Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?
Strategic
Voice Over IP (VOIP)
Checklist Test (desk check)
Slack Space

2. Memory management technique which allows data to be moved from one memory address to another
Distributed Denial Of Service
Blind Testing
Primary Storage
Relocation

3. A race condition where the security changes during the object's access
Hearsay
Hub
Contact List
Time Of Check/Time Of Use

4. Autonomous malware that requires a flaw in a service
Concatenation
Worm
Control Type
2-Phase Commit

5. A electronic attestation of identity by a certificate authority
Acronym for American Standard Code for Information Interchange (ASCII)
Deterrent
Multi-Core
Digital Certificate

6. Independent malware that requires user interaction to execute
Electrostatic Discharge
Virus
Risk Mitigation
Criminal Law

7. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
Need-To-Know
Recovery Period
Risk Mitigation
Workaround Procedures

8. A collection of information designed to reduce duplication and increase integrity
Databases
Rootkit
Attacker (Black hat - Hacker)
Dangling Pointer

9. An individuals conduct that violates government laws developed to protect the public
Criminal Law
Chain Of Custody
Backup
Exposure

10. People protect their domain
Prevention
ITSEC
Emergency Operations Center (EOC)
Territoriality

11. A subnetwork with storage devices servicing all servers on the attached network.
Integrated Test
Deadlock
Storage Area Network (SAN)
Emanations

12. Policy or stated actions
Due Care
Discretionary
Administrative Law
Detection

13. Of a system without prior knowledge by the tester or the tested
Data Backups
Accountability
Double Blind Testing
Custodian

14. Someone who want to know how something works - typically by taking it apart
IP Address Spoofing
False Attack Stimulus
Conflict Of Interest
Hacker

15. A group or network of honeypots
Honeynet
Message Digest
Detection
One Time Pad

16. Moving the alphabet intact a certain number spaces
Shift Cipher (Caesar)
Multi-Processing
Worldwide Interoperability for Microwave Access (WI-MAX )
ISO/IEC 27002

17. Requirement to take time off
Education
Mandatory Vacations
Pervasive Computing and Mobile Computing Devices
Strategic

18. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.
Fire Prevention
Critical Records
Plaintext
Storage Area Network (SAN)

19. Encryption system using shared key/private key/single key/secret key
Accurate
Shadowing (file shadowing)
Contact List
Symmetric

20. A control before attack
Identification
Proprietary
Byte Level Deletion
Safeguard

21. Information about a particular data set
Total Risk
Administrative Laws
Metadata
Multi-Processing

22. To stop damage from spreading
File Extension
Emergency
Containment
Cryptology

23. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
Record Level Deletion
Authentic
False Negative
Object Oriented Programming (OOP)

24. Key
Inference
Cryptovariable
Business Interruption
Orange Book C2 Classification

25. Subject based description of a system or a collection of resources
Administrative Law
Separation Of Duties
Capability Tables
Multi-Tasking

26. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
Cryptovariable
Forward Recovery
Marking
Activation

27. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Non-Discretionary Access Control
Polymorphism
Evidence
Access Point

28. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Bit
Control Type
Forensic Copy
Fire Classes

29. Initial surge of current
3 Types of harm Addressed in computer crime laws
Redundant Array Of Independent Drives (RAID)
Inrush Current
Gateway

30. Weak evidence
Technical Access Controls
Lattice
Hearsay
Binary

31. Someone who wants to cause harm
Ethics
Data Dictionary
Attacker (Black hat - Hacker)
Side Channel Attack

32. For PKI - to store another copy of a key
Honeynet
Key Escrow
Masquerading
Processes are Isolated By

33. Pertaining to law - verified as real
File Shadowing
Warm Site
Authentic
Malformed Input

34. Mediation of covert channels must be addressed
Surge
Symmetric
Information Flow Model
Basics Of Secure Design

35. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Logic Bomb
Keystroke Logging
Mirroring
Smurf

36. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.
Consistency
Deleted File
Pointer
Complete

37. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Repeaters
Multi-Processing
Critical Functions
Cold Site

38. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.
File Server
ITSEC
Injection
Orange Book C Classification

39. Pertaining to law - no omissions
Revocation
Double Blind Testing
Complete
Intrusion Detection Systems

40. Malware that makes many small changes over time to a single data point or system
Salami
Computer Forensics
Targeted Testing
Polymorphism

41. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions
Mission-Critical Application
Centralized Access Control Technologies
Integrated Test
Botnet

42. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Acronym for American Standard Code for Information Interchange (ASCII)
Cross Certification
Checklist Test
Business Unit Recovery

43. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Concentrator
Administrative Laws
Mirroring
Digital Certificate

44. A unit of execution
Threads
Relocation
Identification
Waterfall

45. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Residual Risk
Checklist Test (desk check)
Active Data
Standalone Test

46. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Change Control
Governance
Containment
Remote Journaling

47. A world-wide wireless technology
Surge
Prevention
Wireless Fidelity (Wi-Fi )
Permutation /Transposition

48. Uncleared buffers or media
Chain of Custody
Distributed Processing
Object Reuse
Fault Tolerance

49. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
Inference
Worm
Structured Walkthrough
ff Site

50. Controls for termination of attempt to access object
Multi-Processor
Intrusion Prevention Systems
Liability
User Mode (problem or program state)