Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The principles a person sets for themselves to follow
Ethics
Fiber Optics
Maximum Tolerable Downtime (MTD)
Deadlock

2. Recovery alternative - a building only with sufficient power - and HVAC
Data Backups
Cold Site
Waterfall
Malformed Input

3. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Public Key Infrastructure (PKI)
War Dialing
Multi-Tasking
Crisis

4. Event(s) that cause harm
Access Control Matrix
Incident
Threads
5 Rules Of Evidence

5. A design methodology which executes in a linear one way fashion
Administrative Law
Source Routing Exploitation
Waterfall
Cookie

6. Line noise that is superimposed on the supply circuit.
Wait
Data Dictionary
Transients
Business Impact Analysis

7. A type a computer memory that temporarily stores frequently used information for quick access.
Identification
Cache
Surge
Hearsay Evidence

8. Binary decision by a system of permitting or denying access to the entire system
Authentication
Birthday Attack
Desk Check Test
Archival Data

9. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Mobile Site
Site Policy
User Mode (problem or program state)
Initialization Vector

10. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Recovery Point Objective (RPO)
Recovery
Site Policy Awareness
Bit

11. Inappropriate data
Remote Access Trojan
Malformed Input
Administrative Access Controls
Ring Protection

12. Highest level of authority at EOC with knowledge of the business process and the resources available
Incident Manager
Vital Record
Worldwide Interoperability for Microwave Access (WI-MAX )
Shielding

13. The chance that something negative will occur
Concentrator
Mitigate
Risk
Civil Or Code Law

14. Evaluation of a system without prior knowledge by the tester
Virtual Memory
Log
Security Blueprint
Blind Testing

15. Pertaining to law - lending it self to one side of an argument
Electronic Vaulting
Active Data
Debriefing/Feedback
Convincing

16. A hash that has been further encrypted with a symmetric algorithm
ISO/IEC 27001
Symmetric
Notification
Keyed-Hashing For Message Authentication

17. A state for operating system tasks only
Plan Maintenance Procedures
Public Key Infrastructure (PKI)
Strong Authentication
Supervisor Mode (monitor - system - privileged)

18. Responsibility of a user for the actions taken by their account which requires unique identification
Surveillance
Critical Infrastructure
Substitution
Accountability

19. Just enough access to do the job
Business Recovery Team
Trojan Horse
Least Privilege
Criminal Law

20. Encryption system using a pair of mathematically related unequal keys
Hot Site
Administrative
Asymmetric
Algorithm

21. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress
TCSEC (Orange Book)
Key Management
Physical Tampering
True Attack Stimulus

22. Reduction of voltage by the utility company for a prolonged period of time
Fault Tolerance
Brownout
Exercise
Prevention

23. Firewalls - encryption - and access control lists
MOM
Key Management
Examples of technical security components
Object Reuse

24. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.
Bumping
Security Kernel
Orange Book A Classification
Asymmetric

25. Initial surge of current
Business Impact Assessment (BIA)
Inrush Current
Tar Pits
Due Care

26. Recovery alternative which includes cold site and some equipment and infrastructure is available
Event
Mobile Recovery
Warm Site
Reference Monitor

27. A running key using a random key that is never used again
Encryption
Deadlock
One Time Pad
Crisis

28. A covert storage channel on the file attribute
Wait
Wireless Fidelity (Wi-Fi )
Data Integrity
Alternate Data Streams (File System Forks)

29. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
Tracking
Hijacking
Running Key
Source Routing Exploitation

30. Act of scrambling the cleartext message by using a key.
Total Risk
Recovery Time Objectives
Pervasive Computing and Mobile Computing Devices
Encipher

31. The hard drive
Secondary Storage
System Downtime
Multi-Processor
Supervisor Mode (monitor - system - privileged)

32. Process of statistically testing a data set for the likelihood of relevant information.
Access Point
Sampling
Risk Assessment
Mission-Critical Application

33. Pertaining to law - accepted by a court
Admissible
Worm
Payload
Bit

34. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
Operational Exercise
Asymmetric
Hijacking
The ACID Test

35. Creation distribution update and deletion
Key Management
Digital Certificate
Burn
Rollback

36. The one person responsible for data - its classification and control setting
Degauss
Mirroring
Vulnerability
Information Owner

37. A physical enclosure for verifying identity before entry to a facility
Side Channel Attack
Mantrap (Double Door System)
Accountability
Structured Walkthrough

38. Reprogrammable basic startup instructions
Incident Response
EMI
Firmware
Trade Secret

39. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.
Recovery Period
Control
Deleted File
Change Control

40. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Object Reuse
Exposure
Information Technology Security Evaluation Criteria - ITSEC
Business Continuity Planning (BCP)

41. Trading one for another
Steganography
War Dialing
Substitution
Object Oriented Programming (OOP)

42. To evaluate the current situation and make basic decisions as to what to do
TIFF (Tagged Image File Format)
Mandatory
Triage
Business Unit Recovery

43. Review of data
Checklist Test
Analysis
Data Hiding
Cold Site

44. Pertaining to law - high degree of veracity
Authentic
Code
Secondary Storage
Accurate

45. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Disaster Recovery Tape
Information Risk Management (IRM)
Business Continuity Steering Committee
Processes are Isolated By

46. Hiding the fact that communication has occurred
Mantrap (Double Door System)
Steganography
Business Continuity Steering Committee
Mandatory Access Control (MAC)

47. The property that data meet with a priority expectation of quality and that the data can be relied upon.
Mission-Critical Application
Recovery
Radio Frequency Interference (RFI)
Data Integrity

48. A planned or unplanned interruption in system availability.
System Downtime
Adware
Mirrored Site
Authorization

49. Subset of operating systems components dedicated to protection mechanisms
Security Kernel
Concentrator
Administrative
War Driving

50. System mediation of access with the focus on the context of the request
Preemptive
Process Isolation
Salami
Content Dependent Access Control