Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Identification
Governance
Initialization Vector
Access Control Lists

2. Uncleared buffers or media
Adware
Object Reuse
File Server
Chain Of Custody

3. Organized group of compromised computers
Object Oriented Programming (OOP)
Simulation
Security Domain
Botnet

4. Dedicated fast memory located on the same board as the CPU
CPU Cache
Wait
Trojan Horse
Authorization

5. System of law based upon precedence - with major divisions of criminal - tort - and administrative
Common Law
False Attack Stimulus
Metadata
Dangling Pointer

6. A device that converts between digital and analog representation of data.
Message Digest
Modems
Malformed Input
Discretionary

7. Summary of a communication for the purpose of integrity
Inrush Current
Message Digest
Labeling
Patent

8. Narrow scope examination of a system
Criminal Law
Targeted Testing
Residual Risk
Denial Of Service

9. OOP concept of a template that consist of attributes and behaviors
Wait
Cookie
Class
Database Replication

10. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Recovery Strategy
Security Kernel
Legacy Data
Recovery

11. Recovery alternative - short-term - high cost movable processing location
Control Type
Residual Data
Logic Bomb
Mobile Site

12. A protocol for the efficient transmission of voice over the Internet
Data Custodian
Patch Management
Enticement
Voice Over IP (VOIP)

13. Pertaining to law - accepted by a court
Object
Admissible
Mock Disaster
Basics Of Secure Design

14. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Contingency Plan
Masked/Interruptible
Policy
Disaster Recovery Tape

15. To reduce fire
Encipher
Mandatory Vacations
Data Custodian
Fire Suppression

16. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Due Care
Reciprocal Agreement
Keystroke Logging
User Mode (problem or program state)

17. Review of data
Digital Signature
Hacker
Incident Handling
Analysis

18. A set of laws that the organization agrees to be bound by
Procedure
Smurf
Administrative Law
Multi-Core

19. A temporary public file to inform others of a compromised digital certificate
Simulation Test
Complete
Certificate Revocation List (CRL)
Isolation

20. A disturbance that degrades performance of electronic devices and electronic communications.
Common Law
Business Interruption
Radio Frequency Interference (RFI)
Incident Response Team

21. Trading one for another
Recovery
Computer System Evidence
Substitution
Site Policy Awareness

22. Two certificate authorities that trust each other
Phishing
Cross Certification
Information Flow Model
Data Custodian

23. Long term knowledge building
Education
Workaround Procedures
Surveillance
Physical Tampering

24. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.
Code
Hash Function
Active Data
Risk Assessment

25. Descrambling the encrypted message with the corresponding key
Honeynet
Decipher
E-Mail Spoofing
Steganography

26. The partial or full duplication of data from a source database to one or more destination databases.
Inference
Directive
Database Replication
Due Diligence

27. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
Risk Mitigation
Deterrent
Multi-Programming
Test Plan

28. Used to code/decode a digital data stream.
Watermarking
Deleted File
Certificate Revocation List (CRL)
Codec

29. Is secondhand and usually not admissible in court
Byte Level Deletion
Electrostatic Discharge
Processes are Isolated By
Hearsay Evidence

30. Planning with a goal of returning to the normal business function
Malformed Input
Accountability
Orange Book C2 Classification
Restoration

31. Substitution at the word or phrase level
Initialization Vector
Steganography
Information Risk Management (IRM)
Code

32. Pertaining to law - high degree of veracity
Need-To-Know
Data Owner
Cross-Site Scripting
Accurate

33. Transaction controls for a database - a return to a previous state
Disaster Recovery Teams (Business Recovery Teams)
Business Continuity Planning (BCP)
Encipher
Rollback

34. Reprogrammable basic startup instructions
Forensic Copy
Copyright
Firmware
Data Hiding

35. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Evidence
Business Records
Checklist Test
Cryptovariable

36. Some systems are actually run at the alternate site
Pervasive Computing and Mobile Computing Devices
Message Digest
Detective
Parallel Test

37. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.
Binary
Fraggle
Content Dependent Access Control
File Server

38. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.
Buffer Overflow
Intrusion Detection Systems
Business Recovery Team
Layering

39. Object based description of a single resource and the permission each subject
Honeynet
Public Key Infrastructure (PKI)
Access Control Lists
Activation

40. Object reuse protection and auditing
Orange Book B2 Classification
System Life Cycle
Orange Book C2 Classification
Recovery Period

41. Claiming another's identity at a physical level
Exercise
Examples of technical security components
Masquerading
Analysis

42. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Classification
Asymmetric
Locard's Principle
Administrative Access Controls

43. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.
Archival Data
Infrastructure
Parallel Test
Operational

44. To break a business process into separate functions and assign to different people
Separation Of Duties
Key Escrow
Liability
Business Records

45. Program instructions based upon the CPU's specific architecture
Alert
Checklist Test (desk check)
Machine Language (Machine Code)
Copyright

46. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Information Risk Management (IRM)
Database Replication
Recovery Point Objective (RPO)
Data Backups

47. Joining two pieces of text
Concatenation
Key Escrow
Activation
Contingency Plan

48. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
Chain Of Custody
Risk
Fire Detection
Mirroring

49. Eight bits.
Byte
Substitution
Multi-Core
Trusted Computing Base

50. Unchecked data which spills into another location in memory
Buffer Overflow
Logic Bomb
TNI (Red Book)
Multi-Processor