SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Creation distribution update and deletion
Man-In-The-Middle Attack
Key Management
Incident Handling
Switches
2. Intellectual property protection for the expression of an idea
Guidelines
Business Recovery Timeline
Method
Copyright
3. To execute more than one instruction at an instant in time
Alert
Multi-Processing
Qualitative
Access Control Lists
4. Recording activities at the keyboard level
Cookie
Consistency
Keystroke Logging
Highly Confidential
5. A process state - to be either be unable to run waiting for an external event or terminated
Object
Stopped
Backup
File Shadowing
6. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Cross Certification
Territoriality
Test Plan
Standalone Test
7. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
Atomicity
The ACID Test
Data Leakage
Deletion
8. The first rating that requires security labels
Reciprocal Agreement
True Attack Stimulus
Access Control Matrix
Orange Book B1 Classification
9. Specific format of technical and physical controls that support the chosen framework and the architecture
Object
Executive Succession
Infrastructure
Disaster Recovery Tape
10. Alerts personnel to the presence of a fire
Business Recovery Timeline
Fire Detection
Blind Testing
Recovery Strategy
11. A choice in risk management - to implement a control that limits or lessens negative effects
Mitigate
Vital Record
Bumping
Monitor
12. Prolonged loss of commercial power
Blackout
ISO/IEC 27002
Mobile Site
Consistency
13. Trading one for another
Substitution
Top Secret
Reference Monitor
Mobile Recovery
14. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.
TEMPEST
Recovery
Disaster
Sniffing
15. Objects or programming that looks the different but act same
Common Criteria
Strategic
Containment
Polymorphism
16. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
ITSEC
Privacy Laws
Classification
Detective
17. Pertaining to law - accepted by a court
Accountability
Deadlock
Content Dependent Access Control
Admissible
18. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.
Pointer
Elements of Negligence
Attacker (Black hat - Hacker)
Privacy Laws
19. Review of data
Identification
Mixed Law System
Analysis
Slack Space
20. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
Encipher
Checklist Test
Computer System Evidence
Job Training
21. A physical enclosure for verifying identity before entry to a facility
Site Policy Awareness
Information Owner
Mantrap (Double Door System)
Fire Suppression
22. A BCP testing type - (structured walkthrough) - a test that answers the question: Is everything need for recovery available?
Walk Though
Need-To-Know
Multi-Processor
Trojan Horse
23. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.
Brute Force
Mock Disaster
Civil Or Code Law
Hijacking
24. A device that provides the functions of both a bridge and a router.
Workaround Procedures
Physical Tampering
Identification
Brouter
25. An encryption method that has a key as long as the message
Redundant Servers
Backup
Running Key
Covert Channel
26. Tool which mediates access
Control
Maximum Tolerable Downtime (MTD)
Fault
Assembler
27. A design methodology which executes in a linear one way fashion
Waterfall
Logic Bomb
Recovery Strategy
Information Technology Security Evaluation Criteria - ITSEC
28. Moving the alphabet intact a certain number spaces
Payload
Checklist Test
Shift Cipher (Caesar)
Due Diligence
29. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Distributed Denial Of Service
Need-To-Know
Multi-Party Control
Operational Impact Analysis
30. A mathematical tool for verifying no unintentional changes have been made
Structured Walk-Through Test
Initialization Vector
Checksum
Database Replication
31. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Embedded Systems
Enticement
Decipher
Fraggle
32. Intellectual property protection for an invention
Business Records
Binary
Patent
Fire Detection
33. A control after attack
Criminal Law
Countermeasure
Call Tree
Basics Of Secure Design
34. Effort/time needed to overcome a protective measure
Residual Data
Business Recovery Timeline
Work Factor
Authentication
35. Pertaining to law - verified as real
Authentic
Rootkit
Critical Functions
Data Hiding
36. Security policy - procedures - and compliance enforcement
Examples of non-technical security components
Brute Force
Uninterruptible Power Supply (UPS)
Parallel Test
37. Dedicated fast memory located on the same board as the CPU
Redundant Array Of Independent Drives (RAID)
Fire Detection
CPU Cache
Data Owner
38. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.
Administrative Access Controls
Distributed Processing
Business Interruption Insurance
Embedded Systems
39. A trusted issuer of digital certificates
Business Continuity Planning (BCP)
Database Shadowing
Certification Authority
Quantitative
40. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
War Dialing
Information Risk Management (IRM)
Complete
SYN Flooding
41. Only the key protects the encrypted information
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
42. State of computer - to be running a process
Operating
Data Backup Strategies
Denial Of Service
Redundant Array Of Independent Drives (RAID)
43. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Byte
Desk Check Test
Orange Book C2 Classification
Governance
44. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Evidence
Operational Test
Data Backup Strategies
Encipher
45. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.
Simulation Test
Access Control Matrix
Need-To-Know
Identification
46. A test conducted on one or more components of a plan under actual operating conditions.
Radio Frequency Interference (RFI)
Operational Test
Access Control Matrix
Encryption
47. Subjects will not interact with each other's objects
Object Oriented Programming (OOP)
Examples of technical security components
Job Rotation
Non-Interference
48. Business and technical process of applying security software updates in a regulated periodic way
Radio Frequency Interference (RFI)
Patch Management
Recovery Time Objectives
Accurate
49. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
SQL Injection
Blackout
Alarm Filtering
Complete
50. Consume resources to a point of exhaustion - loss of availability
Debriefing/Feedback
Simulation Test
Denial Of Service
Emergency Operations Center (EOC)