Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Renders the file inaccessible to the operating system - available to reuse for data storage.
Hot Spares
File Level Deletion
Chain Of Custody
Patent

2. A subnetwork with storage devices servicing all servers on the attached network.
HTTP Response Splitting
Storage Area Network (SAN)
Conflict Of Interest
Business Recovery Team

3. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Electronic Vaulting
Data Warehouse
Checksum
Encryption

4. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Conflict Of Interest
Quantitative Risk Analysis
Gateway
Authorization

5. Descrambling the encrypted message with the corresponding key
Mission-Critical Application
On-Site
Identification
Decipher

6. Measures followed to restore critical functions following a security incident.
Recovery
Atomicity
Internal Use Only
UPS

7. Fault tolerance for power
UPS
Generator
Mandatory
Crisis

8. A distributed system's transaction control that requires updates to complete or rollback
2-Phase Commit
Bollard
Data Leakage
Mobile Site

9. The problems solving state - the opposite of supervisor mode
Noise
Smurf
User Mode (problem or program state)
Checklist Test (desk check)

10. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Discretionary Access Control (DAC)
Incident Response
Public Key Infrastructure (PKI)
System Downtime

11. Inference about encrypted communications
Side Channel Attack
Interception
Preemptive
Virus

12. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Common Criteria
Simulation Test
Criminal Law
Data Owner

13. Requirement to take time off
Running Key
Multiplexers
Mandatory Vacations
Debriefing/Feedback

14. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.
Proprietary
Contact List
Residual Risk
Rollback

15. Disruption of operation of an electronic device due to a competing electromagnetic field.
Security Kernel
Physical Tampering
EMI
Plan Maintenance Procedures

16. Control category- to give instructions or inform
Trojan Horse
System Downtime
Data Dictionary
Directive

17. To create a copy of data as a precaution against the loss or damage of the original data.
Risk Mitigation
Backup
Inrush Current
Alternate Data Streams (File System Forks)

18. Weakness or flaw in an asset
Security Kernel
Vulnerability
Criminal Law
Deterrent

19. Pertaining to law - verified as real
Authentic
Hash Function
Targeted Testing
Overlapping Fragment Attack

20. Natural occurrence in circuits that are in close proximity
Birthday Attack
Interference (Noise)
SYN Flooding
UPS

21. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Sniffing
Aggregation
Data Dictionary
Concentrator

22. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.
Mobile Site
Architecture
Crisis
Digital Certificate

23. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Byte Level Deletion
ISO/IEC 27001
Warm Site
Recovery Strategy

24. State of computer - to be running a process
Binary
Operating
File
5 Rules Of Evidence

25. Ertaining to a number system that has just two unique digits.
Binary
Uninterruptible Power Supply (UPS)
Database Shadowing
Crisis

26. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
Tactical
Activation
Fire Classes
System Life Cycle

27. Communication of a security incident to stakeholders and data owners.
Mandatory
Tactical
Notification
Polyalphabetic

28. A device that sequentially switches multiple analog inputs to the output.
Data Leakage
Analysis
Multiplexers
Running Key

29. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Separation Of Duties
Structured Walk-Through Test
Gateway
Civil Law

30. A test conducted on one or more components of a plan under actual operating conditions.
Recovery
Modems
Information Technology Security Evaluation Criteria - ITSEC
Operational Test

31. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Cookie
IDS Intrusion Detection System
Security Kernel
Masquerading

32. A template for the designing the architecture
Simulation
Fraggle
Security Blueprint
Site Policy Awareness

33. Firewalls - encryption - and access control lists
Examples of technical security components
Liability
Running Key
Orange Book D Classification

34. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
Firewalls
3 Types of harm Addressed in computer crime laws
Key Escrow
Substitution

35. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Twisted Pair
Slack Space
Processes are Isolated By
Message Digest

36. Claiming another's identity at a physical level
Masquerading
Common Criteria
Territoriality
Control Type

37. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.
Detection
Archival Data
IP Address Spoofing
Business Interruption Insurance

38. Code making
Disaster Recovery Tape
Cryptography
Domain
Technical Access Controls

39. An unintended communication path
Digital Certificate
Covert Channel
Birthday Attack
Tactical

40. A documented battle plan for coordinating response to incidents.
Pervasive Computing and Mobile Computing Devices
Incident Handling
Blind Testing
Cookie

41. To move from location to location - keeping the same function
Satellite
Application Programming Interface
Initialization Vector
Job Rotation

42. A race condition where the security changes during the object's access
Algorithm
Time Of Check/Time Of Use
Record Level Deletion
Hearsay

43. With enough computing power trying all possible combinations
Due Diligence
Trapdoors (Backdoors) (Maintenance Hooks)
Framework
Brute Force

44. Eight bits.
Symmetric
Honeynet
Authorization
Byte

45. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
Packet Filtering
Degauss
Non-Interference
Near Site

46. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Fraggle
Method
Inference
Switches

47. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.
Fire Detection
Orange Book A Classification
Accountability
Metadata

48. The technical and risk assesment of a system within the context of the operating environment
Emergency Operations Center (EOC)
Certification
Investigation
Remote Access Trojan

49. Identification and notification of an unauthorized and/or undesired action
Detection
Access Control Lists
Rootkit
Reciprocal Agreement

50. An availability attack - to consume resources to the point of exhaustion
Digital Certificate
Steganography
Denial Of Service
Event