SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.
Fraggle
HTTP Response Splitting
Logic Bomb
Plaintext
2. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services
Remote Journaling
Access Control Lists
Checksum
Inrush Current
3. A hash that has been further encrypted with a symmetric algorithm
Need-To-Know
Codec
Keyed-Hashing For Message Authentication
Checklist Test
4. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.
Business Continuity Planning (BCP)
Rollback
Redundant Servers
Asymmetric
5. Process of statistically testing a data set for the likelihood of relevant information.
Sampling
Codec
Access Control Lists
Bridge
6. Induces a crime - tricks a person - and is illegal
Recovery
Processes are Isolated By
Entrapment
Multiplexers
7. Another subject cannot see an ongoing or pending update until it is complete
Fire Prevention
Change Control
Masked/Interruptible
Isolation
8. To load the first piece of software that starts a computer.
Proprietary
Instance
Boot (V.)
Surge
9. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.
Databases
Business Interruption
Fragmented Data
Maximum Tolerable Downtime (MTD)
10. A shield against leakage of electromagnetic signals.
Access Control Lists
Examples of technical security components
Running Key
Faraday Cage/ Shield
11. A one way - directed graph which indicates confidentiality or integrity flow
Steganography
Lattice
Fragmented Data
Collisions
12. Wrong against society
Access Point
Multi-Tasking
Archival Data
Criminal Law
13. A electronic attestation of identity by a certificate authority
Firewalls
Blackout
Digital Certificate
Gateway
14. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Classification Scheme
Pervasive Computing and Mobile Computing Devices
Compartmentalize
Data Dictionary
15. Forgery of the sender's email address in an email header.
E-Mail Spoofing
Access Control Matrix
Mobile Recovery
Plan Maintenance Procedures
16. To collect many small pieces of data
Aggregation
TNI (Red Book)
True Attack Stimulus
Site Policy Awareness
17. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Kerberos
Walk Though
Object Oriented Programming (OOP)
Administrative Access Controls
18. An alert or alarm that is triggered when no actual attack has taken place
Emergency Procedures
Ethics
False (False Positive)
Operating
19. An individuals conduct that violates government laws developed to protect the public
Criminal Law
Fire Classes
Emergency Procedures
Disaster Recovery Plan
20. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.
Proxies
Targeted Testing
Picking
Privacy Laws
21. Recovery alternative which outsources a business function at a cost
Near Site
Service Bureau
Application Programming Interface
False Negative
22. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Structured Walk-Through Test
Proprietary
Encryption
Need-To-Know
23. A risk assessment method - intrinsic value
Coaxial Cable
Qualitative
Embedded
Contact List
24. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.
Deleted File
Change Control
Kerckhoff's Principle
Restoration
25. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc
Message Digest
Data Dictionary
Critical Infrastructure
Rootkit
26. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Incident Response
Watermarking
Common Criteria
Change Control
27. Vehicle or tool that exploits a weakness
Threats
Common Law
Record Level Deletion
Mobile Site
28. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.
Triage
Relocation
Isolation
Damage Assessment
29. Business and technical process of applying security software updates in a regulated periodic way
Information Owner
Disaster
Patch Management
Plain Text
30. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Executive Succession
DR Or BC Coordinator
Surveillance
TEMPEST
31. An unintended communication path
Covert Channel
Directive
IP Address Spoofing
Checklist Test
32. Less granular organization of controls -
Control Type
Classification Scheme
MOM
Certification Authority
33. Mitigate damage by isolating compromised systems from the network.
Bridge
Cookie
Directive
Containment
34. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Man-In-The-Middle Attack
Monitor
Classification
Operating
35. Someone who wants to cause harm
Vital Record
Attacker (Black hat - Hacker)
Symmetric
Electronic Vaulting
36. Real-time - automatic and transparent backup of data.
Centralized Access Control Technologies
Surge Suppressor
Remote Journaling
Durability
37. Subset of operating systems components dedicated to protection mechanisms
Layering
Security Kernel
Qualitative
False Negative
38. Malware that makes many small changes over time to a single data point or system
Salami
Examples of technical security components
Symmetric
Security Domain
39. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
Maximum Tolerable Downtime (MTD)
Alert/Alarm
Disaster Recovery Plan
Risk
40. A collection of data or information that has a name
Malformed Input
Guidelines
File
Moore's Law
41. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Encryption
Triage
Fire Suppression
Civil Law
42. OOP concept of an object at runtime
Entrapment
Instance
Directive
Rogue Access Points
43. Part of a transaction control for a database which informs the database of the last recorded transaction
The ACID Test
Cryptography
Classification Scheme
Checkpoint
44. Code making
Cryptography
Firewall
Aggregation
Damage Assessment
45. The problems solving state - the opposite of supervisor mode
Checklist Test (desk check)
Basics Of Secure Design
User Mode (problem or program state)
Common Law
46. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Orange Book C2 Classification
Fraggle
Remote Journaling
Territoriality
47. A disturbance that degrades performance of electronic devices and electronic communications.
File Sharing
Orange Book C2 Classification
Radio Frequency Interference (RFI)
Aggregation
48. Calculation encompassing threats - vulnerabilities and assets
Information Risk Management (IRM)
Total Risk
Access Control Lists
Application Programming Interface
49. Control category- to record an adversary's actions
Infrastructure
Multi-Core
Detective
Analysis
50. OOP concept of a taking attributes from the original or parent
Near Site
Kerckhoff's Principle
Critical Functions
Inheritance
