SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Third party processes used to organize the implementation of an architecture
Orange Book C2 Classification
Acronym for American Standard Code for Information Interchange (ASCII)
Framework
Detective
2. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Change Control
Data Custodian
Orange Book D Classification
Tar Pits
3. Part of a transaction control for a database which informs the database of the last recorded transaction
Checkpoint
Certificate Revocation List (CRL)
Surge Suppressor
Time Of Check/Time Of Use
4. An unintended communication path
Restoration
Access Control Attacks
Covert Channel
Emergency Operations Center (EOC)
5. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Top Secret
Risk Assessment
Fiber Optics
Data Leakage
6. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Codec
Radio Frequency Interference (RFI)
War Dialing
Business Continuity Steering Committee
7. Effort/time needed to overcome a protective measure
Work Factor
Data Recovery
Storage Area Network (SAN)
Internal Use Only
8. A backup type - for databases at a point in time
Checksum
File Shadowing
Initialization Vector
Shadowing (file shadowing)
9. Try a list of words in passwords or encryption keys
Emergency Procedures
Dictionary Attack
Embedded
Worm
10. Small data files written to a user's hard drive by a web server.
Legacy Data
Cookie
IP Fragmentation
False Negative
11. A test conducted on one or more components of a plan under actual operating conditions.
Deterrent
Operational Test
Degauss
Monitor
12. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Overlapping Fragment Attack
Strategic
Brownout
Symmetric
13. A Trojan horse with the express underlying purpose of controlling host from a distance
Layering
Microwave
Bumping
Remote Access Trojan
14. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.
Aggregation
5 Rules Of Evidence
Fault Tolerance
Network Attached Storage (NAS)
15. To load the first piece of software that starts a computer.
Civil Law
Mirroring
Boot (V.)
Cryptography
16. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Workaround Procedures
Crisis
Security Clearance
Hijacking
17. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.
Data Dictionary
Embedded Systems
Burn
TEMPEST
18. OOP concept of a taking attributes from the original or parent
Inheritance
Rogue Access Points
Mandatory Access Control (MAC)
Masquerading
19. Program instructions based upon the CPU's specific architecture
Smurf
Emergency
Machine Language (Machine Code)
Microwave
20. Recording activities at the keyboard level
Fault
Keystroke Logging
Asymmetric
Multi-Tasking
21. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Reference Monitor
Identification
Polymorphism
Remote Journaling
22. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Central Processing Unit (CPU)
Consistency
Attacker (Black hat - Hacker)
Satellite
23. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Code
Mission-Critical Application
Application Programming Interface
Orange Book C Classification
24. False memory reference
Incident Handling
Data Diddler
Dangling Pointer
Territoriality
25. Maintenance procedures outline the process for the review and update of business continuity plans.
Dangling Pointer
Examples of technical security components
Plan Maintenance Procedures
Framework
26. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
Public Key Infrastructure (PKI)
Mixed Law System
Data Leakage
Incident
27. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Residual Risk
Interception
Risk Assessment
Strategic
28. A physical enclosure for verifying identity before entry to a facility
Mantrap (Double Door System)
Deleted File
Interpreter
Security Blueprint
29. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Picking
Radio Frequency Interference (RFI)
Recovery Point Objective (RPO)
Emergency Operations Center (EOC)
30. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.
Electronic Vaulting
MOM
Access Control Matrix
Vulnerability
31. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
Processes are Isolated By
Intrusion Prevention Systems
Storage Area Network (SAN)
Convincing
32. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
Adware
Kernel
Bollard
ISO/IEC 27002
33. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.
Fragmented Data
Full Test (Full Interruption)
Boot (V.)
Criminal Law
34. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.
Denial Of Service
Orange Book B2 Classification
TEMPEST
Isolation
35. A backup type which creates a complete copy
Masked/Interruptible
Fault Tolerance
Pervasive Computing and Mobile Computing Devices
Replication
36. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
Domain
Legacy Data
Cryptovariable
Moore's Law
37. Individuals and departments responsible for the storage and safeguarding of computerized data.
Stopped
Acronym for American Standard Code for Information Interchange (ASCII)
Data Custodian
File Sharing
38. A state where two subjects can access the same object without proper mediation
Twisted Pair
Multiplexers
Race Condition
TCSEC (Orange Book)
39. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Inrush Current
Business Records
Source Routing Exploitation
Alarm Filtering
40. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.
Business Unit Recovery
Plan Maintenance Procedures
Surge Suppressor
Sequence Attacks
41. Unchecked data which spills into another location in memory
2-Phase Commit
Operational
Buffer Overflow
Faraday Cage/ Shield
42. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Orange Book D Classification
Checklist Test
Hub
Computer System Evidence
43. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Access Control Attacks
Administrative Access Controls
Collisions
Trade Secret
44. Collection of data on business functions which determines the strategy of resiliency
Virus
Initialization Vector
Business Impact Assessment (BIA)
Near Site
45. A protocol for the efficient transmission of voice over the Internet
Risk Mitigation
Coaxial Cable
Voice Over IP (VOIP)
Recovery Time Objectives
46. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Algorithm
Instance
Business Recovery Timeline
Disaster Recovery Plan
47. Control category - more than one control on a single asset
Education
Compensating
Cryptography
Electromagnetic Interference (EMI)
48. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Exposure
Alternate Site
Data Diddler
Separation Of Duties
49. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
Operational
Computer Forensics
Proxies
Access Control
50. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Hearsay
IP Address Spoofing
Information Technology Security Evaluation Criteria - ITSEC
Preemptive
