Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Granular decision by a system of permitting or denying access to a particular resource on the system
Authorization
Dangling Pointer
Incident Response
Preemptive

2. To jump to a conclusion
ITSEC
Inference
Service Bureau
Fiber Optics

3. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.
Work Factor
Plaintext
Identification
Ring Protection

4. An event which stops business from continuing.
Collisions
Exercise
Application Programming Interface
Disaster

5. Highest level of authority at EOC with knowledge of the business process and the resources available
Incident Manager
Bit
Sequence Attacks
False Attack Stimulus

6. OOP concept of a distinct copy of the class
Object
True Attack Stimulus
Incident Response
Overlapping Fragment Attack

7. Control category - more than one control on a single asset
Centralized Access Control Technologies
Authentication
Compensating
Embedded

8. For PKI - to have more than one person in charge of a sensitive function
Failure Modes and Effect Analysis (FEMA)
Patent
Multi-Party Control
Access Control Attacks

9. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.
Noise
Instance
Bit
Access Control Matrix

10. A failure of an IDS to detect an actual attack
Byte Level Deletion
False Negative
Interpreter
Administrative Access Controls

11. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Data Owner
Satellite
Radio Frequency Interference (RFI)
Durability

12. Recovery alternative - complete duplication of services including personnel
Fiber Optics
Risk Assessment / Analysis
Mirrored Site
Common Criteria

13. Recording the Who What When Where How of evidence
Locard's Principle
Chain Of Custody
Incident Response Team
Safeguard

14. A form of data hiding which protects running threads of execution from using each other's memory
Process Isolation
Life Cycle of Evidence
Due Care
IDS Intrusion Detection System

15. Malware that makes small random changes to many data points
Data Diddler
Classification Scheme
Data Leakage
Structured Walk-Through Test

16. Subset of operating systems components dedicated to protection mechanisms
Damage Assessment
5 Rules Of Evidence
Business Interruption Insurance
Security Kernel

17. To know more than one job
Mirrored Site
Fragmented Data
Structured Walkthrough
Cross Training

18. One of the key benefits of a network is the ability to share files stored on the server among several users.
File Sharing
Chain Of Custody
Critical Records
Detective

19. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Cryptology
Electronic Vaulting
Radio Frequency Interference (RFI)
CobiT

20. Two different keys decrypt the same cipher text
Key Clustering
State Machine Model
Database Replication
Full-Interruption test

21. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Encryption
Modification
Salami
Picking

22. False memory reference
Trade Secret
Remanence
Digital Signature
Dangling Pointer

23. Written core statements that rarely change
Directive
Alternate Data Streams (File System Forks)
Policy
Compensating

24. Organized group of compromised computers
Binary
Botnet
Code
Transfer

25. Interception of a communication session by an attacker.
Executive Succession
Mitigate
Algorithm
Hijacking

26. Narrow scope examination of a system
Deadlock
Injection
Adware
Targeted Testing

27. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Service Bureau
Test Plan
Man-In-The-Middle Attack
Orange Book D Classification

28. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Chain of Custody
Authentic
False Attack Stimulus
Fire Prevention

29. A process state - (blocked) needing input before continuing
Wait
Key Management
Remote Journaling
Triage

30. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components
Attacker (Black hat - Hacker)
Plain Text
Masked/Interruptible
Disaster Recovery Teams (Business Recovery Teams)

31. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Simulation
Boot (V.)
Polyalphabetic
Detection

32. To move from location to location - keeping the same function
Threats
Job Rotation
Authentication
Encryption

33. A group or network of honeypots
Site Policy Awareness
File
Honeynet
Territoriality

34. The first rating that requires security labels
Deadlock
Job Training
Orange Book B1 Classification
Common Law

35. Two certificate authorities that trust each other
Site Policy
Supervisor Mode (monitor - system - privileged)
Locard's Principle
Cross Certification

36. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid
Civil Law
The ACID Test
Compartmentalize
Hot Spares

37. The partial or full duplication of data from a source database to one or more destination databases.
Blind Testing
Secondary Storage
Brouter
Database Replication

38. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Buffer Overflow
Operational Exercise
Firewall
Examples of technical security components

39. Requirement to take time off
Business Continuity Steering Committee
Mandatory Vacations
Critical Functions
Fragmented Data

40. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
Digital Certificate
Application Programming Interface
High-Risk Areas
Polyalphabetic

41. Low level - pertaining to planning
Event
Slack Space
Worm
Tactical

42. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
Multi-Programming
Threats
Fragmented Data
Mirrored Site

43. Potential danger to information or systems
Hash Function
Waterfall
Threats
Faraday Cage/ Shield

44. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services
Incident Manager
Proxies
Electronic Vaulting
Access Control Lists

45. Intellectual property protection for an invention
File Shadowing
Activation
Accountability
Patent

46. Policy or stated actions
Redundant Array Of Independent Drives (RAID)
Threats
Due Care
Containment

47. Searching for wireless networks in a moving car.
War Driving
Data Hiding
Dictionary Attack
Symmetric

48. Define the way in which the organization operates.
Proprietary
Preemptive
Log
Total Risk

49. Reduction of voltage by the utility company for a prolonged period of time
Alert/Alarm
Criminal Law
Brownout
Microwave

50. A secure connection to another network.
Gateway
Guidelines
EMI
Orange Book B1 Classification