Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
Residual Risk
File Extension
Criminal Law
Top Secret

2. A passive network attack involving monitoring of traffic.
Smurf
Eavesdropping
Brute Force
Inrush Current

3. Momentary loss of power
Service Bureau
Fault
Operational Impact Analysis
Initialization Vector

4. OOP concept of an object's abilities - what it does
Method
Simulation
Isolation
SYN Flooding

5. The principles a person sets for themselves to follow
Change Control
Ethics
Security Blueprint
Compiler

6. A condition in which neither party is willing to stop their activity for the other to complete
Generator
TNI (Red Book)
Deadlock
Call Tree

7. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Interception
State Machine Model
Byte Level Deletion
Hot Spares

8. A temporary public file to inform others of a compromised digital certificate
Remote Journaling
Near Site
Certificate Revocation List (CRL)
Ethics

9. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
TIFF (Tagged Image File Format)
BCP Testing Drills and Exercises
UPS
Fragmented Data

10. Unauthorized access of network devices.
Physical Tampering
Cache
Operational
Switches

11. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
Information Technology Security Evaluation Criteria - ITSEC
Public Key Infrastructure (PKI)
False (False Positive)
Inrush Current

12. Recording activities at the keyboard level
Plain Text
Keystroke Logging
Analysis
Identification

13. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Recovery Period
Investigation
Active Data
Residual Data

14. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials
Administrative Laws
Alert
Standard
Restoration

15. A process state - (blocked) needing input before continuing
Multi-Processor
Wait
Redundant Servers
Job Rotation

16. To stop damage from spreading
Containment
Criminal Law
Active Data
Fiber Optics

17. A world-wide wireless technology
Concatenation
Wireless Fidelity (Wi-Fi )
Database Shadowing
Classification Scheme

18. A program that waits for a condition or time to occur that executes an inappropriate activity
Instance
Honeynet
Backup
Logic Bomb

19. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Tar Pits
Operational Exercise
Accurate
Infrastructure

20. A state for operating system tasks only
Supervisor Mode (monitor - system - privileged)
Layering
System Life Cycle
Restoration

21. A device that provides the functions of both a bridge and a router.
Switches
Brouter
Isolation
Gateway

22. Alerts personnel to the presence of a fire
Compiler
MOM
Restoration
Fire Detection

23. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Checklist Test (desk check)
Administrative Access Controls
Durability
Strategic

24. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.
Residual Risk
Running
Active Data
Control Type

25. A telephone exchange for a specific office or business.
Alert
Structured Walk-Through Test
Private Branch Exchange (PBX)
Electrostatic Discharge

26. Inference about encrypted communications
Sag/Dip
Side Channel Attack
File Server
Cryptovariable

27. RADIUS - TACACS+ - Diameter
Kerckhoff's Principle
TEMPEST
Centralized Access Control Technologies
Cryptology

28. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Journaling
Man-In-The-Middle Attack
SYN Flooding
Certificate Revocation List (CRL)

29. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Trademark
State Machine Model
TIFF (Tagged Image File Format)
Off-Site Storage

30. To execute more than one instruction at an instant in time
Hearsay
Source Routing Exploitation
Multi-Processing
TNI (Red Book)

31. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Technical Access Controls
Pervasive Computing and Mobile Computing Devices
Transfer
Honeynet

32. An unintended communication path
Collisions
Emergency
Covert Channel
Certification Authority

33. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Reciprocal Agreement
Cipher Text
Coaxial Cable
Business Interruption

34. Vehicle or tool that exploits a weakness
Preemptive
Threats
Alarm Filtering
Electromagnetic Interference (EMI)

35. Most granular organization of controls
Trusted Computing Base
Control Category
Interpreter
HTTP Response Splitting

36. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Internal Use Only
False (False Positive)
Application Programming Interface
3 Types of harm Addressed in computer crime laws

37. Fault tolerance for power
Generator
Cross-Site Scripting
Polyalphabetic
EMI

38. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Malformed Input
Checklist Test (desk check)
Lattice
Call Tree

39. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Shielding
Crisis
Patent
Common Law

40. A legal enforceable agreement between: two people - two organizations - a person and an organization.
Object Reuse
Tort
BCP Testing Drills and Exercises
Key Management

41. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
TCSEC (Orange Book)
Rootkit
Malformed Input
Source Routing Exploitation

42. Information about data or records
Salami
Race Condition
Metadata
Recovery

43. Subject based description of a system or a collection of resources
Tort
Transfer
Capability Tables
Mock Disaster

44. All of the protection mechanism in a computer system
Containment
Trusted Computing Base
Prevention
Identification

45. A database backup type which records at the transaction level
Remote Journaling
Fire Suppression
War Driving
Corrective

46. Ertaining to a number system that has just two unique digits.
Binary
Botnet
Incident Response Team
Teardrop

47. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Recovery
Business Recovery Team
Change Control
Intrusion Detection Systems

48. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
EMI
Residual Risk
Brouter
Cross Certification

49. Mediation of subject and object interactions
Classification Scheme
Crisis
Architecture
Access Control

50. With enough computing power trying all possible combinations
Dictionary Attack
Brute Force
Cryptanalysis
TEMPEST