SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A device that sequentially switches multiple analog inputs to the output.
Qualitative
Critical Functions
Multiplexers
Residual Risk
2. A electronic attestation of identity by a certificate authority
Digital Certificate
Denial Of Service
Education
Common Criteria
3. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
Proxies
Class
Test Plan
Data Dictionary
4. A process state - (blocked) needing input before continuing
Fragmented Data
Civil Law
Incident Response Team
Wait
5. Potentially compromising leakage of electrical or acoustical signals.
Warm Site
Relocation
Shadowing (file shadowing)
Emanations
6. Firewalls - encryption - and access control lists
Kerckhoff's Principle
Examples of technical security components
Payload
Detection
7. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
Hot Spares
Spyware
Public Key Infrastructure (PKI)
Transients
8. Information about a particular data set
Concentrator
Race Condition
Metadata
Risk
9. For PKI - to have more than one person in charge of a sensitive function
Picking
Microwave
Multi-Party Control
Coaxial Cable
10. An image compression standard for photographs
JPEG (Joint Photographic Experts Group)
Embedded
Risk Assessment / Analysis
Consistency
11. Try a list of words in passwords or encryption keys
Twisted Pair
Dictionary Attack
Certification
Security Clearance
12. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
Algorithm
TNI (Red Book)
Data Hiding
Interception
13. Planning with a goal of returning to the normal business function
Full-Interruption test
Restoration
Authentication
Fault
14. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys
Brute Force
Decipher
Kerberos
Executive Succession
15. Malware that makes small random changes to many data points
Data Diddler
Security Clearance
Operational Test
Warm Site
16. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
Remote Journaling
ISO/IEC 27002
High-Risk Areas
Forensic Copy
17. The first rating that requires security labels
Orange Book B1 Classification
Sampling
Checklist Test
Concentrator
18. Descrambling the encrypted message with the corresponding key
Surge
Decipher
Identification
Data Backup Strategies
19. Process whereby data is removed from active files and other data storage structures
Mission-Critical Application
Need-To-Know
Voice Over IP (VOIP)
Deletion
20. Business and technical process of applying security software updates in a regulated periodic way
Classification
Patch Management
Distributed Processing
Deleted File
21. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Policy
TIFF (Tagged Image File Format)
Alarm Filtering
Reference Monitor
22. Initial surge of current
Inrush Current
Alternate Data Streams (File System Forks)
Common Law
Prevention
23. Moving letters around
Slack Space
Marking
Permutation /Transposition
Declaration
24. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas
Object
Qualitative
Teardrop
Incident Response Team
25. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Residual Risk
Critical Infrastructure
Running
Brownout
26. Forgery of the sender's email address in an email header.
E-Mail Spoofing
Byte Level Deletion
Secondary Storage
Access Control Lists
27. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Secondary Storage
One Time Pad
Chain of Custody
TCSEC (Orange Book)
28. The technical and risk assesment of a system within the context of the operating environment
Redundant Array Of Independent Drives (RAID)
Certification
Administrative Access Controls
Forward Recovery
29. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
Business Impact Analysis
Disaster Recovery Teams (Business Recovery Teams)
ITSEC
Compiler
30. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Routers
Business Continuity Planning (BCP)
Multi-Party Control
Sharing
31. Requirement to take time off
Mandatory Vacations
Executive Succession
Access Point
Job Training
32. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Database Shadowing
Least Privilege
Strategic
Highly Confidential
33. Tool which mediates access
Control
Open Mail Relay Servers
TNI (Red Book)
Strategic
34. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
File Server
Critical Records
Metadata
Data Backups
35. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
Mandatory Access Control (MAC)
Data Backups
Directive
Checkpoint
36. An attack involving the hijacking of a TCP session by predicting a sequence number.
Rogue Access Points
Sequence Attacks
Restoration
Recovery Period
37. Is secondhand and usually not admissible in court
Recovery
Adware
CPU Cache
Hearsay Evidence
38. Program instructions based upon the CPU's specific architecture
Complete
Machine Language (Machine Code)
Cipher Text
Architecture
39. A form of data hiding which protects running threads of execution from using each other's memory
Reference Monitor
Process Isolation
The ACID Test
Administrative
40. A device that provides the functions of both a bridge and a router.
Layering
Brouter
Operational Impact Analysis
Site Policy Awareness
41. RADIUS - TACACS+ - Diameter
Identification
Backup
Centralized Access Control Technologies
Residual Data
42. Employment education done once per position or at significant change of function
Codec
Payload
Digital Signature
Job Training
43. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc
Hard Disk
Governance
Fire Prevention
Critical Infrastructure
44. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.
File Server
Polymorphism
Information Technology Security Evaluation Criteria - ITSEC
Permutation /Transposition
45. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Secondary Storage
File Sharing
Administrative Access Controls
Repeaters
46. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
Full Test (Full Interruption)
The ACID Test
Cookie
5 Rules Of Evidence
47. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.
Liability
Fraggle
Burn
Sharing
48. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Strong Authentication
Hot Site
Phishing
Eavesdropping
49. A passive network attack involving monitoring of traffic.
Time Of Check/Time Of Use
Quantitative Risk Analysis
Eavesdropping
ISO/IEC 27002
50. Organized group of compromised computers
Common Law
Dangling Pointer
Disaster Recovery Teams (Business Recovery Teams)
Botnet