SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Hot Spares
Chain of Custody
Critical Infrastructure
Highly Confidential
2. Information about a particular data set
Incident Handling
Security Blueprint
Metadata
Operational Impact Analysis
3. Subjects will not interact with each other's objects
Examples of technical security components
Hash Function
Moore's Law
Non-Interference
4. Induces a crime - tricks a person - and is illegal
Information Owner
Entrapment
Hot Site
3 Types of harm Addressed in computer crime laws
5. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Emergency
Cryptovariable
Domain
Tar Pits
6. Return to a normal state
Byte Level Deletion
Security Clearance
Recovery
System Downtime
7. The first rating that requires security labels
Worm
Covert Channel
Machine Language (Machine Code)
Orange Book B1 Classification
8. A protocol for the efficient transmission of voice over the Internet
Voice Over IP (VOIP)
Sharing
Patent
Asymmetric
9. A set of laws that the organization agrees to be bound by
Accurate
Administrative Law
Infrastructure
Tar Pits
10. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Workaround Procedures
Mandatory Access Control (MAC)
Infrastructure
Network Attached Storage (NAS)
11. A database that contains the name - type - range of values - source and authorization for access for each data element
Compensating
Compiler
Data Dictionary
Surge
12. Memory - RAM
Incident Manager
Access Control Lists
Primary Storage
Data Custodian
13. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.
Patent
Multilevel Security System
Targeted Testing
One Time Pad
14. OOP concept of a distinct copy of the class
Object
Incident Response
Vital Record
Cryptology
15. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Coaxial Cable
Rollback
Digital Certificate
Threats
16. Object based description of a single resource and the permission each subject
Access Control Lists
Eavesdropping
Interception
TEMPEST
17. To load the first piece of software that starts a computer.
Boot (V.)
Cross-Site Scripting
Checkpoint
Orange Book A Classification
18. A basic level of network access control that is based upon information contained in the IP packet header.
Proprietary
Top Secret
Packet Filtering
Highly Confidential
19. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Cookie
Exposure
Civil Law
Orange Book B2 Classification
20. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Control Category
Routers
Pervasive Computing and Mobile Computing Devices
Access Point
21. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.
Degauss
Interception
Data Leakage
Authentic
22. Deals with discretionary protection
ISO/IEC 27001
Tort
Encipher
Orange Book C Classification
23. A unit of execution
Security Kernel
Least Privilege
Threads
Emanations
24. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Pervasive Computing and Mobile Computing Devices
Watermarking
Exercise
Business Records
25. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Application Programming Interface
Operating
Data Backup Strategies
Redundant Servers
26. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.
Full-Interruption test
Privacy Laws
Damage Assessment
Cross Training
27. Less granular organization of controls -
Triage
Intrusion Detection Systems
Control Type
Waterfall
28. A structured group of teams ready to take control of the recovery operations if a disaster should occur.
Smurf
Disaster Recovery Teams (Business Recovery Teams)
Kernel
Secondary Storage
29. Mitigation of system or component loss or interruption through use of backup capability.
Keystroke Logging
Business Unit Recovery
Fault Tolerance
Total Risk
30. Recovery alternative which outsources a business function at a cost
Service Bureau
Radio Frequency Interference (RFI)
Picking
Countermeasure
31. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Recovery Point Objective (RPO)
Blind Testing
Recovery Strategy
Plaintext
32. OOP concept of a template that consist of attributes and behaviors
Full-Interruption test
Class
Transfer
Incident
33. A covert storage channel on the file attribute
Brute Force
Aggregation
Alternate Data Streams (File System Forks)
Logic Bomb
34. Lower frequency noise
Radio Frequency Interference (RFI)
Information Flow Model
Operational Impact Analysis
Hijacking
35. For PKI - to have more than one person in charge of a sensitive function
Damage Assessment
Multi-Party Control
Key Management
TCSEC (Orange Book)
36. To execute more than one instruction at an instant in time
Memory Management
Multi-Processing
Common Criteria
Authentication
37. An asymmetric cryptography mechanism that provides authentication.
Digital Signature
Authentication
HTTP Response Splitting
Strategic
38. Used to code/decode a digital data stream.
Burn
Admissible
Codec
Disk Mirroring
39. An alert or alarm that is triggered when no actual attack has taken place
Threads
Recovery
False (False Positive)
Hot Spares
40. A mobilized resource purchased or contracted for the purpose of business recovery.
Mobile Recovery
Control Category
Alarm Filtering
Cache
41. What is will remain - persistence
Durability
Sequence Attacks
Collisions
Access Control Attacks
42. Natural occurrence in circuits that are in close proximity
Running
Need-To-Know
Computer System Evidence
Interference (Noise)
43. Maximum tolerance for loss of certain business function - basis of strategy
Administrative Law
Job Training
Authentic
Recovery Time Objectives
44. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination
Man-In-The-Middle Attack
Classification
Cryptanalysis
Non-Repudiation
45. Unused storage capacity
Slack Space
Restoration
Examples of technical security components
Record Level Deletion
46. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
Analysis
Honeypot
Mirroring
Virtual Memory
47. Mathematical function that determines the cryptographic operations
Algorithm
Botnet
Business Interruption Insurance
Strong Authentication
48. Requirement to take time off
Data Dictionary
War Driving
Mandatory Vacations
Rootkit
49. Control category- to record an adversary's actions
Blackout
Trojan Horse
Business Unit Recovery
Detective
50. Control category - more than one control on a single asset
Deleted File
Compensating
Noise
Bumping