SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. System directed mediation of access with labels
Mandatory
Data Integrity
Work Factor
Secondary Storage
2. Security policy - procedures - and compliance enforcement
Hub
Examples of non-technical security components
Logic Bomb
Technical Access Controls
3. Intellectual property protection for the expression of an idea
Copyright
Labeling
Wait
E-Mail Spoofing
4. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
Surge
Information Risk Management (IRM)
Confidence Value
Shift Cipher (Caesar)
5. Recording the Who What When Where How of evidence
Governance
Man-In-The-Middle Attack
Accountability
Chain Of Custody
6. Those who initiate the attack
Fragmented Data
Metadata
Near Site
Threat Agent
7. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
Logic Bomb
Memory Management
Fire Detection
File Server
8. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Encipher
Business Interruption
Recovery
Masked/Interruptible
9. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Ethics
Operational Exercise
Service Bureau
Simulation Test
10. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
User Mode (problem or program state)
Data Diddler
Risk Mitigation
Administrative Laws
11. A programming design concept which abstracts one set of functions from another in a serialized fashion
Logic Bomb
Supervisor Mode (monitor - system - privileged)
Layering
Cryptography
12. Wrong against society
Embedded
Accreditation
Cryptography
Criminal Law
13. OOP concept of a template that consist of attributes and behaviors
Class
Redundant Array Of Independent Drives (RAID)
Database Shadowing
Orange Book D Classification
14. A computer designed for the purpose of studying adversaries
Honeypot
Standard
Botnet
Access Control Lists
15. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity
Site Policy Awareness
TIFF (Tagged Image File Format)
Hot Site
Incident Response
16. Forgery of the sender's email address in an email header.
Repeaters
Firmware
Emergency Procedures
E-Mail Spoofing
17. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Non-Discretionary Access Control
Monitor
Interpreter
Information Flow Model
18. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
ITSEC
Prevention
Running Key
Service Bureau
19. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Salami
Isolation
Forensic Copy
System Life Cycle
20. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance
Distributed Denial Of Service
Interpreter
Redundant Array Of Independent Drives (RAID)
Orange Book C Classification
21. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
Data Dictionary
Codec
System Life Cycle
Plaintext
22. Forging of an IP address.
Consistency
Emergency Operations Center (EOC)
Mandatory Vacations
IP Address Spoofing
23. Renders the file inaccessible to the operating system - available to reuse for data storage.
File Level Deletion
Log
Highly Confidential
Orange Book D Classification
24. Ertaining to a number system that has just two unique digits.
Incident Handling
Strategic
Binary
Smurf
25. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination
Computer Forensics
Method
Man-In-The-Middle Attack
Cryptovariable
26. Mediation of subject and object interactions
Rootkit
Chain of Custody
Access Control
Brownout
27. The principles a person sets for themselves to follow
Emergency Operations Center (EOC)
Covert Channel
Simulation Test
Ethics
28. Line noise that is superimposed on the supply circuit.
Standard
Brute Force
Transients
Workaround Procedures
29. To stop damage from spreading
False (False Positive)
Interpreter
Containment
Threads
30. Guidelines within an organization that control the rules and configurations of an IDS
Technical Access Controls
3 Types of harm Addressed in computer crime laws
Exposure
Site Policy
31. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.
Convincing
Business Unit Recovery
Faraday Cage/ Shield
Machine Language (Machine Code)
32. System mediation of access with the focus on the context of the request
Threats
Content Dependent Access Control
Business Continuity Program
Brute Force
33. Actions measured against either a policy or what a reasonable person would do
Due Diligence
Electromagnetic Interference (EMI)
Civil Law
Honeypot
34. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Contingency Plan
Recovery Strategy
Processes are Isolated By
Concentrator
35. A choice in risk management - to convince another to assume risk - typically by payment
Business Continuity Planning (BCP)
Transfer
Substitution
Business Interruption
36. Threats x Vulnerability x Asset Value = Total Risk
Total Risk
Isolation
Sharing
Virus
37. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Guidelines
Repeaters
Analysis
Classification
38. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.
Worldwide Interoperability for Microwave Access (WI-MAX )
System Life Cycle
Remote Journaling
Checkpoint
39. To move from location to location - keeping the same function
Job Rotation
Bridge
Malformed Input
Hub
40. Induces a crime - tricks a person - and is illegal
Entrapment
Multi-Processor
Processes are Isolated By
Transients
41. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Hot Spares
Durability
Walk Though
Record Level Deletion
42. Total number of keys available that may be selected by the user of a cryptosystem
Admissible
Remote Access Trojan
Event
Key Space
43. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Common Criteria
Hijacking
Examples of technical security components
Mission-Critical Application
44. Mediation of covert channels must be addressed
File Extension
Key Escrow
TNI (Red Book)
Information Flow Model
45. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Integrated Test
Control
Bridge
Masked/Interruptible
46. Responsibility of a user for the actions taken by their account which requires unique identification
Cryptography
Guidelines
Resumption
Accountability
47. A covert storage channel on the file attribute
Operational
Eavesdropping
Alternate Data Streams (File System Forks)
Desk Check Test
48. Subjects will not interact with each other's objects
Archival Data
Data Custodian
Non-Interference
Computer Forensics
49. A template for the designing the architecture
Incident Response
Security Blueprint
Pointer
Fire Suppression
50. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
SQL Injection
Data Hiding
Byte Level Deletion
Redundant Servers
