SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Criminal Law
Reference Monitor
Orange Book C Classification
Attacker (Black hat - Hacker)
2. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Active Data
Denial Of Service
Alarm Filtering
Locard's Principle
3. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Detective
Uninterruptible Power Supply (UPS)
Non-Discretionary Access Control
Copyright
4. More than one processor sharing same memory - also know as parallel systems
Multi-Processor
Risk Assessment / Analysis
Running Key
Admissible
5. The one person responsible for data - its classification and control setting
Information Owner
Event
Content Dependent Access Control
Interception
6. A system designed to prevent unauthorized access to or from a private network.
Firewall
Targeted Testing
Access Control Matrix
Fault
7. A programming design concept which abstracts one set of functions from another in a serialized fashion
Layering
Redundant Servers
Virus
Cryptography
8. To create a copy of data as a precaution against the loss or damage of the original data.
Test Plan
False Negative
Threat Agent
Backup
9. Information about data or records
Metadata
Administrative Law
Brouter
Electromagnetic Interference (EMI)
10. An individuals conduct that violates government laws developed to protect the public
Capability Tables
Criminal Law
Faraday Cage/ Shield
Exercise
11. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Encipher
Classification
Test Plan
Time Of Check/Time Of Use
12. Most granular organization of controls
Control Category
Civil Or Code Law
Quantitative Risk Analysis
Metadata
13. Individuals and departments responsible for the storage and safeguarding of computerized data.
Data Custodian
Disk Mirroring
Business Continuity Planning (BCP)
Emanations
14. An image compression standard for photographs
JPEG (Joint Photographic Experts Group)
Recovery
Electrostatic Discharge
Disaster
15. A device that converts between digital and analog representation of data.
2-Phase Commit
Surveillance
Business Continuity Planning (BCP)
Modems
16. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Repeaters
Digital Certificate
Executive Succession
Cross Training
17. The managerial approval to operate a system based upon knowledge of risk to operate
Copyright
Durability
Deadlock
Accreditation
18. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data
Byte Level Deletion
Active Data
Containment
Data Marts
19. Objects or programming that looks the different but act same
Polymorphism
Vital Record
Mandatory
CobiT
20. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.
Non-Repudiation
Cryptography
Residual Data
Data Backups
21. An asymmetric cryptography mechanism that provides authentication.
Firewall
Failure Modes and Effect Analysis (FEMA)
Digital Signature
Security Domain
22. Sphere of influence
Examples of technical security components
HTTP Response Splitting
Chain Of Custody
Domain
23. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
Vulnerability
MOM
Blackout
Aggregation
24. To collect many small pieces of data
Multilevel Security System
Aggregation
ISO/IEC 27001
Revocation
25. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Cipher Text
One Time Pad
Operational
Initialization Vector
26. Someone who wants to cause harm
Attacker (Black hat - Hacker)
Structured Walkthrough
Recovery Point Objective (RPO)
Change Control
27. Mathematical function that determines the cryptographic operations
Algorithm
Workaround Procedures
Storage Area Network (SAN)
Injection
28. Part of a transaction control for a database which informs the database of the last recorded transaction
Routers
Checkpoint
Proprietary
Multilevel Security System
29. Unauthorized wireless network access device.
Voice Over IP (VOIP)
Content Dependent Access Control
Ring Protection
Rogue Access Points
30. To segregate for the purposes of labeling
Encapsulation
Governance
Mixed Law System
Compartmentalize
31. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Data Owner
Firewalls
Noise
Domain
32. Lower frequency noise
Cross Certification
Radio Frequency Interference (RFI)
Data Owner
Information Risk Management (IRM)
33. The partial or full duplication of data from a source database to one or more destination databases.
Authentic
Database Replication
Mandatory Vacations
Electromagnetic Interference (EMI)
34. Specific format of technical and physical controls that support the chosen framework and the architecture
Remote Journaling
Waterfall
Salami
Infrastructure
35. Memory management technique which allows data to be moved from one memory address to another
Relocation
Standard
Disaster
Discretionary
36. Reduction of voltage by the utility company for a prolonged period of time
Brownout
Risk Assessment / Analysis
Watermarking
Trapdoors (Backdoors) (Maintenance Hooks)
37. More than one CPU on a single board
Firewall
Checkpoint
Multi-Core
Uninterruptible Power Supply (UPS)
38. A running key using a random key that is never used again
Business Continuity Planning (BCP)
Network Attached Storage (NAS)
Alternate Data Streams (File System Forks)
One Time Pad
39. To assert or claim credentialing to an authentication system
Access Control Matrix
Evidence
Virus
Identification
40. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Business Continuity Planning (BCP)
Patch Panels
Access Control Attacks
Hot Spares
41. To move from location to location - keeping the same function
Job Rotation
Containment
Log
Security Blueprint
42. Communicate to stakeholders
Intrusion Prevention Systems
Debriefing/Feedback
War Dialing
Kerberos
43. A legal enforceable agreement between: two people - two organizations - a person and an organization.
Emanations
Substitution
Tort
Concentrator
44. OOP concept of a class's details to be hidden from object
Mixed Law System
Admissible
File Level Deletion
Encapsulation
45. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Cryptography
Coaxial Cable
Electrostatic Discharge
Multi-Core
46. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Central Processing Unit (CPU)
Steganography
Data Custodian
Reciprocal Agreement
47. Is secondhand and usually not admissible in court
Hearsay Evidence
Damage Assessment
Highly Confidential
Side Channel Attack
48. A database that contains the name - type - range of values - source and authorization for access for each data element
Data Dictionary
Injection
Keyed-Hashing For Message Authentication
ff Site
49. Unsolicited advertising software
System Downtime
Adware
One Time Pad
Keystroke Logging
50. Moving the alphabet intact a certain number spaces
Embedded Systems
Shift Cipher (Caesar)
Least Privilege
Residual Risk
