SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A type of attack involving attempted insertion - deletion or altering of data.
Voice Over IP (VOIP)
Trapdoors (Backdoors) (Maintenance Hooks)
Modification
Multi-Party Control
2. Memory management technique which allows data to be moved from one memory address to another
Digital Certificate
Business Interruption Insurance
Trademark
Relocation
3. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
False (False Positive)
Legacy Data
Compiler
Kerberos
4. Those who initiate the attack
Business Impact Analysis
Exposure
Protection
Threat Agent
5. Pertaining to law - no omissions
Complete
Deterrent
Checklist Test
Content Dependent Access Control
6. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.
File Extension
Mirroring
File Shadowing
Risk Mitigation
7. OOP concept of an object at runtime
Instance
Analysis
Emergency Operations Center (EOC)
Digital Signature
8. A choice in risk management - to implement a control that limits or lessens negative effects
Multiplexers
Plaintext
Mitigate
Deleted File
9. A database backup type which records at the transaction level
Brouter
Remote Journaling
Alert
TIFF (Tagged Image File Format)
10. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Injection
Business Interruption Insurance
Structured Walkthrough
Fraggle
11. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
Highly Confidential
Blind Testing
Control Category
Critical Functions
12. Encryption system using a pair of mathematically related unequal keys
Recovery
Off-Site Storage
Asymmetric
Concentrator
13. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Cache
Multilevel Security System
Administrative Access Controls
Data Integrity
14. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions
Byte
Object Reuse
Quantitative
Resumption
15. A signal suggesting a system has been or is being attacked.
Identification
Alert/Alarm
Business Continuity Steering Committee
Brownout
16. All of the protection mechanism in a computer system
Trusted Computing Base
Centralized Access Control Technologies
Hearsay
Disaster Recovery Plan
17. System of law based upon what is good for society
Code
Phishing
Civil Or Code Law
Business Continuity Planning (BCP)
18. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Test Plan
Simulation
Repeaters
Business Impact Assessment (BIA)
19. A risk assessment method - intrinsic value
Qualitative
Cross Training
Buffer Overflow
Education
20. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.
Access Control
Inrush Current
File Shadowing
Non-Repudiation
21. Summary of a communication for the purpose of integrity
Access Control Matrix
Algorithm
Backup
Message Digest
22. A BCP testing type - (structured walkthrough) - a test that answers the question: Is everything need for recovery available?
Walk Though
Hot Site
Security Blueprint
Mantrap (Double Door System)
23. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
Failure Modes and Effect Analysis (FEMA)
Degauss
Security Blueprint
Source Routing Exploitation
24. Lower frequency noise
Pervasive Computing and Mobile Computing Devices
Call Tree
Radio Frequency Interference (RFI)
Primary Storage
25. To jump to a conclusion
Inference
IDS Intrusion Detection System
Routers
Access Control Matrix
26. Specific format of technical and physical controls that support the chosen framework and the architecture
Hot Spares
Kerckhoff's Principle
Infrastructure
Alarm Filtering
27. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Trademark
Repeaters
Patent
Smurf
28. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Adware
Reference Monitor
Sequence Attacks
Targeted Testing
29. System mediation of access with the focus on the context of the request
Checksum
Content Dependent Access Control
Convincing
Pointer
30. A choice in risk management - to convince another to assume risk - typically by payment
Life Cycle of Evidence
Processes are Isolated By
Evidence
Transfer
31. A planned or unplanned interruption in system availability.
Compiler
System Downtime
Running Key
Data Custodian
32. A programming design concept which abstracts one set of functions from another in a serialized fashion
Guidelines
Polyalphabetic
Relocation
Layering
33. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.
Electronic Vaulting
Checkpoint
Pointer
Civil Or Code Law
34. Hiding the fact that communication has occurred
Multilevel Security System
Data Hiding
Encipher
Steganography
35. A backup type which creates a complete copy
E-Mail Spoofing
Bit
Proprietary
Replication
36. A secure connection to another network.
Gateway
Access Control Lists
Criminal Law
Data Hiding
37. An availability attack - to consume resources to the point of exhaustion from multiple vectors
Remote Journaling
Distributed Denial Of Service
Cipher Text
Admissible
38. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
Journaling
Virtual Memory
Walk Though
Multi-Programming
39. A process state - (blocked) needing input before continuing
Access Control Attacks
Wait
Emergency Operations Center (EOC)
Repeaters
40. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
UPS
High-Risk Areas
State Machine Model
Evidence
41. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Structured Walkthrough
Data Owner
Business Recovery Timeline
Business Recovery Team
42. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
System Life Cycle
Sampling
Fire Suppression
Patch Panels
43. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
ff Site
Examples of technical security components
Threads
Denial Of Service
44. The level and label given to an individual for the purpose of compartmentalization
Mirroring
Coaxial Cable
Honeypot
Security Clearance
45. Abstract and mathematical in nature - defining all possible states - transitions and operations
Analysis
Data Recovery
False Attack Stimulus
State Machine Model
46. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
ff Site
Fraggle
Uninterruptible Power Supply (UPS)
Strong Authentication
47. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Change Control
Recovery Point Objective (RPO)
Plaintext
Tactical
48. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Acronym for American Standard Code for Information Interchange (ASCII)
Accurate
Protection
Investigation
49. The guardian of asset(s) - a maintenance activity
Custodian
Alternate Data Streams (File System Forks)
Information Flow Model
Key Management
50. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Journaling
Key Escrow
Detective
Plain Text