SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Tool which mediates access
Centralized Access Control Technologies
Control
Assembler
5 Rules Of Evidence
2. Intermediate level - pertaining to planning
Operational
Internal Use Only
Certification Authority
Metadata
3. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
System Life Cycle
Cross Certification
Spyware
Codec
4. People who interact with assets
Bumping
Walk Though
User
Relocation
5. An asymmetric cryptography mechanism that provides authentication.
Digital Signature
Site Policy
Ethics
Process Isolation
6. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Coaxial Cable
CobiT
Common Criteria
System Downtime
7. Program that inappropriately collects private data or activity
File Shadowing
Spyware
Security Domain
Mandatory Access Control (MAC)
8. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
ISO/IEC 27002
Life Cycle of Evidence
Public Key Infrastructure (PKI)
Databases
9. Actions measured against either a policy or what a reasonable person would do
Embedded
Due Diligence
Log
Multi-Tasking
10. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
Tactical
Fault
Site Policy Awareness
Lattice
11. Real-time - automatic and transparent backup of data.
Mirrored Site
Remote Journaling
ISO/IEC 27001
Code
12. Control category- to discourage an adversary from attempting to access
Wait
Deterrent
JPEG (Joint Photographic Experts Group)
Object Oriented Programming (OOP)
13. Reduces causes of fire
Fire Prevention
Electromagnetic Interference (EMI)
Recovery Strategy
Birthday Attack
14. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.
Risk
Business Continuity Program
Emanations
Non-Discretionary Access Control
15. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Data Backup Strategies
Business Impact Analysis
Injection
Consistency
16. Business and technical process of applying security software updates in a regulated periodic way
Damage Assessment
Patch Management
Targeted Testing
Time Of Check/Time Of Use
17. Intellectual property management technique for identifying after distribution
Domain
Detection
Watermarking
Payload
18. Return to a normal state
Radio Frequency Interference (RFI)
Recovery
Notification
Risk Assessment / Analysis
19. Intellectual property protection for an confidential and critical process
Access Control Attacks
User Mode (problem or program state)
Fire Suppression
Trade Secret
20. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Database Shadowing
Simulation
Critical Records
Chain Of Custody
21. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Residual Risk
Data Recovery
Attacker (Black hat - Hacker)
Emergency Procedures
22. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
Fault Tolerance
Disaster Recovery Plan
Man-In-The-Middle Attack
Business Interruption Insurance
23. Natural or human-readable form of message
Mirrored Site
Plain Text
Embedded
Sequence Attacks
24. A subnetwork with storage devices servicing all servers on the attached network.
Rootkit
Storage Area Network (SAN)
User Mode (problem or program state)
Technical Access Controls
25. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
TCSEC (Orange Book)
Access Control
Storage Area Network (SAN)
Fire Suppression
26. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data
Byte Level Deletion
Kerberos
Examples of non-technical security components
Full Test (Full Interruption)
27. The first rating that requires security labels
Accreditation
Damage Assessment
Orange Book B1 Classification
Instance
28. Converts a high level language into machine language
Compression
Workaround Procedures
Assembler
Atomicity
29. Hiding the fact that communication has occurred
Steganography
Deadlock
Total Risk
Replication
30. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Procedure
Injection
Preemptive
Cryptanalysis
31. Low level - pertaining to planning
Key Escrow
Life Cycle of Evidence
Tactical
Repeaters
32. Evidence must be: admissible - authentic - complete - accurate - and convincing
Fault Tolerance
Symmetric
Twisted Pair
5 Rules Of Evidence
33. A backup of data located where staff can gain access immediately
On-Site
Examples of non-technical security components
Alert/Alarm
Processes are Isolated By
34. Small data files written to a user's hard drive by a web server.
Cookie
Eavesdropping
Reference Monitor
Standalone Test
35. A set of laws that the organization agrees to be bound by
Administrative Law
Symmetric
Object
Legacy Data
36. Requirement to take time off
System Life Cycle
Mantrap (Double Door System)
Lattice
Mandatory Vacations
37. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.
Compartmentalize
Hub
Workaround Procedures
Orange Book B2 Classification
38. Physical description on the exterior of an object that communicates the existence of a label
Marking
Administrative Laws
Trade Secret
Cold Site
39. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
One Time Pad
Discretionary Access Control (DAC)
Accurate
Security Domain
40. System of law based upon precedence - with major divisions of criminal - tort - and administrative
Byte Level Deletion
Common Law
Alarm Filtering
Shielding
41. Trading one for another
Identification
Security Kernel
Substitution
Lattice
42. Guidelines within an organization that control the rules and configurations of an IDS
Corrective
Site Policy
Discretionary Access Control (DAC)
Tort
43. A failure of an IDS to detect an actual attack
False Negative
2-Phase Commit
Quantitative
Analysis
44. A risk assessment method - intrinsic value
Qualitative
Machine Language (Machine Code)
Data Diddler
JPEG (Joint Photographic Experts Group)
45. Vehicle or tool that exploits a weakness
Object Reuse
Threats
ISO/IEC 27001
Service Bureau
46. A protocol for the efficient transmission of voice over the Internet
Electromagnetic Interference (EMI)
Voice Over IP (VOIP)
Marking
Tar Pits
47. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
IDS Intrusion Detection System
Guidelines
Access Point
Change Control
48. A device that provides the functions of both a bridge and a router.
Brouter
Wait
Durability
Custodian
49. To set the clearance of a subject or the classification of an object
Labeling
ITSEC
Discretionary
Cold Site
50. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Total Risk
Polymorphism
Integrated Test
Labeling
