SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Repeaters
Redundant Servers
Critical Functions
Acronym for American Standard Code for Information Interchange (ASCII)
2. A state for operating system tasks only
Mirroring
Supervisor Mode (monitor - system - privileged)
Method
Disaster Recovery Tape
3. Independent malware that requires user interaction to execute
Inrush Current
Secondary Storage
Business Records
Virus
4. An alert or alarm that is triggered when no actual attack has taken place
False (False Positive)
Remote Journaling
Data Owner
Information Risk Management (IRM)
5. Wrong against society
Transfer
Criminal Law
Covert Channel
Risk Mitigation
6. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Mandatory Access Control (MAC)
Journaling
Disk Mirroring
Picking
7. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.
BCP Testing Drills and Exercises
Symmetric
Off-Site Storage
Desk Check Test
8. Encryption system using shared key/private key/single key/secret key
Byte Level Deletion
Deletion
TCSEC (Orange Book)
Symmetric
9. A template for the designing the architecture
Control Category
Administrative Laws
Security Blueprint
Targeted Testing
10. The connection between a wireless and wired network.
Surge
Cross Certification
Access Point
Total Risk
11. A type of multitasking that allows for more even distribution of computing time among competing request
Cross Training
Preemptive
Protection
Substitution
12. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Kerberos
Inheritance
Bollard
Exercise
13. Most granular organization of controls
One Time Pad
Control Category
Service Bureau
Critical Infrastructure
14. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur
Compression
Failure Modes and Effect Analysis (FEMA)
Mitigate
Interference (Noise)
15. Responsibility of a user for the actions taken by their account which requires unique identification
Parallel Test
Orange Book A Classification
Blackout
Accountability
16. Scrambled form of the message or data
Detection
Cipher Text
Business Impact Analysis
Cross Certification
17. Object based description of a single resource and the permission each subject
Accurate
Covert Channel
Tracking
Access Control Lists
18. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components
False Attack Stimulus
Simulation
Infrastructure
Masked/Interruptible
19. RADIUS - TACACS+ - Diameter
Blind Testing
Operating
Strong Authentication
Centralized Access Control Technologies
20. Actions measured against either a policy or what a reasonable person would do
Contact List
Tapping
Due Diligence
Compensating
21. A mobilized resource purchased or contracted for the purpose of business recovery.
Damage Assessment
Containment
Mobile Recovery
File Extension
22. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Data Custodian
Countermeasure
Eavesdropping
Civil Law
23. A covert storage channel on the file attribute
Time Of Check/Time Of Use
Highly Confidential
Alternate Data Streams (File System Forks)
Polymorphism
24. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Authorization
The ACID Test
Orange Book D Classification
Exposure
25. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack
False (False Positive)
Confidence Value
ff Site
Inference
26. The study of cryptography and cryptanalysis
Administrative Law
Investigation
Cryptology
Discretionary Access Control (DAC)
27. Control category- to discourage an adversary from attempting to access
Vulnerability
On-Site
Deterrent
Strategic
28. Hitting a filed down key in a lock with a hammer to open without real key
Contingency Plan
Bumping
Fragmented Data
Redundant Servers
29. Potentially compromising leakage of electrical or acoustical signals.
Data Custodian
Object Reuse
Recovery Strategy
Emanations
30. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Reciprocal Agreement
Malformed Input
Encryption
Alert/Alarm
31. Requirement of access to data for a clearly defined purpose
Need-To-Know
Open Mail Relay Servers
Incident
Substitution
32. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.
Alert/Alarm
Procedure
Business Interruption Insurance
TNI (Red Book)
33. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.
Business Recovery Team
Access Control Lists
Trapdoors (Backdoors) (Maintenance Hooks)
Embedded Systems
34. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Buffer Overflow
Double Blind Testing
Network Attached Storage (NAS)
Metadata
35. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.
Residual Data
Accountability
Inference
Administrative
36. A record that must be preserved and available for retrieval if needed.
Vital Record
Centralized Access Control Technologies
Data Owner
Encryption
37. OOP concept of a template that consist of attributes and behaviors
Covert Channel
ISO/IEC 27002
Class
Cryptanalysis
38. Controls deployed to avert unauthorized and/or undesired actions.
Remote Access Trojan
Multi-Tasking
Prevention
Operating
39. To create a copy of data as a precaution against the loss or damage of the original data.
Codec
Backup
Replication
Tort
40. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
Access Control Attacks
Recovery Period
ff Site
Hot Spares
41. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
Strategic
Embedded Systems
Boot (V.)
Code
42. OOP concept of a distinct copy of the class
Relocation
Object
Containment
Highly Confidential
43. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Information Technology Security Evaluation Criteria - ITSEC
Crisis
Vital Record
SQL Injection
44. Responsibility for actions
Trojan Horse
Liability
Radio Frequency Interference (RFI)
Hot Spares
45. The guardian of asset(s) - a maintenance activity
Custodian
Recovery Period
Collisions
Certification
46. Property that data is represented in the same manner at all times
Coaxial Cable
Consistency
Cryptography
Phishing
47. All of the protection mechanism in a computer system
Modification
Fire Detection
Structured Walk-Through Test
Trusted Computing Base
48. A control before attack
Safeguard
Hash Function
Digital Signature
Dictionary Attack
49. Hiding the fact that communication has occurred
Hash Function
Steganography
Incident Response Team
Polymorphism
50. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Top Secret
Business Continuity Steering Committee
Tar Pits
On-Site