SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. For PKI - to have more than one person in charge of a sensitive function
Twisted Pair
Trusted Computing Base
Pointer
Multi-Party Control
2. Malware that makes many small changes over time to a single data point or system
Salami
Multi-Core
Criminal Law
Criminal Law
3. Converts source code to an executable
Criminal Law
Compiler
Firewall
Vulnerability
4. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur
Source Routing Exploitation
Failure Modes and Effect Analysis (FEMA)
Debriefing/Feedback
Exercise
5. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Recovery Strategy
Business Continuity Program
Declaration
Layering
6. Part of a transaction control for a database which informs the database of the last recorded transaction
Data Owner
Hearsay Evidence
Processes are Isolated By
Checkpoint
7. Trading one for another
Metadata
Central Processing Unit (CPU)
Radio Frequency Interference (RFI)
Substitution
8. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
Critical Records
3 Types of harm Addressed in computer crime laws
Incident
Patch Panels
9. One way encryption
Hash Function
Full-Interruption test
Warm Site
Hijacking
10. Try a list of words in passwords or encryption keys
Least Privilege
Dictionary Attack
Picking
Data Custodian
11. Business and technical process of applying security software updates in a regulated periodic way
Patch Management
Private Branch Exchange (PBX)
Content Dependent Access Control
Orange Book C Classification
12. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Satellite
Surge
Integrated Test
Smurf
13. Subset of operating systems components dedicated to protection mechanisms
Class
Security Kernel
Side Channel Attack
Hearsay Evidence
14. Recovery alternative - short-term - high cost movable processing location
Mobile Site
Object Oriented Programming (OOP)
Content Dependent Access Control
Enticement
15. Record history of incident
Gateway
Intrusion Detection Systems
Tracking
Compiler
16. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Metadata
Recovery Period
Executive Succession
Examples of non-technical security components
17. Most granular organization of controls
Fire Prevention
Cold Site
Control Category
Object
18. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
Alert/Alarm
Disaster Recovery Teams (Business Recovery Teams)
Buffer Overflow
TNI (Red Book)
19. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.
Recovery Point Objective (RPO)
ITSEC
File Server
Keyed-Hashing For Message Authentication
20. A group or network of honeypots
Safeguard
Honeynet
Strategic
Compensating
21. To evaluate the current situation and make basic decisions as to what to do
Collisions
Triage
Modems
Moore's Law
22. Location where coordination and execution of BCP or DRP is directed
Maximum Tolerable Downtime (MTD)
Shift Cipher (Caesar)
Emergency Operations Center (EOC)
IP Fragmentation
23. Object based description of a system or a collection of resources
File Extension
Access Control Matrix
User Mode (problem or program state)
Cold Site
24. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.
Denial Of Service
Hearsay Evidence
Teardrop
Electrostatic Discharge
25. Act of scrambling the cleartext message by using a key.
Separation Of Duties
Encipher
Administrative
Examples of technical security components
26. Those who initiate the attack
ISO/IEC 27002
Threat Agent
Birthday Attack
Compensating
27. Unsolicited advertising software
Threads
Cryptography
Adware
Incident Response Team
28. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Incident Manager
Life Cycle of Evidence
Integrated Test
Business Records
29. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
Data Hiding
Domain
War Driving
Critical Functions
30. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Technical Access Controls
Machine Language (Machine Code)
Countermeasure
Common Criteria
31. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.
The ACID Test
Computer System Evidence
Threat Agent
Off-Site Storage
32. Controls for termination of attempt to access object
Threats
Intrusion Prevention Systems
Private Branch Exchange (PBX)
Multi-Tasking
33. Just enough access to do the job
Preemptive
Mirrored Site
Administrative Access Controls
Least Privilege
34. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Tapping
Certificate Revocation List (CRL)
Classification
Mandatory Access Control (MAC)
35. Independent malware that requires user interaction to execute
Cross Training
Trusted Computing Base
Virus
Deleted File
36. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Routers
Life Cycle of Evidence
War Dialing
Trojan Horse
37. With enough computing power trying all possible combinations
Brute Force
File Shadowing
Common Law
Spyware
38. Asymmetric encryption of a hash of message
Digital Signature
Fire Suppression
Sniffing
Business Continuity Program
39. Planning with a goal of returning to the normal business function
Proxies
Restoration
Computer System Evidence
Resumption
40. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
Processes are Isolated By
Data Custodian
Microwave
Marking
41. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Satellite
Contact List
Exposure
Inheritance
42. Hitting a filed down key in a lock with a hammer to open without real key
User Mode (problem or program state)
Bumping
Inrush Current
Lattice
43. Security policy - procedures - and compliance enforcement
Public Key Infrastructure (PKI)
Examples of non-technical security components
File Sharing
Memory Management
44. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)
Control Type
Firewall
Running
Contingency Plan
45. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.
Teardrop
False (False Positive)
Failure Modes and Effect Analysis (FEMA)
Risk Assessment / Analysis
46. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Double Blind Testing
Byte Level Deletion
Data Integrity
Administrative Laws
47. The chance that something negative will occur
Risk
Copyright
Relocation
Modems
48. Sudden rise in voltage in the power supply.
Surge
Fragmented Data
Brute Force
Business Impact Analysis
49. Reprogrammable basic startup instructions
Firmware
Risk Assessment
Targeted Testing
Business Continuity Planning (BCP)
50. Small data warehouse
Administrative Law
Data Marts
Disaster Recovery Teams (Business Recovery Teams)
Alert
