SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Summary of a communication for the purpose of integrity
Separation Of Duties
Message Digest
Intrusion Prevention Systems
Masked/Interruptible
2. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Shadowing (file shadowing)
Databases
Information Flow Model
Strong Authentication
3. Binary decision by a system of permitting or denying access to the entire system
Simulation
Centralized Access Control Technologies
Authentication
Databases
4. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
Orange Book B2 Classification
Accurate
MOM
Labeling
5. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Hub
Data Leakage
Rootkit
Cipher Text
6. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Plain Text
Vital Record
Encryption
Hub
7. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
Faraday Cage/ Shield
Total Risk
Digital Certificate
Source Routing Exploitation
8. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Virus
Standalone Test
Framework
Twisted Pair
9. A signal suggesting a system has been or is being attacked.
Pointer
Need-To-Know
Alert/Alarm
Open Mail Relay Servers
10. Prolonged loss of commercial power
Collisions
Cross Training
Top Secret
Blackout
11. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
Logic Bomb
3 Types of harm Addressed in computer crime laws
User
Education
12. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Complete
Tracking
Information Technology Security Evaluation Criteria - ITSEC
Analysis
13. Consume resources to a point of exhaustion - loss of availability
Denial Of Service
MOM
Data Dictionary
Routers
14. For PKI - to store another copy of a key
Electromagnetic Interference (EMI)
Key Escrow
Site Policy Awareness
Atomicity
15. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Radio Frequency Interference (RFI)
Repeaters
Threads
Recovery Strategy
16. Recovery alternative which includes cold site and some equipment and infrastructure is available
Walk Though
Mantrap (Double Door System)
Operational Impact Analysis
Warm Site
17. A technology that reduces the size of a file.
Checklist Test
Tapping
Kerckhoff's Principle
Compression
18. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)
Classification
Ethics
Pervasive Computing and Mobile Computing Devices
Contingency Plan
19. A process state - to be executing a process on the CPU
Running
Watermarking
War Driving
Business Impact Analysis
20. Pertaining to law - verified as real
Tapping
IP Address Spoofing
Authentic
Durability
21. OOP concept of a distinct copy of the class
Distributed Processing
Object
Injection
HTTP Response Splitting
22. To set the clearance of a subject or the classification of an object
MOM
Labeling
Spyware
Key Space
23. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Hearsay Evidence
Hot Spares
Logic Bomb
Virtual Memory
24. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Satellite
Memory Management
Admissible
Fiber Optics
25. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?
Blind Testing
Waterfall
Checklist Test (desk check)
Incident Response Team
26. False memory reference
Dictionary Attack
Dangling Pointer
Remote Access Trojan
Cipher Text
27. A process state - (blocked) needing input before continuing
Polyalphabetic
Archival Data
Wait
Qualitative
28. A control before attack
Debriefing/Feedback
Admissible
Safeguard
Data Integrity
29. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Examples of non-technical security components
Highly Confidential
Tort
ITSEC
30. Moving the alphabet intact a certain number spaces
Shift Cipher (Caesar)
Distributed Processing
Access Control Matrix
Accurate
31. Descrambling the encrypted message with the corresponding key
Containment
Decipher
EMI
True Attack Stimulus
32. System mediation of access with the focus on the context of the request
Content Dependent Access Control
Authorization
Attacker (Black hat - Hacker)
Physical Tampering
33. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Site Policy
Marking
Intrusion Prevention Systems
Workaround Procedures
34. Transaction controls for a database - a return to a previous state
Incident Response
Business Continuity Program
Hearsay Evidence
Rollback
35. Security policy - procedures - and compliance enforcement
Recovery Point Objective (RPO)
Authentic
Examples of non-technical security components
Chain of Custody
36. A choice in risk management - to convince another to assume risk - typically by payment
Checklist Test
Transfer
Trademark
Elements of Negligence
37. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Recovery Period
Hard Disk
Smurf
Cryptanalysis
38. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Class
Information Technology Security Evaluation Criteria - ITSEC
Common Criteria
Data Integrity
39. A state for operating system tasks only
Examples of technical security components
Recovery
Supervisor Mode (monitor - system - privileged)
Mandatory Access Control (MAC)
40. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data
Control
Byte Level Deletion
Inrush Current
Class
41. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Least Privilege
Integrated Test
Due Care
Microwave
42. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
Critical Functions
Satellite
TNI (Red Book)
Keyed-Hashing For Message Authentication
43. An alert or alarm that is triggered when no actual attack has taken place
Full-Interruption test
Site Policy Awareness
Internal Use Only
False (False Positive)
44. Dedicated fast memory located on the same board as the CPU
CPU Cache
Detection
Discretionary
Coaxial Cable
45. Disruption of operation of an electronic device due to a competing electromagnetic field.
Active Data
Smurf
EMI
JPEG (Joint Photographic Experts Group)
46. Real-time - automatic and transparent backup of data.
Remote Journaling
Total Risk
Policy
Residual Risk
47. A physical enclosure for verifying identity before entry to a facility
Mantrap (Double Door System)
Twisted Pair
SYN Flooding
Contact List
48. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Waterfall
Certificate Revocation List (CRL)
Deadlock
Alert
49. Alerts personnel to the presence of a fire
Event
Fire Detection
Method
Disaster Recovery Plan
50. Control category- to discourage an adversary from attempting to access
Event
Identification
Deterrent
Multi-Party Control