SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Malformed Input
Payload
Administrative Access Controls
False Attack Stimulus
2. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Tar Pits
Asymmetric
Orange Book A Classification
Data Integrity
3. Prolonged loss of commercial power
Proxies
Residual Risk
Blackout
Fiber Optics
4. A world-wide wireless technology
Wireless Fidelity (Wi-Fi )
Information Flow Model
Mandatory
Consistency
5. More than one processor sharing same memory - also know as parallel systems
False Negative
Tar Pits
Business Impact Analysis
Multi-Processor
6. Granular decision by a system of permitting or denying access to a particular resource on the system
Education
Authorization
Shadowing (file shadowing)
Deletion
7. Requirement of access to data for a clearly defined purpose
Need-To-Know
Civil Law
Database Shadowing
Brownout
8. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Rootkit
Architecture
File Sharing
Information Risk Management (IRM)
9. A temporary public file to inform others of a compromised digital certificate
Security Kernel
Codec
Certificate Revocation List (CRL)
Teardrop
10. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
BCP Testing Drills and Exercises
Accountability
Symmetric
Test Plan
11. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Admissible
Data Diddler
Durability
Workaround Procedures
12. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
Tort
CobiT
The ACID Test
Remote Journaling
13. A hash that has been further encrypted with a symmetric algorithm
Atomicity
Keyed-Hashing For Message Authentication
Total Risk
Routers
14. Can be statistical (monitor behavior) or signature based (watch for known attacks)
IDS Intrusion Detection System
Domain
Emergency Operations Center (EOC)
Fraggle
15. OOP concept of a template that consist of attributes and behaviors
EMI
Criminal Law
Targeted Testing
Class
16. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components
Confidence Value
Masked/Interruptible
Full Test (Full Interruption)
Labeling
17. A control before attack
Safeguard
One Time Pad
Method
Data Backups
18. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Mandatory
Analysis
Rogue Access Points
Business Recovery Timeline
19. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Work Factor
Analysis
Proprietary
Logic Bomb
20. An encryption method that has a key as long as the message
Running Key
Copyright
Digital Signature
Intrusion Detection Systems
21. A template for the designing the architecture
Hub
Hot Spares
Corrective
Security Blueprint
22. OOP concept of an object's abilities - what it does
Wireless Fidelity (Wi-Fi )
Method
Hash Function
TIFF (Tagged Image File Format)
23. To segregate for the purposes of labeling
Hearsay
Compartmentalize
Replication
Non-Repudiation
24. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Declaration
Hub
Remote Journaling
Electrostatic Discharge
25. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Business Continuity Planning (BCP)
Key Escrow
False (False Positive)
Complete
26. Employment education done once per position or at significant change of function
Processes are Isolated By
Work Factor
Job Training
ISO/IEC 27002
27. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Due Diligence
Fire Detection
Separation Of Duties
Data Owner
28. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.
Control Category
Archival Data
File
Work Factor
29. Intellectual property protection for marketing efforts
Contact List
Enticement
Trademark
TCSEC (Orange Book)
30. A test conducted on one or more components of a plan under actual operating conditions.
Accountability
Alternate Data Streams (File System Forks)
Public Key Infrastructure (PKI)
Operational Test
31. Requirement to take time off
Hijacking
Exposure
Test Plan
Mandatory Vacations
32. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
ISO/IEC 27002
Non-Interference
Contingency Plan
Byte Level Deletion
33. A program with an inappropriate second purpose
Security Clearance
Checksum
Trojan Horse
Total Risk
34. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Control
SYN Flooding
Walk Though
Cross Training
35. Recovery alternative - complete duplication of services including personnel
Brownout
Honeypot
Adware
Mirrored Site
36. A collection of information designed to reduce duplication and increase integrity
Rootkit
Databases
Disaster Recovery Plan
Trapdoors (Backdoors) (Maintenance Hooks)
37. A covert storage channel on the file attribute
Teardrop
Mandatory Access Control (MAC)
Threads
Alternate Data Streams (File System Forks)
38. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services
Cipher Text
Security Blueprint
Cold Site
Access Control Lists
39. More than one CPU on a single board
Multi-Core
Recovery
Hard Disk
Disaster Recovery Plan
40. An individuals conduct that violates government laws developed to protect the public
Criminal Law
Risk
Transients
Message Digest
41. High degree of visual control
Surveillance
Bit
Critical Infrastructure
Change Control
42. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Boot (V.)
Criminal Law
Buffer Overflow
Orange Book D Classification
43. System directed mediation of access with labels
Brute Force
Administrative Law
Ethics
Mandatory
44. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
The ACID Test
Business Interruption
Smurf
Access Control Lists
45. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
Plaintext
Computer System Evidence
Modems
Full Test (Full Interruption)
46. Power surge
Electrostatic Discharge
Pointer
Access Control Attacks
Proxies
47. The connection between a wireless and wired network.
File Extension
Data Dictionary
Information Technology Security Evaluation Criteria - ITSEC
Access Point
48. Independent malware that requires user interaction to execute
Virus
Simulation
Central Processing Unit (CPU)
Capability Tables
49. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.
Orange Book A Classification
Resumption
Blackout
False Attack Stimulus
50. Memory management technique that allows two processes to run concurrently without interaction
Protection
Multi-Party Control
Orange Book B2 Classification
Trusted Computing Base