SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Monitor
Identification
Encipher
Hard Disk
2. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Administrative Access Controls
Firewall
Log
Labeling
3. Autonomous malware that requires a flaw in a service
Admissible
Worm
Data Dictionary
Fault Tolerance
4. Reprogrammable basic startup instructions
Firmware
Assembler
Hijacking
Malformed Input
5. Scrambled form of the message or data
Substitution
Site Policy
Cipher Text
Aggregation
6. Substitution at the word or phrase level
Infrastructure
Capability Tables
Code
2-Phase Commit
7. Lower frequency noise
Radio Frequency Interference (RFI)
File
Education
Contact List
8. Unsolicited commercial email
Generator
Trusted Computing Base
Spam
Patent
9. A BCP testing type - (structured walkthrough) - a test that answers the question: Is everything need for recovery available?
Concatenation
Walk Though
Decipher
Twisted Pair
10. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Accurate
Incident Manager
Technical Access Controls
Disaster
11. Outputs within a given function are the same result
Phishing
Hacker
Collisions
Ring Protection
12. Act of luring an intruder and is legal.
Repeaters
Site Policy
Enticement
Alert/Alarm
13. A secure connection to another network.
Journaling
Kerberos
Domain
Gateway
14. Business and technical process of applying security software updates in a regulated periodic way
Alternate Data Streams (File System Forks)
Non-Discretionary Access Control
Patch Management
Civil Or Code Law
15. A backup type which creates a complete copy
Replication
Due Care
Checkpoint
Change Control
16. Granular decision by a system of permitting or denying access to a particular resource on the system
Blind Testing
Authorization
Dictionary Attack
Maximum Tolerable Downtime (MTD)
17. A device that sequentially switches multiple analog inputs to the output.
Hacker
Malformed Input
Sharing
Multiplexers
18. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Declaration
Recovery Strategy
Safeguard
Injection
19. Organized group of compromised computers
Central Processing Unit (CPU)
Botnet
Internal Use Only
Polymorphism
20. Return to a normal state
Computer System Evidence
Recovery
Fire Suppression
Certification Authority
21. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.
Distributed Denial Of Service
Blackout
Key Escrow
Damage Assessment
22. Try a list of words in passwords or encryption keys
Dictionary Attack
SYN Flooding
Modification
Reciprocal Agreement
23. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.
MOM
Exposure
Honeypot
Contact List
24. Less granular organization of controls -
Radio Frequency Interference (RFI)
Separation Of Duties
Control Type
Electronic Vaulting
25. Subjects will not interact with each other's objects
False (False Positive)
Bumping
IDS Intrusion Detection System
Non-Interference
26. A program that waits for a condition or time to occur that executes an inappropriate activity
Logic Bomb
Separation Of Duties
Data Integrity
Firewalls
27. Calculation encompassing threats - vulnerabilities and assets
Total Risk
Journaling
Standalone Test
Mandatory
28. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Trojan Horse
System Downtime
Workaround Procedures
Deletion
29. Pertaining to law - accepted by a court
SYN Flooding
Admissible
Patch Panels
Technical Access Controls
30. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
Degauss
Computer System Evidence
Bridge
Examples of technical security components
31. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Logic Bomb
Data Backup Strategies
Brute Force
Basics Of Secure Design
32. More than one processor sharing same memory - also know as parallel systems
Technical Access Controls
Restoration
Multi-Processor
Containment
33. Joining two pieces of text
Polymorphism
Side Channel Attack
Concatenation
Salami
34. Requirement of access to data for a clearly defined purpose
Legacy Data
Cookie
Need-To-Know
Hash Function
35. A disturbance that degrades performance of electronic devices and electronic communications.
Radio Frequency Interference (RFI)
Life Cycle of Evidence
Prevention
Object Reuse
36. A layer 2 device that used to connect two or more network segments and regulate traffic.
Switches
ITSEC
Chain of Custody
Identification
37. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Disaster Recovery Tape
Quantitative Risk Analysis
Tactical
Deletion
38. DoS - Spoofing - dictionary - brute force - wardialing
Transfer
Chain of Custody
Access Control Attacks
Metadata
39. Interception of a communication session by an attacker.
Twisted Pair
ISO/IEC 27001
Wait
Hijacking
40. Alerts personnel to the presence of a fire
Machine Language (Machine Code)
Hearsay
Distributed Denial Of Service
Fire Detection
41. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Message Digest
Work Factor
Critical Records
Repeaters
42. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
False (False Positive)
Honeynet
Shielding
Forward Recovery
43. A perpetrator leaves something behind or takes something with them at the scene of a crime
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
44. Written step-by-step actions
Method
Virus
Procedure
Structured Walk-Through Test
45. Asymmetric encryption of a hash of message
Digital Signature
Plan Maintenance Procedures
Object Oriented Programming (OOP)
Business Continuity Steering Committee
46. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Business Recovery Timeline
Operating
Mission-Critical Application
Total Risk
47. A collection of information designed to reduce duplication and increase integrity
EMI
Mandatory Access Control (MAC)
Rollback
Databases
48. Final purpose or result
System Downtime
Transients
Payload
Multi-Programming
49. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
Mandatory Vacations
TNI (Red Book)
Analysis
Locard's Principle
50. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.
Classification Scheme
Internal Use Only
Trademark
Standard