SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Review of data
IP Fragmentation
Analysis
Disaster
Forward Recovery
2. Subset of operating systems components dedicated to protection mechanisms
E-Mail Spoofing
Qualitative
Security Kernel
Site Policy Awareness
3. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
TNI (Red Book)
Infrastructure
ITSEC
TCSEC (Orange Book)
4. High degree of visual control
Encryption
Surveillance
Process Isolation
Domain
5. A collection of information designed to reduce duplication and increase integrity
Bollard
Databases
Embedded Systems
False (False Positive)
6. Is secondhand and usually not admissible in court
Cache
File Server
Hearsay Evidence
Fire Classes
7. Unsolicited commercial email
Spam
Brouter
Convincing
Fire Prevention
8. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.
Orange Book C2 Classification
Steganography
Contact List
Pointer
9. Total number of keys available that may be selected by the user of a cryptosystem
Radio Frequency Interference (RFI)
Key Space
Instance
Deleted File
10. The chance that something negative will occur
Separation Of Duties
Key Space
Hijacking
Risk
11. An attack involving the hijacking of a TCP session by predicting a sequence number.
Sequence Attacks
False Negative
The ACID Test
Evidence
12. Control category- to record an adversary's actions
Cookie
Attacker (Black hat - Hacker)
Detective
Burn
13. Representatives from each functional area or department get together and walk through the plan from beginning to end.
Non-Interference
Consistency
Firmware
Structured Walk-Through Test
14. Intermediate level - pertaining to planning
Operational
Authorization
Side Channel Attack
HTTP Response Splitting
15. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Hearsay
Packet Filtering
Teardrop
Call Tree
16. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc
Critical Infrastructure
Multiplexers
Masquerading
Reference Monitor
17. Controls deployed to avert unauthorized and/or undesired actions.
Prevention
Emanations
Access Point
Threats
18. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
File Extension
User
Eavesdropping
Crisis
19. For PKI - to store another copy of a key
Patch Panels
Access Point
Territoriality
Key Escrow
20. Unused storage capacity
Certification Authority
Inference
Checklist Test
Slack Space
21. Some systems are actually run at the alternate site
Parallel Test
Brownout
Routers
Switches
22. Converts a high level language into machine language
Initialization Vector
Off-Site Storage
Threats
Assembler
23. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
Message Digest
Information Technology Security Evaluation Criteria - ITSEC
TNI (Red Book)
Substitution
24. Individuals and departments responsible for the storage and safeguarding of computerized data.
Patch Panels
Data Custodian
Transients
Honeynet
25. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Kernel
Test Plan
CobiT
Active Data
26. An individuals conduct that violates government laws developed to protect the public
Criminal Law
Privacy Laws
Multi-Tasking
Waterfall
27. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Data Leakage
Repeaters
Threats
Revocation
28. Pertaining to law - no omissions
Complete
Trademark
Access Control Attacks
Mandatory Access Control (MAC)
29. Organized group of compromised computers
Buffer Overflow
Mandatory Access Control (MAC)
Off-Site Storage
Botnet
30. Methodical research of an incident with the purpose of finding the root cause
Architecture
JPEG (Joint Photographic Experts Group)
Investigation
Data Recovery
31. A process state - (blocked) needing input before continuing
Business Impact Analysis
Risk Mitigation
Wait
Codec
32. Code making
Digital Signature
Identification
Picking
Cryptography
33. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
TIFF (Tagged Image File Format)
Risk
Threat Agent
State Machine Model
34. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Separation Of Duties
Qualitative
Microwave
IDS Intrusion Detection System
35. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Data Integrity
Non-Interference
ISO/IEC 27002
DR Or BC Coordinator
36. To create a copy of data as a precaution against the loss or damage of the original data.
Electronic Vaulting
Backup
Policy
Civil Or Code Law
37. Someone who want to know how something works - typically by taking it apart
Security Clearance
Intrusion Detection Systems
Shielding
Hacker
38. A electronic attestation of identity by a certificate authority
Certification
Recovery Strategy
Data Diddler
Digital Certificate
39. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
TCSEC (Orange Book)
Tactical
E-Mail Spoofing
Sniffing
40. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
Deterrent
Centralized Access Control Technologies
Proprietary
Public Key Infrastructure (PKI)
41. Just enough access to do the job
Containment
Side Channel Attack
Least Privilege
Fraggle
42. The level and label given to an individual for the purpose of compartmentalization
Security Clearance
Logic Bomb
Electrostatic Discharge
Metadata
43. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
Network Attached Storage (NAS)
Time Of Check/Time Of Use
Cross Certification
ff Site
44. Mathematical function that determines the cryptographic operations
Need-To-Know
Data Dictionary
Algorithm
Mandatory Access Control (MAC)
45. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.
War Driving
Fragmented Data
Disk Mirroring
Trademark
46. May be responsible for overall recovery of an organization or unit(s).
Malformed Input
Gateway
Hot Site
DR Or BC Coordinator
47. Recognition of an individual's assertion of identity.
Recovery Time Objectives
Contact List
Identification
MOM
48. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Certificate Revocation List (CRL)
Electromagnetic Interference (EMI)
Standalone Test
Log
49. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.
Instance
TCSEC (Orange Book)
Highly Confidential
Off-Site Storage
50. A design methodology which executes in a linear one way fashion
Mitigate
Sniffing
Waterfall
Secondary Storage
