Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Mobile Recovery
Test Plan
Watermarking
File Server

2. A physical enclosure for verifying identity before entry to a facility
Digital Signature
Mantrap (Double Door System)
Cipher Text
Business Recovery Team

3. To evaluate the current situation and make basic decisions as to what to do
Digital Signature
Life Cycle of Evidence
Picking
Triage

4. Event(s) that cause harm
Digital Certificate
Incident
One Time Pad
Archival Data

5. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Concentrator
Central Processing Unit (CPU)
Fault Tolerance
Quantitative Risk Analysis

6. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Desk Check Test
Internal Use Only
Exercise
Change Control

7. Controls for logging and alerting
Intrusion Detection Systems
Liability
Operational Exercise
Embedded Systems

8. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Routers
Uninterruptible Power Supply (UPS)
Blackout
Fire Suppression

9. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Rootkit
Operational Exercise
Proxies
Confidence Value

10. A choice in risk management - to convince another to assume risk - typically by payment
Time Of Check/Time Of Use
Application Programming Interface
Blackout
Transfer

11. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
False (False Positive)
Multi-Programming
ISO/IEC 27002
Incident

12. To create a copy of data as a precaution against the loss or damage of the original data.
Replication
Object Oriented Programming (OOP)
Backup
On-Site

13. Another subject cannot see an ongoing or pending update until it is complete
Data Backup Strategies
Isolation
Running Key
Routers

14. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.
Remote Access Trojan
Trapdoors (Backdoors) (Maintenance Hooks)
Structured Walkthrough
File Shadowing

15. Responsibility of a user for the actions taken by their account which requires unique identification
Accountability
Modems
Control Category
Worm

16. An unintended communication path
Orange Book B2 Classification
Covert Channel
Secondary Storage
Layering

17. Recording activities at the keyboard level
Byte Level Deletion
Hacker
Keystroke Logging
DR Or BC Coordinator

18. More than one processor sharing same memory - also know as parallel systems
Multi-Processor
Fiber Optics
Repeaters
Risk Assessment

19. Converts source code to an executable
Concatenation
Life Cycle of Evidence
Mirroring
Compiler

20. System directed mediation of access with labels
Prevention
Directive
Mandatory
Birthday Attack

21. Weak evidence
Birthday Attack
Hearsay
Byte
Structured Walk-Through Test

22. A structured group of teams ready to take control of the recovery operations if a disaster should occur.
Workaround Procedures
File Extension
Disaster Recovery Teams (Business Recovery Teams)
Checklist Test

23. Of a system without prior knowledge by the tester or the tested
Directive
Plan Maintenance Procedures
Double Blind Testing
Threats

24. Uncleared buffers or media
Byte
Bollard
Shift Cipher (Caesar)
Object Reuse

25. Control category- to discourage an adversary from attempting to access
Disaster Recovery Tape
Deterrent
Access Point
Inheritance

26. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.
Dictionary Attack
Off-Site Storage
Recovery
Separation Of Duties

27. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Object Reuse
Electromagnetic Interference (EMI)
Fraggle
Race Condition

28. Wrong against society
War Driving
Algorithm
Education
Criminal Law

29. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.
Recovery Period
Non-Repudiation
Lattice
Deleted File

30. Try a list of words in passwords or encryption keys
Least Privilege
Data Dictionary
Business Recovery Team
Dictionary Attack

31. Encryption system using shared key/private key/single key/secret key
Microwave
Symmetric
Log
Critical Functions

32. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Hearsay
TIFF (Tagged Image File Format)
Incident
Legacy Data

33. Controls for termination of attempt to access object
Incident Response
Administrative Law
Intrusion Prevention Systems
Contact List

34. A programming design concept which abstracts one set of functions from another in a serialized fashion
3 Types of harm Addressed in computer crime laws
Brouter
Layering
Preemptive

35. A record that must be preserved and available for retrieval if needed.
Authentic
Recovery Time Objectives
Vital Record
Active Data

36. A layer 3 device that used to connect two or more network segments and regulate traffic.
Routers
Ethics
Database Shadowing
Desk Check Test

37. Just enough access to do the job
Salami
Least Privilege
Emanations
Shadowing (file shadowing)

38. Potential danger to information or systems
Threats
CPU Cache
Marking
File Server

39. Methodical research of an incident with the purpose of finding the root cause
Alert/Alarm
Investigation
Trade Secret
Machine Language (Machine Code)

40. Final purpose or result
Payload
Slack Space
Incident Response Team
Kerckhoff's Principle

41. The level and label given to an individual for the purpose of compartmentalization
File Sharing
MOM
Birthday Attack
Security Clearance

42. Only the key protects the encrypted information

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

43. Interception of a communication session by an attacker.
Life Cycle of Evidence
Hijacking
Remote Access Trojan
Business Recovery Team

44. A programming device use in development to circumvent controls
Executive Succession
Trapdoors (Backdoors) (Maintenance Hooks)
Data Dictionary
User Mode (problem or program state)

45. Total number of keys available that may be selected by the user of a cryptosystem
Blackout
Centralized Access Control Technologies
Key Space
TEMPEST

46. Something that happened
JPEG (Joint Photographic Experts Group)
Initialization Vector
Criminal Law
Event

47. OOP concept of an object's abilities - what it does
Plain Text
Pointer
Data Leakage
Method

48. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.
Site Policy
Compression
Surge
Simulation Test

49. A program that waits for a condition or time to occur that executes an inappropriate activity
Data Hiding
Data Owner
Logic Bomb
Convincing

50. Information about a particular data set
Byte
Metadata
Structured Walk-Through Test
Change Control