SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The guardian of asset(s) - a maintenance activity
Executive Succession
Custodian
Private Branch Exchange (PBX)
Masked/Interruptible
2. Policy or stated actions
Archival Data
Cache
Due Care
Mirroring
3. A database backup type which records at the transaction level
Remote Journaling
Acronym for American Standard Code for Information Interchange (ASCII)
Revocation
Privacy Laws
4. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
Degauss
Data Integrity
Hard Disk
Reciprocal Agreement
5. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Physical Tampering
Sequence Attacks
Application Programming Interface
Need-To-Know
6. Creation distribution update and deletion
File Extension
Access Control
Business Continuity Steering Committee
Key Management
7. A state for operating system tasks only
Critical Infrastructure
Journaling
Due Diligence
Supervisor Mode (monitor - system - privileged)
8. Process whereby data is removed from active files and other data storage structures
Data Diddler
Overlapping Fragment Attack
Deletion
Interpreter
9. Data or interference that can trigger a false positive
Key Space
Mandatory Access Control (MAC)
Noise
Exercise
10. Pertaining to law - high degree of veracity
Accurate
Due Diligence
Conflict Of Interest
Exposure
11. A program with an inappropriate second purpose
Concatenation
Trojan Horse
Inference
Layering
12. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
IDS Intrusion Detection System
Brouter
Incident Response
Central Processing Unit (CPU)
13. To collect many small pieces of data
Aggregation
Mandatory Vacations
Security Kernel
Record Level Deletion
14. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
Shielding
Shadowing (file shadowing)
Resumption
Confidence Value
15. Autonomous malware that requires a flaw in a service
TIFF (Tagged Image File Format)
Worm
System Downtime
Information Technology Security Evaluation Criteria - ITSEC
16. Moving letters around
Permutation /Transposition
Custodian
Threads
Honeypot
17. The one person responsible for data - its classification and control setting
Critical Infrastructure
Information Owner
Threats
Intrusion Prevention Systems
18. Owner directed mediation of access
Job Rotation
Surge
Hijacking
Discretionary
19. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
BCP Testing Drills and Exercises
Mirroring
Cryptanalysis
Digital Signature
20. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
3 Types of harm Addressed in computer crime laws
Source Routing Exploitation
Brute Force
MOM
21. Recovery alternative - a building only with sufficient power - and HVAC
Cold Site
Preemptive
Keyed-Hashing For Message Authentication
Operational Test
22. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.
Discretionary
Risk Assessment / Analysis
Network Attached Storage (NAS)
Information Owner
23. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Risk Assessment
Smurf
Job Training
Source Routing Exploitation
24. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.
Life Cycle of Evidence
Non-Discretionary Access Control
Shielding
Archival Data
25. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
IP Fragmentation
Inrush Current
Digital Signature
File Shadowing
26. Of a system without prior knowledge by the tester or the tested
Double Blind Testing
Spyware
Emergency Procedures
Polyalphabetic
27. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Strong Authentication
Class
TEMPEST
Integrated Test
28. Physical description on the exterior of an object that communicates the existence of a label
Reciprocal Agreement
Orange Book B2 Classification
Marking
Separation Of Duties
29. Uncheck data input which results in redirection
Salami
HTTP Response Splitting
Business Interruption
Information Risk Management (IRM)
30. A documented battle plan for coordinating response to incidents.
Life Cycle of Evidence
Byte
Bollard
Incident Handling
31. Organized group of compromised computers
Simulation
Sampling
Botnet
Wait
32. Maximum tolerance for loss of certain business function - basis of strategy
Recovery Time Objectives
Access Point
Examples of non-technical security components
Mandatory
33. People protect their domain
Territoriality
Surveillance
Recovery
Residual Risk
34. An alert or alarm that is triggered when no actual attack has taken place
Asymmetric
Identification
False (False Positive)
Classification
35. Tool which mediates access
Data Warehouse
Control
Redundant Servers
Blind Testing
36. Disruption of operation of an electronic device due to a competing electromagnetic field.
EMI
Masquerading
Inrush Current
Multi-Party Control
37. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Business Impact Analysis
Protection
Data Integrity
Multi-Tasking
38. A system designed to prevent unauthorized access to or from a private network.
Encapsulation
Business Recovery Timeline
Firewall
Domain
39. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Targeted Testing
Business Interruption
Alert
Boot (V.)
40. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
The ACID Test
Business Recovery Timeline
E-Mail Spoofing
Security Clearance
41. To evaluate the current situation and make basic decisions as to what to do
Data Warehouse
Triage
Recovery Period
Emergency Procedures
42. To execute more than one instruction at an instant in time
Failure Modes and Effect Analysis (FEMA)
Record Level Deletion
Identification
Multi-Processing
43. The core logic engine of an operating system which almost never changes
Denial Of Service
Administrative Access Controls
Kernel
Non-Interference
44. Object based description of a system or a collection of resources
Honeynet
Failure Modes and Effect Analysis (FEMA)
Access Control Matrix
Permutation /Transposition
45. Narrow scope examination of a system
Polymorphism
Fragmented Data
Elements of Negligence
Targeted Testing
46. Less granular organization of controls -
Interception
Mandatory Access Control (MAC)
Control Type
Concatenation
47. One of the key benefits of a network is the ability to share files stored on the server among several users.
Mission-Critical Application
File Sharing
Authorization
Directive
48. Dedicated fast memory located on the same board as the CPU
Interference (Noise)
Mitigate
Disaster Recovery Tape
CPU Cache
49. Intellectual property protection for an invention
Surge
Certification Authority
Patent
Algorithm
50. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Object Oriented Programming (OOP)
Chain Of Custody
Cryptology
Network Attached Storage (NAS)
