Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Small data files written to a user's hard drive by a web server.
Sampling
Cookie
Admissible
Alarm Filtering

2. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
Brouter
Denial Of Service
Full Test (Full Interruption)
Secondary Storage

3. Third party processes used to organize the implementation of an architecture
Network Attached Storage (NAS)
CPU Cache
Botnet
Framework

4. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.
File Shadowing
Database Shadowing
Bit
Emergency

5. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Embedded
Voice Over IP (VOIP)
High-Risk Areas
Administrative Access Controls

6. People who interact with assets
Need-To-Know
ISO/IEC 27001
User
Multi-Programming

7. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.
EMI
Protection
Certification
Deleted File

8. Part of a transaction control for a database which informs the database of the last recorded transaction
Man-In-The-Middle Attack
Incident Manager
Checkpoint
Framework

9. Code making
Cryptography
Compartmentalize
Deadlock
Business Interruption

10. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Non-Discretionary Access Control
Algorithm
Patent
Fraggle

11. Maximum tolerance for loss of certain business function - basis of strategy
Integrated Test
Recovery Time Objectives
Service Bureau
Public Key Infrastructure (PKI)

12. Total number of keys available that may be selected by the user of a cryptosystem
Class
Consistency
Key Space
Cross Training

13. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists
Inheritance
File
Liability
Business Records

14. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Sequence Attacks
Call Tree
Admissible
Surge

15. Induces a crime - tricks a person - and is illegal
Computer System Evidence
Administrative Laws
Denial Of Service
Entrapment

16. Renders the file inaccessible to the operating system - available to reuse for data storage.
Analysis
File Level Deletion
UPS
Recovery Time Objectives

17. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Policy
Repeaters
Gateway
Territoriality

18. May be responsible for overall recovery of an organization or unit(s).
Custodian
Mobile Recovery
DR Or BC Coordinator
Crisis

19. Process of statistically testing a data set for the likelihood of relevant information.
Sampling
Blackout
Lattice
Forensic Copy

20. Vehicle or tool that exploits a weakness
Process Isolation
Multilevel Security System
Moore's Law
Threats

21. To evaluate the current situation and make basic decisions as to what to do
UPS
Triage
Key Space
Analysis

22. Uncleared buffers or media
Object Reuse
Man-In-The-Middle Attack
Waterfall
Patch Panels

23. An encryption method that has a key as long as the message
Running Key
Security Blueprint
Incident Manager
Redundant Servers

24. Line by line translation from a high level language to machine code
Risk Assessment / Analysis
Liability
Interpreter
Full Test (Full Interruption)

25. To load the first piece of software that starts a computer.
Keystroke Logging
Classification
Marking
Boot (V.)

26. Potentially retrievable data residue that remains following intended erasure of data.
Multilevel Security System
Remanence
Generator
Network Attached Storage (NAS)

27. Communicate to stakeholders
Business Recovery Team
Debriefing/Feedback
Faraday Cage/ Shield
Watermarking

28. Mediation of covert channels must be addressed
Incident Response
Information Flow Model
IP Fragmentation
ITSEC

29. Control category- to record an adversary's actions
Computer System Evidence
Detective
Exercise
Plaintext

30. Control category- to discourage an adversary from attempting to access
Bridge
Deterrent
State Machine Model
Containment

31. A running key using a random key that is never used again
One Time Pad
Operating
Firewall
Internal Use Only

32. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
Infrastructure
Shielding
Mirroring
Checklist Test

33. Uncheck data input which results in redirection
Virtual Memory
Information Technology Security Evaluation Criteria - ITSEC
IDS Intrusion Detection System
HTTP Response Splitting

34. A form of data hiding which protects running threads of execution from using each other's memory
Detective
Process Isolation
Transients
Trusted Computing Base

35. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
SQL Injection
MOM
Administrative
Centralized Access Control Technologies

36. Unsolicited commercial email
Control Category
Spam
Business Interruption
Microwave

37. Object based description of a single resource and the permission each subject
Firewalls
Critical Functions
Access Control Lists
Conflict Of Interest

38. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Consistency
Alternate Data Streams (File System Forks)
File Server
Satellite

39. Wrong against society
Intrusion Prevention Systems
Deletion
Criminal Law
Mission-Critical Application

40. Two different keys decrypt the same cipher text
On-Site
Key Clustering
Secondary Storage
Enticement

41. One entity with two competing allegiances
Certificate Revocation List (CRL)
Contingency Plan
Alarm Filtering
Conflict Of Interest

42. The problems solving state - the opposite of supervisor mode
Adware
Process Isolation
Cryptography
User Mode (problem or program state)

43. Control category - more than one control on a single asset
Bridge
Compensating
Brouter
Fraggle

44. A software design technique for abstraction of a process
Disaster Recovery Plan
Burn
Data Hiding
Transients

45. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)
Disaster Recovery Teams (Business Recovery Teams)
Contingency Plan
Containment
IP Address Spoofing

46. A basic level of network access control that is based upon information contained in the IP packet header.
Mock Disaster
Packet Filtering
Access Control Matrix
Critical Records

47. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Common Criteria
CobiT
Orange Book B1 Classification
Pointer

48. Forging of an IP address.
IP Address Spoofing
TCSEC (Orange Book)
Notification
Workaround Procedures

49. Mathematical function that determines the cryptographic operations
Intrusion Prevention Systems
Algorithm
Salami
Key Management

50. Return to a normal state
Targeted Testing
Recovery
Coaxial Cable
Cryptanalysis