Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Process of statistically testing a data set for the likelihood of relevant information.
Database Shadowing
Race Condition
Twisted Pair
Sampling

2. Forging of an IP address.
Locard's Principle
Blind Testing
Business Records
IP Address Spoofing

3. The level and label given to an individual for the purpose of compartmentalization
Full-Interruption test
Botnet
Security Clearance
Object

4. Organization way of classifying data by factors such as criticality - sensitivity and ownership.
Orange Book C2 Classification
Classification Scheme
Chain Of Custody
Centralized Access Control Technologies

5. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
Disaster Recovery Plan
Risk Assessment / Analysis
Data Owner
System Downtime

6. Object based description of a system or a collection of resources
Embedded Systems
The ACID Test
Access Control Matrix
Modification

7. Vehicle stopping object
Bollard
Computer System Evidence
Primary Storage
Information Risk Management (IRM)

8. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components
Masked/Interruptible
Strong Authentication
Redundant Array Of Independent Drives (RAID)
Denial Of Service

9. A design methodology which executes in a linear one way fashion
Plan Maintenance Procedures
Waterfall
Computer Forensics
File

10. People who interact with assets
Coaxial Cable
User
Aggregation
Simulation Test

11. Potentially retrievable data residue that remains following intended erasure of data.
Remanence
Full-Interruption test
Shielding
Labeling

12. A shield against leakage of electromagnetic signals.
Declaration
Faraday Cage/ Shield
Internal Use Only
Information Risk Management (IRM)

13. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
Fiber Optics
Orange Book C2 Classification
Critical Functions
Modems

14. Asymmetric encryption of a hash of message
Orange Book C2 Classification
Total Risk
Digital Signature
Targeted Testing

15. Lower frequency noise
Radio Frequency Interference (RFI)
Incident Response
Source Routing Exploitation
Overlapping Fragment Attack

16. An attack involving the hijacking of a TCP session by predicting a sequence number.
Operating
Service Bureau
Sequence Attacks
Total Risk

17. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Change Control
Critical Infrastructure
Intrusion Detection Systems
Teardrop

18. Potential danger to information or systems
Threats
Data Hiding
Replication
Voice Over IP (VOIP)

19. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.
Access Control Lists
Information Flow Model
Structured Walkthrough
Access Control

20. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Acronym for American Standard Code for Information Interchange (ASCII)
Information Owner
IDS Intrusion Detection System
Civil Or Code Law

21. Converts source code to an executable
Risk Mitigation
Isolation
Compiler
Data Integrity

22. Induces a crime - tricks a person - and is illegal
Aggregation
Entrapment
Binary
Shift Cipher (Caesar)

23. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Time Of Check/Time Of Use
Top Secret
Redundant Array Of Independent Drives (RAID)
Standard

24. High degree of visual control
Damage Assessment
Quantitative
Sag/Dip
Surveillance

25. An alert or alarm that is triggered when no actual attack has taken place
Cross Certification
Plan Maintenance Procedures
User
False (False Positive)

26. Sphere of influence
Domain
Brouter
Elements of Negligence
Journaling

27. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Sniffing
Administrative Access Controls
Gateway
Mantrap (Double Door System)

28. A copy of transaction data - designed for querying and reporting
Data Warehouse
Notification
Tar Pits
Payload

29. Line by line translation from a high level language to machine code
Risk Assessment / Analysis
Physical Tampering
IDS Intrusion Detection System
Interpreter

30. Pertaining to law - high degree of veracity
Business Recovery Team
Accurate
False Attack Stimulus
Event

31. Autonomous malware that requires a flaw in a service
Guidelines
Triage
Worm
Critical Records

32. Trading one for another
Consistency
Interception
Keystroke Logging
Substitution

33. To break a business process into separate functions and assign to different people
Collisions
Residual Risk
Mission-Critical Application
Separation Of Duties

34. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN
Mock Disaster
Architecture
CobiT
Strong Authentication

35. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Hot Spares
EMI
Virus
Active Data

36. Recording the Who What When Where How of evidence
Site Policy
Discretionary
Chain Of Custody
Blind Testing

37. Used to code/decode a digital data stream.
Interception
TIFF (Tagged Image File Format)
Electrostatic Discharge
Codec

38. One way encryption
Hash Function
Internal Use Only
Substitution
Object

39. Periodic - automatic and transparent backup of data in bulk.
Workaround Procedures
Alternate Data Streams (File System Forks)
Electronic Vaulting
Orange Book C2 Classification

40. DoS - Spoofing - dictionary - brute force - wardialing
Running
Operational Test
Access Control Attacks
Emergency Procedures

41. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Algorithm
Containment
Deterrent
Data Recovery

42. High level design or model with a goal of consistency - integrity - and balance
Total Risk
Architecture
Quantitative
Coaxial Cable

43. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Due Care
Asymmetric
Encryption
Cross Training

44. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Eavesdropping
Firewalls
Highly Confidential
Containment

45. Short period of low voltage.
Internal Use Only
Sag/Dip
Operational Test
System Life Cycle

46. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance
Redundant Array Of Independent Drives (RAID)
IP Address Spoofing
Multi-Tasking
Trusted Computing Base

47. An event which stops business from continuing.
Patch Panels
Architecture
Disaster
Business Impact Assessment (BIA)

48. Review of data
Analysis
Chain Of Custody
Birthday Attack
On-Site

49. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Near Site
Forensic Copy
Alert
Storage Area Network (SAN)

50. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Safeguard
IDS Intrusion Detection System
Remote Journaling
Territoriality