SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
Test Plan
Preemptive
Intrusion Detection Systems
BCP Testing Drills and Exercises
2. Vehicle stopping object
Bollard
Injection
Mobile Recovery
Noise
3. Computing power will double every 18 months
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
4. Individuals and departments responsible for the storage and safeguarding of computerized data.
Data Custodian
Rootkit
Brouter
Hacker
5. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Mission-Critical Application
Integrated Test
Authorization
Dictionary Attack
6. Intermediate level - pertaining to planning
Covert Channel
Logic Bomb
Operational
Civil Or Code Law
7. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Open Mail Relay Servers
Object Oriented Programming (OOP)
False (False Positive)
Accurate
8. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Picking
Generator
Top Secret
Aggregation
9. Reduces causes of fire
Centralized Access Control Technologies
Fire Prevention
Cryptology
Polyalphabetic
10. Forgery of the sender's email address in an email header.
Hearsay Evidence
Cold Site
Trapdoors (Backdoors) (Maintenance Hooks)
E-Mail Spoofing
11. Program instructions based upon the CPU's specific architecture
Access Control
Machine Language (Machine Code)
Modems
Triage
12. Inference about encrypted communications
Sequence Attacks
Side Channel Attack
Rootkit
Code
13. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Kerberos
Corrective
Site Policy Awareness
ISO/IEC 27002
14. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Concentrator
Walk Though
Hearsay Evidence
Multi-Processing
15. To load the first piece of software that starts a computer.
Boot (V.)
Emergency
Exposure
Orange Book B1 Classification
16. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
The ACID Test
Multi-Party Control
Multi-Processing
Spiral
17. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
Least Privilege
Mirroring
Job Rotation
Critical Functions
18. Uncheck data input which results in redirection
Trade Secret
Mandatory Access Control (MAC)
Brouter
HTTP Response Splitting
19. Indivisible - data field must contain only one value that either all transactions take place or none do
Checklist Test (desk check)
Checksum
Due Diligence
Atomicity
20. Creation distribution update and deletion
Key Management
Atomicity
Attacker (Black hat - Hacker)
Tactical
21. Mediation of subject and object interactions
Disaster Recovery Plan
Access Control
Data Owner
Remote Journaling
22. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
Education
Exercise
Control
Mirroring
23. Written step-by-step actions
Procedure
Technical Access Controls
Executive Succession
Modification
24. Mediation of covert channels must be addressed
Top Secret
Information Flow Model
War Dialing
Marking
25. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Technical Access Controls
BCP Testing Drills and Exercises
Orange Book B2 Classification
Brownout
26. A process state - to be executing a process on the CPU
Running
Forensic Copy
Convincing
Picking
27. A unit of execution
Threads
Teardrop
Business Recovery Team
Picking
28. Standard for the establishment - implementation - control - and improvement of the Information Security Management System
Database Replication
ISO/IEC 27001
Machine Language (Machine Code)
Data Dictionary
29. Threats x Vulnerability x Asset Value = Total Risk
Plan Maintenance Procedures
Wait
Total Risk
Authentication
30. To set the clearance of a subject or the classification of an object
Chain of Custody
Labeling
Declaration
Databases
31. Converts a high level language into machine language
Cross Certification
Executive Succession
Denial Of Service
Assembler
32. Used to code/decode a digital data stream.
Simulation Test
Overlapping Fragment Attack
Codec
UPS
33. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.
Labeling
Hot Site
Asymmetric
Business Recovery Team
34. Part of a transaction control for a database which informs the database of the last recorded transaction
ISO/IEC 27002
Checkpoint
Radio Frequency Interference (RFI)
Reciprocal Agreement
35. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Journaling
Restoration
Mirroring
Multi-Processing
36. Property that data is represented in the same manner at all times
Multi-Processing
Privacy Laws
Vulnerability
Consistency
37. Pertaining to law - no omissions
Complete
Incident Manager
Uninterruptible Power Supply (UPS)
Blackout
38. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.
Wireless Fidelity (Wi-Fi )
Remote Journaling
Executive Succession
Multilevel Security System
39. What is will remain - persistence
Durability
Business Impact Analysis
SQL Injection
Enticement
40. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.
Pointer
Bit
Entrapment
Disaster Recovery Plan
41. Recording activities at the keyboard level
Keystroke Logging
Picking
Content Dependent Access Control
Decipher
42. Act of scrambling the cleartext message by using a key.
Reciprocal Agreement
Encipher
Modification
Hot Site
43. A group or network of honeypots
E-Mail Spoofing
Workaround Procedures
Intrusion Detection Systems
Honeynet
44. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
File Level Deletion
Cross Training
One Time Pad
45. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Steganography
Keystroke Logging
Metadata
Information Technology Security Evaluation Criteria - ITSEC
46. Just enough access to do the job
Control
Intrusion Detection Systems
Multilevel Security System
Least Privilege
47. Control category- to discourage an adversary from attempting to access
Deterrent
Private Branch Exchange (PBX)
Compiler
Data Warehouse
48. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination
Man-In-The-Middle Attack
Total Risk
Metadata
Incident Response Team
49. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Business Impact Analysis
Fire Classes
Guidelines
Data Custodian
50. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Fire Detection
File Sharing
Network Attached Storage (NAS)
Distributed Denial Of Service