Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Emergency Procedures
Structured Walk-Through Test
Trade Secret
Blind Testing

2. Renders the record inaccessible to the database management system
Record Level Deletion
Electronic Vaulting
Triage
Risk Mitigation

3. A collection of data or information that has a name
File
UPS
Business Impact Assessment (BIA)
Life Cycle of Evidence

4. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Top Secret
Information Risk Management (IRM)
Fire Suppression
Data Owner

5. For PKI - to have more than one person in charge of a sensitive function
Multi-Party Control
Accountability
Private Branch Exchange (PBX)
IDS Intrusion Detection System

6. A secure connection to another network.
Gateway
Key Management
Business Interruption
Reference Monitor

7. Intermediate level - pertaining to planning
Compensating
ISO/IEC 27001
Satellite
Operational

8. Firewalls - encryption - and access control lists
Procedure
Examples of technical security components
Threads
Mock Disaster

9. Is secondhand and usually not admissible in court
False Attack Stimulus
Hearsay Evidence
Checkpoint
Data Marts

10. Vehicle stopping object
CobiT
Classification
Wait
Bollard

11. A back up type - where the organization has excess capacity in another location.
Liability
Pervasive Computing and Mobile Computing Devices
Cross Certification
Distributed Processing

12. System mediation of access with the focus on the context of the request
Vital Record
Database Replication
SQL Injection
Content Dependent Access Control

13. Pertaining to law - accepted by a court
5 Rules Of Evidence
State Machine Model
Admissible
Structured Walkthrough

14. Memory - RAM
HTTP Response Splitting
Primary Storage
Civil Law
Mission-Critical Application

15. Eavesdropping on network communications by a third party.
Custodian
Content Dependent Access Control
Sniffing
Substitution

16. The level and label given to an individual for the purpose of compartmentalization
Security Clearance
Satellite
Remote Journaling
Preemptive

17. Policy or stated actions
Due Care
Security Clearance
Information Owner
Restoration

18. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
HTTP Response Splitting
Information Technology Security Evaluation Criteria - ITSEC
ff Site
Embedded

19. Power surge
Decipher
Electrostatic Discharge
Isolation
Blackout

20. Requirement to take time off
Overlapping Fragment Attack
Mandatory Vacations
Covert Channel
Deletion

21. OOP concept of a taking attributes from the original or parent
Inheritance
Honeynet
Running
Risk Mitigation

22. To assert or claim credentialing to an authentication system
Identification
Rootkit
Noise
Inheritance

23. Mediation of subject and object interactions
Standalone Test
Access Control
On-Site
File Sharing

24. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Multi-Programming
Alarm Filtering
Hash Function
Business Continuity Planning (BCP)

25. People who interact with assets
Archival Data
User
Sequence Attacks
Control

26. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Evidence
Crisis
Control Type
Top Secret

27. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
IP Fragmentation
Disaster Recovery Plan
Proxies
Stopped

28. Program instructions based upon the CPU's specific architecture
Failure Modes and Effect Analysis (FEMA)
Machine Language (Machine Code)
Active Data
Eavesdropping

29. Memory management technique which allows data to be moved from one memory address to another
Relocation
Checkpoint
Chain of Custody
Layering

30. Security policy - procedures - and compliance enforcement
Examples of non-technical security components
Administrative Law
Object Oriented Programming (OOP)
Chain of Custody

31. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Content Dependent Access Control
Monitor
Primary Storage
Least Privilege

32. The study of cryptography and cryptanalysis
Certificate Revocation List (CRL)
Cryptology
Internal Use Only
Byte

33. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Threat Agent
Workaround Procedures
File
Smurf

34. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Life Cycle of Evidence
Operational Impact Analysis
Dangling Pointer
Surveillance

35. The principles a person sets for themselves to follow
Atomicity
Business Records
Ethics
Permutation /Transposition

36. Granular decision by a system of permitting or denying access to a particular resource on the system
Coaxial Cable
Hearsay
Plaintext
Authorization

37. With enough computing power trying all possible combinations
Brute Force
Bit
Encryption
Key Space

38. Requirement of access to data for a clearly defined purpose
UPS
Need-To-Know
Microwave
Encipher

39. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due
Data Integrity
Elements of Negligence
Inrush Current
Overlapping Fragment Attack

40. An administrative unit or a group of objects and subjects controlled by one reference monitor
Convincing
Security Domain
Operating
Polyalphabetic

41. A system designed to prevent unauthorized access to or from a private network.
Business Recovery Timeline
Compression
Firewall
Remote Access Trojan

42. A risk assessment method - measurable real money cost
Fire Detection
Residual Risk
Quantitative
Security Blueprint

43. To move from location to location - keeping the same function
Job Rotation
Territoriality
Binary
Conflict Of Interest

44. A condition in which neither party is willing to stop their activity for the other to complete
Deadlock
Guidelines
Structured Walk-Through Test
Operational

45. Two certificate authorities that trust each other
BCP Testing Drills and Exercises
Investigation
Privacy Laws
Cross Certification

46. State of computer - to be running a process
Total Risk
Backup
Operating
Administrative Law

47. High level design or model with a goal of consistency - integrity - and balance
Architecture
Cross Training
Data Leakage
Threat Agent

48. For PKI - to store another copy of a key
Proxies
Key Escrow
Incident Handling
Worm

49. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Life Cycle of Evidence
Concatenation
Orange Book D Classification
Certification

50. A subnetwork with storage devices servicing all servers on the attached network.
Plaintext
Data Integrity
Storage Area Network (SAN)
Mandatory Access Control (MAC)