SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack involving the hijacking of a TCP session by predicting a sequence number.
Salami
Sequence Attacks
Vulnerability
Dangling Pointer
2. Used to code/decode a digital data stream.
Codec
Threat Agent
Accountability
Access Point
3. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Firmware
True Attack Stimulus
Governance
Contact List
4. Written suggestions that direct choice to a few alternatives
Replication
Guidelines
Object Reuse
Business Continuity Program
5. A system designed to prevent unauthorized access to or from a private network.
IP Fragmentation
Multi-Processor
Multiplexers
Firewall
6. A Denial of Service attack that floods the target system with connection requests that are not finalized.
SYN Flooding
Access Point
False Attack Stimulus
BCP Testing Drills and Exercises
7. The one person responsible for data - its classification and control setting
Information Owner
Surge
IP Fragmentation
Repeaters
8. To segregate for the purposes of labeling
Compartmentalize
Crisis
Waterfall
Mock Disaster
9. Forgery of the sender's email address in an email header.
Process Isolation
Critical Records
Identification
E-Mail Spoofing
10. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Time Of Check/Time Of Use
User Mode (problem or program state)
Eavesdropping
Chain of Custody
11. Use of specialized techniques for recovery - authentication - and analysis of electronic data
Computer Forensics
Fire Suppression
Due Diligence
Remote Journaling
12. A type of attack involving attempted insertion - deletion or altering of data.
Bumping
Covert Channel
Conflict Of Interest
Modification
13. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Common Criteria
Record Level Deletion
Due Care
Conflict Of Interest
14. To move from location to location - keeping the same function
Tort
Targeted Testing
Prevention
Job Rotation
15. For PKI - to have more than one person in charge of a sensitive function
Multi-Party Control
Multi-Core
Rollback
Debriefing/Feedback
16. Periodic - automatic and transparent backup of data in bulk.
Aggregation
Electronic Vaulting
Acronym for American Standard Code for Information Interchange (ASCII)
Discretionary Access Control (DAC)
17. Weakness or flaw in an asset
Vulnerability
Collisions
Object Reuse
Centralized Access Control Technologies
18. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data
Byte Level Deletion
Byte
Procedure
Virtual Memory
19. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Operational Exercise
Hacker
Coaxial Cable
Computer System Evidence
20. Less granular organization of controls -
Critical Infrastructure
Multi-Processing
Attacker (Black hat - Hacker)
Control Type
21. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Data Backup Strategies
Embedded Systems
Fraggle
Administrative Law
22. Unused storage capacity
Vital Record
False Negative
Slack Space
Spam
23. A collection of information designed to reduce duplication and increase integrity
Information Owner
Event
Adware
Databases
24. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Burn
Bit
Sharing
Analysis
25. A design methodology which addresses risk early and often
Sequence Attacks
Spiral
Analysis
Fiber Optics
26. To evaluate the current situation and make basic decisions as to what to do
Triage
Work Factor
Multiplexers
Virtual Memory
27. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.
Orange Book B2 Classification
Discretionary Access Control (DAC)
Cipher Text
Durability
28. Inference about encrypted communications
Side Channel Attack
Off-Site Storage
Mixed Law System
Orange Book C Classification
29. Outputs within a given function are the same result
Collisions
Alarm Filtering
Cross Certification
Hearsay Evidence
30. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
Data Dictionary
Digital Certificate
Failure Modes and Effect Analysis (FEMA)
ITSEC
31. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
System Life Cycle
Shielding
Cryptology
Vital Record
32. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Residual Risk
Denial Of Service
Brownout
Plaintext
33. All of the protection mechanism in a computer system
Copyright
Trusted Computing Base
Critical Records
Control
34. One of the key benefits of a network is the ability to share files stored on the server among several users.
Warm Site
File Sharing
Countermeasure
Contingency Plan
35. Weak evidence
Intrusion Detection Systems
Kerckhoff's Principle
Directive
Hearsay
36. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
False (False Positive)
File Extension
Integrated Test
System Life Cycle
37. A collection of data or information that has a name
Bollard
Incident Handling
Mandatory
File
38. Eight bits.
Byte
Consistency
Phishing
Electronic Vaulting
39. A control after attack
Countermeasure
Message Digest
Emanations
Non-Discretionary Access Control
40. A backup type - for databases at a point in time
Mitigate
Security Domain
Locard's Principle
Shadowing (file shadowing)
41. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Directive
Algorithm
Deadlock
Twisted Pair
42. Hitting a filed down key in a lock with a hammer to open without real key
Notification
Detection
Bumping
Machine Language (Machine Code)
43. A subnetwork with storage devices servicing all servers on the attached network.
Change Control
Storage Area Network (SAN)
Picking
Directive
44. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
JPEG (Joint Photographic Experts Group)
Symmetric
Risk Mitigation
Message Digest
45. Recovery alternative - everything needed for the business function - except people and last backup
Compression
Authentic
Hot Site
Virus
46. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Honeynet
Criminal Law
HTTP Response Splitting
Initialization Vector
47. Abstract and mathematical in nature - defining all possible states - transitions and operations
Surge
State Machine Model
TEMPEST
Operational
48. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.
Collisions
Disk Mirroring
Payload
Patch Management
49. Statistical probabilities of a collision are more likely than one thinks
Key Clustering
Birthday Attack
HTTP Response Splitting
Kerberos
50. Indivisible - data field must contain only one value that either all transactions take place or none do
Atomicity
Binary
Cryptanalysis
Teardrop