SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Unauthorized access of network devices.
Physical Tampering
Technical Access Controls
Routers
Patent
2. Deals with discretionary protection
Data Marts
Encryption
Orange Book C Classification
SYN Flooding
3. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)
Contingency Plan
Trusted Computing Base
Object Oriented Programming (OOP)
Key Space
4. Object based description of a system or a collection of resources
Territoriality
Access Control Matrix
Data Hiding
Proxies
5. People who interact with assets
Public Key Infrastructure (PKI)
Object Reuse
User
Hearsay
6. Less granular organization of controls -
Trusted Computing Base
Covert Channel
Surveillance
Control Type
7. Uses two or more legal systems
Secondary Storage
Mixed Law System
Alert
Damage Assessment
8. Short period of low voltage.
Emergency Procedures
Sag/Dip
Information Risk Management (IRM)
Databases
9. Regular operations are stopped and where processing is moved to the alternate site.
Gateway
IP Fragmentation
Separation Of Duties
Full-Interruption test
10. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
Digital Signature
Framework
Confidence Value
Hot Spares
11. An individuals conduct that violates government laws developed to protect the public
Corrective
Risk
Cryptovariable
Criminal Law
12. A system designed to prevent unauthorized access to or from a private network.
Malformed Input
Firewall
Risk Mitigation
Man-In-The-Middle Attack
13. Controls deployed to avert unauthorized and/or undesired actions.
ITSEC
Prevention
Operational Impact Analysis
Patch Panels
14. People protect their domain
Covert Channel
Data Backups
File Server
Territoriality
15. Object based description of a single resource and the permission each subject
Access Control Lists
Access Control
Crisis
Notification
16. A record that must be preserved and available for retrieval if needed.
Off-Site Storage
Vital Record
Wireless Fidelity (Wi-Fi )
Trade Secret
17. Some systems are actually run at the alternate site
Parallel Test
CobiT
Proprietary
Patent
18. Granular decision by a system of permitting or denying access to a particular resource on the system
Alarm Filtering
ITSEC
Revocation
Authorization
19. Initial surge of current
Guidelines
Data Custodian
Inrush Current
Birthday Attack
20. A subnetwork with storage devices servicing all servers on the attached network.
Transfer
Key Clustering
Storage Area Network (SAN)
Isolation
21. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Kerberos
Kerckhoff's Principle
Electromagnetic Interference (EMI)
Site Policy
22. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Journaling
Structured Walk-Through Test
Hacker
Routers
23. A process state - to be either be unable to run waiting for an external event or terminated
Rogue Access Points
Mitigate
Stopped
Locard's Principle
24. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.
Internal Use Only
Cryptography
Ethics
Standalone Test
25. Individuals and departments responsible for the storage and safeguarding of computerized data.
Masquerading
Computer System Evidence
Data Custodian
Embedded Systems
26. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
Directive
Proxies
5 Rules Of Evidence
Data Diddler
27. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.
Central Processing Unit (CPU)
BCP Testing Drills and Exercises
File Server
Multilevel Security System
28. Code breaking - practice of defeating the protective properties of cryptography.
Cryptanalysis
Information Risk Management (IRM)
ISO/IEC 27002
Multi-Core
29. Key
Archival Data
Tapping
Cryptovariable
Symmetric
30. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Evidence
Administrative Laws
Data Recovery
ISO/IEC 27001
31. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Masked/Interruptible
Civil Law
Cryptanalysis
Orange Book D Classification
32. Guidelines within an organization that control the rules and configurations of an IDS
Discretionary
Site Policy
Phishing
Accreditation
33. Trading one for another
Byte
Patch Panels
Primary Storage
Substitution
34. Intellectual property protection for marketing efforts
Brownout
Trademark
Source Routing Exploitation
Internal Use Only
35. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Modems
Operational Exercise
Targeted Testing
Off-Site Storage
36. Something that happened
Honeypot
Patch Panels
Data Diddler
Event
37. Encryption system using shared key/private key/single key/secret key
Certificate Revocation List (CRL)
Symmetric
Steganography
Security Blueprint
38. Only the key protects the encrypted information
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
39. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.
War Dialing
Investigation
Collisions
Damage Assessment
40. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Honeynet
Trapdoors (Backdoors) (Maintenance Hooks)
Mission-Critical Application
Data Warehouse
41. High degree of visual control
Surveillance
Multi-Party Control
Masked/Interruptible
False Negative
42. Recovery alternative - short-term - high cost movable processing location
Mobile Site
Microwave
Domain
Workaround Procedures
43. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Incident Manager
Authentication
Reciprocal Agreement
Polymorphism
44. A disturbance that degrades performance of electronic devices and electronic communications.
Key Space
Radio Frequency Interference (RFI)
Separation Of Duties
Business Interruption
45. Hiding the fact that communication has occurred
Steganography
Layering
Hub
Custodian
46. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
Mitigate
Pointer
Blind Testing
The ACID Test
47. A race condition where the security changes during the object's access
Degauss
Hacker
Time Of Check/Time Of Use
Mitigate
48. Control category - more than one control on a single asset
Architecture
Compensating
Separation Of Duties
Operational Exercise
49. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.
Active Data
Chain of Custody
Cryptography
Bit
50. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.
Code
Worldwide Interoperability for Microwave Access (WI-MAX )
Need-To-Know
Compensating