilevel Security System
Labeling
Failure Modes and Effect Analysis (FEMA)
Architecture
9. Renders the record inaccessible to the database management system
Record Level Deletion
Process Isolation
Key Clustering
Reciprocal Agreement
10. Measures followed to restore critical functions following a security incident.
Recovery
Transients
Damage Assessment
Custodian
11. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.
Notification
Privacy Laws
Complete
Access Control Matrix
12. Those who initiate the attack
Sniffing
Threat Agent
Forward Recovery
Administrative Laws
13. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.
Copyright
Interference (Noise)
Identification
Risk Assessment / Analysis
14. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Reciprocal Agreement
Data Integrity
Byte Level Deletion
Need-To-Know
15. Encryption system using a pair of mathematically related unequal keys
Asymmetric
Shift Cipher (Caesar)
Restoration
Revocation
16. Responsibility for actions
Dangling Pointer
Worm
Accreditation
Liability
17. Inference about encrypted communications
Standard
Disaster Recovery Teams (Business Recovery Teams)
Side Channel Attack
Critical Infrastructure
18. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Degauss
Rootkit
Coaxial Cable
Radio Frequency Interference (RFI)
19. A backup type - for databases at a point in time
File
On-Site
Lattice
Shadowing (file shadowing)
20. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
Analysis
Critical Functions
Trusted Computing Base
Computer System Evidence
21. Process of statistically testing a data set for the likelihood of relevant information.
Multi-Processor
Sampling
Codec
State Machine Model
22. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Content Dependent Access Control
Teardrop
Monitor
Emergency Operations Center (EOC)
23. Mediation of subject and object interactions
Access Control
Physical Tampering
Keyed-Hashing For Message Authentication
Authentic
24. Autonomous malware that requires a flaw in a service
Worm
Multi-Tasking
Multi-Processing
Codec
25. A process state - to be either be unable to run waiting for an external event or terminated
Analysis
Machine Language (Machine Code)
Stopped
System Life Cycle
26. Wrong against society
Criminal Law
Total Risk
Full Test (Full Interruption)
Security Blueprint
27. A race condition where the security changes during the object's access
Notification
Time Of Check/Time Of Use
Enticement
Generator
28. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Packet Filtering
MOM
Double Blind Testing
Disaster Recovery Tape
29. To move from location to location - keeping the same function
MOM
Shielding
State Machine Model
Job Rotation
30. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Exercise
Change Control
Need-To-Know
Mantrap (Double Door System)
31. Collection of data on business functions which determines the strategy of resiliency
File Level Deletion
Fault
Business Impact Assessment (BIA)
Detective
32. Part of a transaction control for a database which informs the database of the last recorded transaction
Checkpoint
Electromagnetic Interference (EMI)
Deleted File
Administrative
33. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due
Incident Handling
Separation Of Duties
Elements of Negligence
Alarm Filtering
34. A electronic attestation of identity by a certificate authority
MOM
Fault Tolerance
Digital Certificate
Damage Assessment
35. Computing power will double every 18 months
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
36. Moving letters around
Separation Of Duties
Attacker (Black hat - Hacker)
Mobile Site
Permutation /Transposition
37. Hitting a filed down key in a lock with a hammer to open without real key
Bumping
Data Leakage
Surge
Content Dependent Access Control
38. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Workaround Procedures
Emergency Procedures
Admissible
Business Impact Analysis
39. The guardian of asset(s) - a maintenance activity
Sharing
Faraday Cage/ Shield
Custodian
Security Kernel
40. Controls for logging and alerting
Intrusion Detection Systems
Gateway
Cookie
Common Criteria
41. Inappropriate data
Deadlock
Centralized Access Control Technologies
Data Backup Strategies
Malformed Input
42. Owner directed mediation of access
Discretionary
Object
Generator
Fraggle
43. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Physical Tampering
Orange Book D Classification
Near Site
Authentication
44. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware
Pervasive Computing and Mobile Computing Devices
Cross-Site Scripting
Access Control Lists
Strong Authentication
45. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
Masquerading
Declaration
IP Fragmentation
Mock Disaster
46. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.
Message Digest
Trusted Computing Base
Redundant Servers
Cryptography
47. A mathematical tool for verifying no unintentional changes have been made
Checksum
Running
Event
Bit
48. Malware that makes small random changes to many data points
Data Diddler
Risk Mitigation
Transfer
Coaxial Cable
49. Descrambling the encrypted message with the corresponding key
Durability
Decipher
Attacker (Black hat - Hacker)
Plaintext
50. Employment education done once per position or at significant change of function
Tar Pits
Job Training
Access Control Matrix
Degauss