SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security policy - procedures - and compliance enforcement
Processes are Isolated By
Binary
Examples of non-technical security components
Walk Though
2. A failure of an IDS to detect an actual attack
False Negative
Durability
Fire Detection
Cold Site
3. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
Recovery
Enticement
Satellite
Multi-Programming
4. Mediation of subject and object interactions
Emergency Procedures
Steganography
Access Control
Work Factor
5. More than one processor sharing same memory - also know as parallel systems
Multi-Processor
Vital Record
Residual Data
Proxies
6. Converts a high level language into machine language
Key Management
Blind Testing
Containment
Assembler
7. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Mandatory
Mission-Critical Application
Generator
Plain Text
8. Recovery alternative - everything needed for the business function - except people and last backup
Trusted Computing Base
Hot Site
Transients
Mixed Law System
9. Process of statistically testing a data set for the likelihood of relevant information.
Packet Filtering
Simulation Test
Intrusion Detection Systems
Sampling
10. Location where coordination and execution of BCP or DRP is directed
Safeguard
Emergency Operations Center (EOC)
Activation
Risk Assessment / Analysis
11. A world-wide wireless technology
Firmware
Call Tree
Codec
Wireless Fidelity (Wi-Fi )
12. Reduction of voltage by the utility company for a prolonged period of time
Digital Certificate
Key Clustering
BCP Testing Drills and Exercises
Brownout
13. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Multi-Processor
Recovery Point Objective (RPO)
Separation Of Duties
Firmware
14. A programming device use in development to circumvent controls
Rootkit
Memory Management
Intrusion Detection Systems
Trapdoors (Backdoors) (Maintenance Hooks)
15. Use of specialized techniques for recovery - authentication - and analysis of electronic data
Cryptovariable
Total Risk
Computer Forensics
MOM
16. Real-time - automatic and transparent backup of data.
Remote Journaling
Mandatory Vacations
Pointer
Hijacking
17. A software design technique for abstraction of a process
Disaster Recovery Tape
Fire Suppression
Risk
Data Hiding
18. A computer designed for the purpose of studying adversaries
Fraggle
Waterfall
Threads
Honeypot
19. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
Trade Secret
Vital Record
Internal Use Only
Mirroring
20. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Discretionary Access Control (DAC)
Reciprocal Agreement
Physical Tampering
Cryptology
21. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Inheritance
Acronym for American Standard Code for Information Interchange (ASCII)
Non-Repudiation
Dictionary Attack
22. Methodical research of an incident with the purpose of finding the root cause
Mobile Site
Application Programming Interface
Enticement
Investigation
23. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Botnet
Information Owner
Workaround Procedures
Framework
24. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
TNI (Red Book)
Top Secret
Recovery Time Objectives
Digital Certificate
25. Hiding the fact that communication has occurred
Mobile Site
Steganography
Payload
Replication
26. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Job Rotation
War Dialing
Object Oriented Programming (OOP)
Hard Disk
27. Return to a normal state
Full Test (Full Interruption)
Recovery
Non-Interference
Denial Of Service
28. A process state - to be executing a process on the CPU
Accurate
Running
Deadlock
Dictionary Attack
29. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Business Records
Quantitative Risk Analysis
Hash Function
Degauss
30. Inappropriate data
Message Digest
Data Dictionary
Malformed Input
Open Mail Relay Servers
31. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Trademark
Information Technology Security Evaluation Criteria - ITSEC
Custodian
Warm Site
32. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Journaling
Common Law
Repeaters
Fragmented Data
33. A control before attack
True Attack Stimulus
Full Test (Full Interruption)
Supervisor Mode (monitor - system - privileged)
Safeguard
34. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
Analysis
Information Flow Model
Processes are Isolated By
BCP Testing Drills and Exercises
35. Used to code/decode a digital data stream.
Domain
Codec
Data Leakage
Birthday Attack
36. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.
Business Unit Recovery
Rootkit
Spam
Bridge
37. A programming design concept which abstracts one set of functions from another in a serialized fashion
Malformed Input
Layering
SYN Flooding
Analysis
38. DoS - Spoofing - dictionary - brute force - wardialing
Policy
Mobile Site
ISO/IEC 27001
Access Control Attacks
39. A hash that has been further encrypted with a symmetric algorithm
Cryptography
IP Fragmentation
Embedded
Keyed-Hashing For Message Authentication
40. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Due Diligence
Accurate
Emergency
Incident Response
41. An availability attack - to consume resources to the point of exhaustion
Transients
Denial Of Service
IDS Intrusion Detection System
Access Control Attacks
42. Weakness or flaw in an asset
Multi-Tasking
Instance
Event
Vulnerability
43. Employment education done once per position or at significant change of function
Job Training
Trapdoors (Backdoors) (Maintenance Hooks)
Proprietary
Double Blind Testing
44. Memory management technique which allows data to be moved from one memory address to another
Relocation
Recovery
Transients
Cryptology
45. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.
IP Address Spoofing
Privacy Laws
Fragmented Data
Certification
46. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Policy
Preemptive
Network Attached Storage (NAS)
Processes are Isolated By
47. OOP concept of a class's details to be hidden from object
Mandatory
Hard Disk
Firewalls
Encapsulation
48. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
Security Kernel
System Life Cycle
Multi-Party Control
Identification
49. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Classification
Security Blueprint
Electrostatic Discharge
Generator
50. A backup type - for databases at a point in time
Full Test (Full Interruption)
Identification
Shadowing (file shadowing)
Process Isolation