SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Mobile Site
Data Integrity
Network Attached Storage (NAS)
Fraggle
2. Line by line translation from a high level language to machine code
Interpreter
Electromagnetic Interference (EMI)
Worm
Mixed Law System
3. Uncleared buffers or media
Access Control Attacks
Intrusion Detection Systems
Object Reuse
Race Condition
4. Recovery alternative - complete duplication of services including personnel
Walk Though
Multi-Processing
Ethics
Mirrored Site
5. Written internalized or nationalized norms that are internal to an organization
Lattice
Electrostatic Discharge
Supervisor Mode (monitor - system - privileged)
Standard
6. A state where two subjects can access the same object without proper mediation
Recovery Period
Race Condition
Smurf
Sag/Dip
7. Malware that makes small random changes to many data points
Data Diddler
Service Bureau
Hacker
Standard
8. Moving letters around
Hash Function
Permutation /Transposition
Countermeasure
Security Blueprint
9. The core of a computer that calculates
Qualitative
Encryption
Central Processing Unit (CPU)
Binary
10. Two different keys decrypt the same cipher text
2-Phase Commit
Key Clustering
Structured Walk-Through Test
Forward Recovery
11. A copy of transaction data - designed for querying and reporting
Data Warehouse
Top Secret
Chain Of Custody
Virtual Memory
12. A program with an inappropriate second purpose
Civil Law
Trapdoors (Backdoors) (Maintenance Hooks)
Trojan Horse
Wireless Fidelity (Wi-Fi )
13. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Metadata
Business Continuity Planning (BCP)
Logic Bomb
Business Impact Analysis
14. Code making
2-Phase Commit
Central Processing Unit (CPU)
Cryptography
Code
15. A condition in which neither party is willing to stop their activity for the other to complete
Marking
Recovery Point Objective (RPO)
Deadlock
IP Fragmentation
16. Renders the file inaccessible to the operating system - available to reuse for data storage.
File Level Deletion
Reference Monitor
Data Custodian
ff Site
17. Policy or stated actions
Business Impact Analysis
File Shadowing
Due Care
Criminal Law
18. Potentially compromising leakage of electrical or acoustical signals.
Picking
War Dialing
Emanations
Data Warehouse
19. Sudden rise in voltage in the power supply.
Surge
Technical Access Controls
Standalone Test
Keystroke Logging
20. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Teardrop
Twisted Pair
Orange Book B1 Classification
Open Mail Relay Servers
21. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Databases
Total Risk
File Server
Data Backup Strategies
22. Program instructions based upon the CPU's specific architecture
Reciprocal Agreement
Machine Language (Machine Code)
Dangling Pointer
Accurate
23. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
Degauss
Spam
Directive
Source Routing Exploitation
24. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Executive Succession
CobiT
Initialization Vector
Risk Assessment / Analysis
25. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
Multi-Core
Orange Book B1 Classification
UPS
3 Types of harm Addressed in computer crime laws
26. High frequency noise
Digital Certificate
Remanence
Electromagnetic Interference (EMI)
Adware
27. The one person responsible for data - its classification and control setting
Information Owner
Protection
Life Cycle of Evidence
Key Management
28. Subject based description of a system or a collection of resources
Critical Infrastructure
DR Or BC Coordinator
E-Mail Spoofing
Capability Tables
29. A control after attack
Recovery Strategy
ISO/IEC 27001
Compensating
Countermeasure
30. Control type- that is communication based - typically written or oral
Transients
Architecture
Administrative
Chain Of Custody
31. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Marking
Watermarking
Exercise
Civil Or Code Law
32. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.
Plaintext
Message Digest
Simulation Test
Cryptovariable
33. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Convincing
Least Privilege
War Dialing
Honeypot
34. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
Distributed Processing
Surge Suppressor
Object Oriented Programming (OOP)
Parallel Test
35. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.
Orange Book B2 Classification
Non-Interference
Contact List
Orange Book D Classification
36. Firewalls - encryption - and access control lists
Repeaters
Examples of technical security components
Criminal Law
Infrastructure
37. Define the way in which the organization operates.
EMI
Civil Or Code Law
Proprietary
Debriefing/Feedback
38. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Site Policy
Analysis
Marking
Rootkit
39. Initial surge of current
ff Site
Critical Functions
Inrush Current
Countermeasure
40. Methodical research of an incident with the purpose of finding the root cause
Investigation
Symmetric
Cryptology
Discretionary
41. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Rogue Access Points
Data Recovery
Generator
3 Types of harm Addressed in computer crime laws
42. Object based description of a single resource and the permission each subject
Threads
Revocation
Access Control Lists
Rogue Access Points
43. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Isolation
Recovery Period
Life Cycle of Evidence
Civil Or Code Law
44. Control category- to discourage an adversary from attempting to access
Firewall
SQL Injection
Triage
Deterrent
45. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
Fault Tolerance
Key Clustering
TCSEC (Orange Book)
Burn
46. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.
Complete
Disk Mirroring
BCP Testing Drills and Exercises
Patent
47. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
Accreditation
Security Domain
Mission-Critical Application
File Extension
48. Mediation of covert channels must be addressed
Boot (V.)
Privacy Laws
Administrative
Information Flow Model
49. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
Accreditation
Cipher Text
IP Fragmentation
Investigation
50. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
Plan Maintenance Procedures
Reference Monitor
Class
