SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A state where two subjects can access the same object without proper mediation
Deletion
Kerckhoff's Principle
Race Condition
Targeted Testing
2. Employment education done once per position or at significant change of function
Job Training
Brouter
Risk Assessment
Residual Risk
3. A process state - to be either be unable to run waiting for an external event or terminated
Stopped
Method
Initialization Vector
Shift Cipher (Caesar)
4. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Operational
Key Clustering
Plaintext
Executive Succession
5. A signal suggesting a system has been or is being attacked.
Detective
Alert/Alarm
Fault Tolerance
Internal Use Only
6. Control category- to give instructions or inform
Trapdoors (Backdoors) (Maintenance Hooks)
Directive
Intrusion Prevention Systems
Business Continuity Planning (BCP)
7. A test conducted on one or more components of a plan under actual operating conditions.
Bridge
Operational Test
Walk Though
Classification
8. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Cross-Site Scripting
Monitor
Security Blueprint
Data Recovery
9. To execute more than one instruction at an instant in time
One Time Pad
Multi-Processing
Keystroke Logging
TCSEC (Orange Book)
10. A technology that reduces the size of a file.
Operational Exercise
Embedded Systems
ff Site
Compression
11. Dedicated fast memory located on the same board as the CPU
Data Backup Strategies
Authentication
CPU Cache
Watermarking
12. Mitigate damage by isolating compromised systems from the network.
User
Containment
Event
Residual Risk
13. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.
Key Management
Packet Filtering
Contingency Plan
Restoration
14. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
Multilevel Security System
Basics Of Secure Design
Data Hiding
Digital Signature
15. Only the key protects the encrypted information
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
16. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Inference
Orange Book B1 Classification
Call Tree
Security Blueprint
17. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.
Plan Maintenance Procedures
Control Category
Double Blind Testing
Risk Assessment / Analysis
18. A record that must be preserved and available for retrieval if needed.
Marking
Criminal Law
Vital Record
Crisis
19. Location to perform the business function
Bridge
Tracking
Alternate Site
Steganography
20. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
Territoriality
Source Routing Exploitation
Mixed Law System
Memory Management
21. Subject based description of a system or a collection of resources
Job Training
Brownout
Security Clearance
Capability Tables
22. Weak evidence
Administrative Law
Information Technology Security Evaluation Criteria - ITSEC
Tactical
Hearsay
23. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Need-To-Know
Transients
Residual Risk
Fraggle
24. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services
Hub
Separation Of Duties
Access Control Lists
Botnet
25. Used to code/decode a digital data stream.
Surge Suppressor
Honeypot
Codec
Preemptive
26. Renders the record inaccessible to the database management system
Computer Forensics
Record Level Deletion
Labeling
Site Policy
27. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
Classification
Trojan Horse
BCP Testing Drills and Exercises
Binary
28. Recovery alternative - everything needed for the business function - except people and last backup
Faraday Cage/ Shield
Key Space
Eavesdropping
Hot Site
29. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Information Owner
Virtual Memory
Chain of Custody
Highly Confidential
30. Just enough access to do the job
Least Privilege
Disaster Recovery Plan
Bridge
Shadowing (file shadowing)
31. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Kernel
Chain of Custody
Physical Tampering
Redundant Servers
32. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Standalone Test
Administrative Law
Kerberos
Voice Over IP (VOIP)
33. Representatives from each functional area or department get together and walk through the plan from beginning to end.
Education
State Machine Model
Concentrator
Structured Walk-Through Test
34. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Standalone Test
Change Control
Hub
Layering
35. Someone who wants to cause harm
Wait
Criminal Law
Authorization
Attacker (Black hat - Hacker)
36. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.
Voice Over IP (VOIP)
Byte Level Deletion
Aggregation
Off-Site Storage
37. Control category- to record an adversary's actions
Business Recovery Timeline
Virtual Memory
Replication
Detective
38. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
Coaxial Cable
Procedure
TCSEC (Orange Book)
CobiT
39. A planned or unplanned interruption in system availability.
Containment
System Downtime
Protection
UPS
40. A backup of data located where staff can gain access readily and a localized disaster will not cause harm
Adware
Durability
Degauss
Near Site
41. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Initialization Vector
Plaintext
Emergency
Threats
42. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
Emergency Operations Center (EOC)
Interference (Noise)
Site Policy Awareness
Pointer
43. Outputs within a given function are the same result
Procedure
Protection
Collisions
Data Backups
44. Eavesdropping on network communications by a third party.
Sniffing
Log
Computer System Evidence
Orange Book D Classification
45. Granular decision by a system of permitting or denying access to a particular resource on the system
Disaster
Plain Text
Authorization
High-Risk Areas
46. Is secondhand and usually not admissible in court
Hearsay Evidence
File Server
Man-In-The-Middle Attack
Stopped
47. Eight bits.
Need-To-Know
Byte
Emanations
Checksum
48. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.
Countermeasure
Orange Book B2 Classification
Information Owner
Change Control
49. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.
Memory Management
Alert/Alarm
Data Recovery
File Shadowing
50. Natural occurrence in circuits that are in close proximity
Interference (Noise)
Worm
Object
3 Types of harm Addressed in computer crime laws
