Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Eavesdropping on network communications by a third party.
Emergency Procedures
Patch Management
Tapping
Plaintext

2. A process state - to be executing a process on the CPU
Algorithm
Near Site
Running
Domain

3. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Multi-Tasking
Blind Testing
TNI (Red Book)
Chain of Custody

4. A disturbance that degrades performance of electronic devices and electronic communications.
Codec
Access Control
War Driving
Radio Frequency Interference (RFI)

5. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
File Extension
Byte Level Deletion
Tar Pits
False Negative

6. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
Embedded Systems
Cross Training
Risk
Masquerading

7. A temporary public file to inform others of a compromised digital certificate
Certificate Revocation List (CRL)
Collisions
Tapping
Operational Impact Analysis

8. Regular operations are stopped and where processing is moved to the alternate site.
Incident Handling
Authentication
Encryption
Full-Interruption test

9. A trusted issuer of digital certificates
Certification Authority
Content Dependent Access Control
TNI (Red Book)
Recovery Point Objective (RPO)

10. A world-wide wireless technology
Wireless Fidelity (Wi-Fi )
IP Address Spoofing
Coaxial Cable
2-Phase Commit

11. A unit of execution
Remote Journaling
Need-To-Know
Threads
ISO/IEC 27001

12. Recovery alternative - short-term - high cost movable processing location
Mobile Site
Confidence Value
Picking
Dangling Pointer

13. A device that provides the functions of both a bridge and a router.
Examples of non-technical security components
Elements of Negligence
Brouter
Forensic Copy

14. Location to perform the business function
Alternate Site
IP Fragmentation
Enticement
Declaration

15. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities
Security Domain
Permutation /Transposition
Checklist Test
Private Branch Exchange (PBX)

16. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Security Kernel
Evidence
Tapping
Multi-Core

17. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Quantitative Risk Analysis
Database Shadowing
Faraday Cage/ Shield
HTTP Response Splitting

18. Evaluation of a system without prior knowledge by the tester
Data Backups
Standalone Test
Blind Testing
Coaxial Cable

19. A database backup type which records at the transaction level
Common Law
Remote Journaling
Degauss
Incident Response Team

20. Mathematical function that determines the cryptographic operations
Spam
Algorithm
Forensic Copy
Surge Suppressor

21. A mathematical tool for verifying no unintentional changes have been made
Civil Or Code Law
Call Tree
Checksum
Alert/Alarm

22. Moving the alphabet intact a certain number spaces
Spyware
Shift Cipher (Caesar)
Compartmentalize
Initialization Vector

23. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.
Teardrop
Mandatory Vacations
Deadlock
CobiT

24. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Due Care
War Dialing
Business Continuity Steering Committee
Rollback

25. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Risk Assessment / Analysis
Business Recovery Timeline
Due Diligence
Wait

26. Responsibility for actions
Discretionary
Liability
Primary Storage
Near Site

27. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Simulation
Salami
Maximum Tolerable Downtime (MTD)
Hijacking

28. Intermediate level - pertaining to planning
Encapsulation
Operational
Activation
Operational Exercise

29. Two certificate authorities that trust each other
Method
Cross Certification
Incident
Standard

30. Natural occurrence in circuits that are in close proximity
Uninterruptible Power Supply (UPS)
Administrative Laws
Interference (Noise)
Concentrator

31. RADIUS - TACACS+ - Diameter
File Extension
Centralized Access Control Technologies
Object Reuse
Critical Functions

32. Indivisible - data field must contain only one value that either all transactions take place or none do
Atomicity
Guidelines
Enticement
Orange Book A Classification

33. One entity with two competing allegiances
Criminal Law
Forward Recovery
Business Interruption Insurance
Conflict Of Interest

34. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress
User
Consistency
Examples of technical security components
True Attack Stimulus

35. A distributed system's transaction control that requires updates to complete or rollback
System Downtime
False Attack Stimulus
Central Processing Unit (CPU)
2-Phase Commit

36. Momentary loss of power
Fault
System Downtime
Conflict Of Interest
Call Tree

37. Process of statistically testing a data set for the likelihood of relevant information.
Sampling
Routers
Message Digest
Side Channel Attack

38. Specific format of technical and physical controls that support the chosen framework and the architecture
Tactical
Fiber Optics
Embedded
Infrastructure

39. A backup of data located where staff can gain access immediately
Injection
Tar Pits
On-Site
Mission-Critical Application

40. A design methodology which addresses risk early and often
Standard
Ethics
Object
Spiral

41. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?
Checklist Test (desk check)
Picking
Governance
Recovery

42. A condition in which neither party is willing to stop their activity for the other to complete
Masquerading
Sharing
Disaster Recovery Tape
Deadlock

43. Reduction of voltage by the utility company for a prolonged period of time
Alarm Filtering
Brownout
Certification
Disaster

44. To set the clearance of a subject or the classification of an object
Trojan Horse
Alarm Filtering
Access Control
Labeling

45. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Algorithm
Residual Risk
Supervisor Mode (monitor - system - privileged)
Analysis

46. Subject based description of a system or a collection of resources
Capability Tables
Radio Frequency Interference (RFI)
Call Tree
Governance

47. A collection of data or information that has a name
Data Dictionary
2-Phase Commit
File
Information Risk Management (IRM)

48. People who interact with assets
Authorization
User
Multi-Processor
Primary Storage

49. An individuals conduct that violates government laws developed to protect the public
Criminal Law
Cache
Isolation
Spyware

50. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
Capability Tables
Forward Recovery
Multi-Programming
Internal Use Only