SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Certified Information Systems Security Professional
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The managerial approval to operate a system based upon knowledge of risk to operate
One Time Pad
Multi-Programming
Key Escrow
Accreditation
2. OOP concept of a distinct copy of the class
Authentic
Authentication
Object
Data Recovery
3. A design methodology which executes in a linear one way fashion
Common Criteria
Due Diligence
Waterfall
5 Rules Of Evidence
4. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Distributed Processing
Highly Confidential
Generator
Risk
5. Initial surge of current
Inrush Current
Targeted Testing
Digital Signature
Encapsulation
6. Computing power will double every 18 months
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
7. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Custodian
Critical Records
Concentrator
False Negative
8. OOP concept of a template that consist of attributes and behaviors
Class
Administrative Law
Codec
Database Replication
9. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Plaintext
Metadata
Protection
Standalone Test
10. For PKI - to store another copy of a key
Site Policy
Reference Monitor
Hacker
Key Escrow
11. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
Hearsay Evidence
Encipher
Processes are Isolated By
Threat Agent
12. Weakness or flaw in an asset
Emergency
Vulnerability
Microwave
Spam
13. A condition in which neither party is willing to stop their activity for the other to complete
Analysis
Deadlock
Logic Bomb
Firewalls
14. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Discretionary Access Control (DAC)
Standard
Checklist Test (desk check)
Object
15. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Smurf
Encryption
Administrative Access Controls
Noise
16. Intermediate level - pertaining to planning
Databases
Teardrop
Operational
Masquerading
17. A program that waits for a condition or time to occur that executes an inappropriate activity
Mandatory Vacations
Logic Bomb
Restoration
Restoration
18. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.
Waterfall
Content Dependent Access Control
Business Recovery Team
Critical Records
19. Indivisible - data field must contain only one value that either all transactions take place or none do
Record Level Deletion
Atomicity
Business Recovery Team
Sniffing
20. Those who initiate the attack
Technical Access Controls
Multi-Core
Monitor
Threat Agent
21. To segregate for the purposes of labeling
Injection
Attacker (Black hat - Hacker)
Compartmentalize
Top Secret
22. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Identification
Corrective
Information Risk Management (IRM)
Control Category
23. The core of a computer that calculates
Transients
Worm
Central Processing Unit (CPU)
Centralized Access Control Technologies
24. A template for the designing the architecture
Stopped
Multi-Tasking
Security Blueprint
Admissible
25. A risk assessment method - intrinsic value
Alternate Site
Business Recovery Timeline
Masked/Interruptible
Qualitative
26. Statistical probabilities of a collision are more likely than one thinks
Birthday Attack
Remote Access Trojan
Data Owner
Data Dictionary
27. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
Computer System Evidence
Residual Risk
Memory Management
Adware
28. The partial or full duplication of data from a source database to one or more destination databases.
Job Rotation
Conflict Of Interest
Database Replication
Change Control
29. Two different keys decrypt the same cipher text
Key Clustering
Access Control Attacks
Business Impact Analysis
Hearsay Evidence
30. Just enough access to do the job
Trade Secret
Least Privilege
Vital Record
Remote Access Trojan
31. Pertaining to law - no omissions
Discretionary
Complete
Masquerading
Prevention
32. Unsolicited advertising software
Mandatory Vacations
Business Impact Analysis
Discretionary Access Control (DAC)
Adware
33. To create a copy of data as a precaution against the loss or damage of the original data.
Multi-Tasking
Operational
Radio Frequency Interference (RFI)
Backup
34. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Surge Suppressor
Pervasive Computing and Mobile Computing Devices
Asymmetric
Patch Panels
35. The problems solving state - the opposite of supervisor mode
Reference Monitor
Fire Suppression
Birthday Attack
User Mode (problem or program state)
36. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Certification Authority
Worm
Evidence
CPU Cache
37. An image compression standard for photographs
JPEG (Joint Photographic Experts Group)
Interference (Noise)
Worm
Detective
38. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
Botnet
High-Risk Areas
Backup
Recovery
39. Transaction controls for a database - a return to a previous state
Trapdoors (Backdoors) (Maintenance Hooks)
Application Programming Interface
Custodian
Rollback
40. Business and technical process of applying security software updates in a regulated periodic way
Embedded Systems
Protection
Side Channel Attack
Patch Management
41. Employment education done once per position or at significant change of function
Storage Area Network (SAN)
Job Training
TEMPEST
Consistency
42. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Metadata
Framework
Business Impact Analysis
ITSEC
43. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Job Rotation
Open Mail Relay Servers
Declaration
Risk Assessment
44. Amount of time for restoring a business process or function to normal operations without major loss
Internal Use Only
Log
Maximum Tolerable Downtime (MTD)
Exercise
45. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Incident Response
Phishing
BCP Testing Drills and Exercises
Interception
46. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Computer Forensics
Digital Certificate
Data Dictionary
Alert
47. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Remanence
Polymorphism
Civil Law
Content Dependent Access Control
48. Pertaining to law - accepted by a court
Firewall
Admissible
Distributed Denial Of Service
Convincing
49. A state where two subjects can access the same object without proper mediation
Emanations
Microwave
Race Condition
Restoration
50. Recovery alternative - complete duplication of services including personnel
Sniffing
Race Condition
Mirrored Site
Substitution