SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
Memory Management
Sampling
Mobile Recovery
Orange Book C2 Classification
2. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Hard Disk
Certification Authority
Microwave
Accreditation
3. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Data Integrity
Administrative Access Controls
Supervisor Mode (monitor - system - privileged)
Information Technology Security Evaluation Criteria - ITSEC
4. More than one process in the middle of executing at a time
Accreditation
Emergency Procedures
Alternate Data Streams (File System Forks)
Multi-Tasking
5. Intellectual property protection for the expression of an idea
Public Key Infrastructure (PKI)
Initialization Vector
Copyright
Liability
6. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
ISO/IEC 27001
Data Backups
Teardrop
Conflict Of Interest
7. Specific format of technical and physical controls that support the chosen framework and the architecture
Containment
Infrastructure
Firmware
Lattice
8. To set the clearance of a subject or the classification of an object
Labeling
Inheritance
Plain Text
Activation
9. A system that enforces an access control policy between two networks.
Acronym for American Standard Code for Information Interchange (ASCII)
Convincing
Slack Space
Firewalls
10. Autonomous malware that requires a flaw in a service
Marking
Recovery Strategy
File Shadowing
Worm
11. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Quantitative
Non-Discretionary Access Control
Compensating
Compartmentalize
12. Summary of a communication for the purpose of integrity
Threats
Phishing
Moore's Law
Message Digest
13. Impossibility of denying authenticity and identity
Non-Repudiation
Shielding
Proxies
Parallel Test
14. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.
Concatenation
Fiber Optics
File Server
Computer Forensics
15. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
Enticement
Remanence
Tracking
Disaster Recovery Plan
16. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Exercise
Data Backups
Mobile Site
Sampling
17. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
Contact List
War Driving
MOM
Administrative Laws
18. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Processes are Isolated By
Examples of non-technical security components
Education
Interception
19. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept
Ring Protection
False Attack Stimulus
Criminal Law
Recovery Point Objective (RPO)
20. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
Spyware
Need-To-Know
Multi-Programming
BCP Testing Drills and Exercises
21. A shield against leakage of electromagnetic signals.
Faraday Cage/ Shield
Checklist Test
Trademark
Analysis
22. The guardian of asset(s) - a maintenance activity
Multi-Tasking
Patch Management
Custodian
Examples of non-technical security components
23. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.
Orange Book C2 Classification
Territoriality
Electronic Vaulting
Rollback
24. Scrambled form of the message or data
Gateway
Restoration
Alert/Alarm
Cipher Text
25. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.
Business Unit Recovery
Transients
Hearsay Evidence
User Mode (problem or program state)
26. Security policy - procedures - and compliance enforcement
Examples of non-technical security components
Declaration
Databases
Orange Book A Classification
27. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Open Mail Relay Servers
Governance
System Downtime
True Attack Stimulus
28. Maintenance procedures outline the process for the review and update of business continuity plans.
Plan Maintenance Procedures
Threat Agent
Disaster Recovery Tape
Control
29. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
File Sharing
Instance
Exposure
Encryption
30. Hardware or software that is part of a larger system
Remote Journaling
False (False Positive)
Embedded
EMI
31. The one person responsible for data - its classification and control setting
TCSEC (Orange Book)
Information Owner
File Level Deletion
Chain Of Custody
32. An alert or alarm that is triggered when no actual attack has taken place
Physical Tampering
Territoriality
Disaster
False (False Positive)
33. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Event
Integrated Test
Alternate Data Streams (File System Forks)
Discretionary Access Control (DAC)
34. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.
Change Control
Threat Agent
Disk Mirroring
Ethics
35. A computer designed for the purpose of studying adversaries
Honeypot
File Extension
Risk Assessment
Active Data
36. Someone who want to know how something works - typically by taking it apart
Mandatory
Access Control Attacks
Hacker
Storage Area Network (SAN)
37. Less granular organization of controls -
Computer System Evidence
Hot Site
Control Type
Deleted File
38. High frequency noise
Administrative Access Controls
Electromagnetic Interference (EMI)
Faraday Cage/ Shield
Security Domain
39. Natural or human-readable form of message
Plain Text
Burn
Brouter
Reciprocal Agreement
40. A documented battle plan for coordinating response to incidents.
Rootkit
Critical Infrastructure
Accreditation
Incident Handling
41. To smooth out reductions or increases in power
Full Test (Full Interruption)
Examples of non-technical security components
UPS
Data Diddler
42. Maximum tolerance for loss of certain business function - basis of strategy
Recovery Time Objectives
Open Mail Relay Servers
Cryptography
Service Bureau
43. Recovery alternative - complete duplication of services including personnel
EMI
Control
Mirrored Site
Risk
44. High degree of visual control
Wireless Fidelity (Wi-Fi )
Surveillance
Computer Forensics
Multi-Tasking
45. Hiding the fact that communication has occurred
Encryption
Disaster Recovery Teams (Business Recovery Teams)
Ethics
Steganography
46. Most granular organization of controls
Interception
Notification
True Attack Stimulus
Control Category
47. Quantity of risk remaining after a control is applied
SQL Injection
Process Isolation
Residual Risk
Business Interruption Insurance
48. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.
Contact List
Backup
Orange Book A Classification
Notification
49. Process whereby data is removed from active files and other data storage structures
Deletion
Crisis
Isolation
Classification Scheme
50. False memory reference
Monitor
Eavesdropping
Dangling Pointer
Permutation /Transposition
