SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
MOM
Identification
Declaration
Risk Assessment
2. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials
Administrative Laws
TIFF (Tagged Image File Format)
Countermeasure
Hash Function
3. Potentially retrievable data residue that remains following intended erasure of data.
Countermeasure
Bollard
Directive
Remanence
4. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
3 Types of harm Addressed in computer crime laws
Accountability
Corrective
Access Control
5. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?
Checklist Test (desk check)
Access Point
Twisted Pair
Processes are Isolated By
6. A copy of transaction data - designed for querying and reporting
Domain
Data Warehouse
Recovery Strategy
Job Rotation
7. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
Control Type
War Dialing
Compartmentalize
Embedded Systems
8. Controls for termination of attempt to access object
Watermarking
Examples of technical security components
Durability
Intrusion Prevention Systems
9. Trading one for another
Buffer Overflow
Deletion
Security Domain
Substitution
10. A perpetrator leaves something behind or takes something with them at the scene of a crime
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
11. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Asymmetric
Recovery Period
Investigation
Disaster
12. Just enough access to do the job
Least Privilege
Notification
Trade Secret
Checkpoint
13. A protocol for the efficient transmission of voice over the Internet
Interception
Business Continuity Planning (BCP)
Operating
Voice Over IP (VOIP)
14. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Residual Data
Exposure
Integrated Test
Prevention
15. Unused storage capacity
Spyware
Off-Site Storage
Bit
Slack Space
16. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Top Secret
Encipher
Monitor
Picking
17. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Restoration
User Mode (problem or program state)
Man-In-The-Middle Attack
Data Recovery
18. To reduce fire
On-Site
Centralized Access Control Technologies
Cryptovariable
Fire Suppression
19. A state for operating system tasks only
Digital Signature
Revocation
Supervisor Mode (monitor - system - privileged)
Emanations
20. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.
Proprietary
Distributed Processing
Redundant Servers
Information Technology Security Evaluation Criteria - ITSEC
21. Control category- to record an adversary's actions
Routers
Data Hiding
Detective
Multi-Tasking
22. An image compression standard for photographs
Orange Book B2 Classification
Surveillance
JPEG (Joint Photographic Experts Group)
Encryption
23. Ertaining to a number system that has just two unique digits.
Binary
Debriefing/Feedback
Birthday Attack
Civil Or Code Law
24. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Uninterruptible Power Supply (UPS)
Cookie
2-Phase Commit
TCSEC (Orange Book)
25. System mediation of access with the focus on the context of the request
Privacy Laws
Stopped
Content Dependent Access Control
Archival Data
26. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Twisted Pair
HTTP Response Splitting
Territoriality
Running
27. Substitution at the word or phrase level
Business Interruption
Examples of technical security components
Code
Birthday Attack
28. Methodical research of an incident with the purpose of finding the root cause
Cryptanalysis
Investigation
Encipher
Incident
29. A temporary public file to inform others of a compromised digital certificate
Redundant Servers
Quantitative Risk Analysis
Certificate Revocation List (CRL)
Race Condition
30. For PKI - to have more than one person in charge of a sensitive function
Off-Site Storage
Data Hiding
Multi-Party Control
Mixed Law System
31. Short period of low voltage.
Fragmented Data
Acronym for American Standard Code for Information Interchange (ASCII)
Running
Sag/Dip
32. Measures followed to restore critical functions following a security incident.
Walk Though
Recovery
On-Site
Dictionary Attack
33. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Digital Signature
File Level Deletion
Governance
Business Interruption Insurance
34. Review of data
Strategic
Data Recovery
Analysis
Key Management
35. Momentary loss of power
Acronym for American Standard Code for Information Interchange (ASCII)
Fault
Residual Risk
Atomicity
36. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.
Firewalls
Data Owner
Multi-Tasking
Burn
37. A structured group of teams ready to take control of the recovery operations if a disaster should occur.
Warm Site
Attacker (Black hat - Hacker)
Disaster Recovery Teams (Business Recovery Teams)
Supervisor Mode (monitor - system - privileged)
38. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Damage Assessment
Access Control Matrix
Brownout
Tar Pits
39. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
Electrostatic Discharge
Processes are Isolated By
Information Flow Model
Security Kernel
40. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Replication
Data Integrity
Interpreter
Covert Channel
41. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
Total Risk
Legacy Data
Worm
TCSEC (Orange Book)
42. An encryption method that has a key as long as the message
Object Oriented Programming (OOP)
Prevention
Running Key
Administrative
43. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
Checksum
Multiplexers
Liability
ff Site
44. The level and label given to an individual for the purpose of compartmentalization
Electronic Vaulting
Compiler
Security Clearance
Firmware
45. Independent malware that requires user interaction to execute
Virus
Cross-Site Scripting
Monitor
Processes are Isolated By
46. Reduces causes of fire
Mandatory Access Control (MAC)
Incident
Shadowing (file shadowing)
Fire Prevention
47. RADIUS - TACACS+ - Diameter
Checklist Test (desk check)
Centralized Access Control Technologies
Interpreter
Data Diddler
48. A programming design concept which abstracts one set of functions from another in a serialized fashion
Recovery Point Objective (RPO)
Exercise
Patch Panels
Layering
49. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Checklist Test
Atomicity
Forward Recovery
Life Cycle of Evidence
50. To execute more than one instruction at an instant in time
Procedure
Lattice
Risk Assessment
Multi-Processing