Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To start business continuity processes
Process Isolation
Steganography
Criminal Law
Activation

2. Encryption system using shared key/private key/single key/secret key
ISO/IEC 27002
Fire Prevention
Symmetric
Business Records

3. Act of scrambling the cleartext message by using a key.
Deleted File
Electrostatic Discharge
Encipher
Executive Succession

4. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Interception
Recovery Time Objectives
Boot (V.)
Pervasive Computing and Mobile Computing Devices

5. A program with an inappropriate second purpose
Multi-Party Control
Operational Test
Trojan Horse
Buffer Overflow

6. A layer 3 device that used to connect two or more network segments and regulate traffic.
Legacy Data
Routers
Administrative
Isolation

7. Long term knowledge building
Desk Check Test
Education
Administrative Laws
Directive

8. Malware that makes small random changes to many data points
High-Risk Areas
Mantrap (Double Door System)
Examples of technical security components
Data Diddler

9. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.
High-Risk Areas
Business Continuity Planning (BCP)
Identification
Cryptanalysis

10. Alerts personnel to the presence of a fire
Fire Detection
Key Escrow
Centralized Access Control Technologies
Eavesdropping

11. For PKI - to store another copy of a key
Fire Suppression
Method
Authentication
Key Escrow

12. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware
Cross-Site Scripting
Hot Site
Information Owner
True Attack Stimulus

13. One way encryption
Generator
Control Type
Civil Or Code Law
Hash Function

14. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Orange Book D Classification
Switches
Disaster Recovery Plan
File

15. Claiming another's identity at a physical level
Access Control Lists
Checklist Test (desk check)
Crisis
Masquerading

16. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.
Security Clearance
Risk Assessment / Analysis
Work Factor
Forensic Copy

17. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Modification
Warm Site
Disk Mirroring
Declaration

18. Process whereby data is removed from active files and other data storage structures
Aggregation
Emergency Operations Center (EOC)
Deletion
Twisted Pair

19. Outputs within a given function are the same result
Protection
Hearsay
Journaling
Collisions

20. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Alarm Filtering
Recovery Period
IDS Intrusion Detection System
Embedded Systems

21. Abstract and mathematical in nature - defining all possible states - transitions and operations
State Machine Model
Virtual Memory
Executive Succession
Blind Testing

22. Lower frequency noise
Object Oriented Programming (OOP)
Information Risk Management (IRM)
Checklist Test
Radio Frequency Interference (RFI)

23. A basic level of network access control that is based upon information contained in the IP packet header.
Packet Filtering
Operational Exercise
Business Unit Recovery
Buffer Overflow

24. Memory management technique which allows data to be moved from one memory address to another
Compression
Forward Recovery
Packet Filtering
Relocation

25. A copy of transaction data - designed for querying and reporting
Fire Detection
Operating
Data Warehouse
Total Risk

26. A risk assessment method - measurable real money cost
Common Criteria
Virtual Memory
Vulnerability
Quantitative

27. Review of data
Multi-Programming
Incident Response Team
Operational Test
Analysis

28. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Desk Check Test
Bumping
EMI
Keystroke Logging

29. People who interact with assets
Gateway
Encipher
User
Public Key Infrastructure (PKI)

30. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.
Due Care
Damage Assessment
Strong Authentication
Concatenation

31. Code making
Framework
Buffer Overflow
Cryptography
Analysis

32. An asymmetric cryptography mechanism that provides authentication.
Executive Succession
Digital Signature
Bollard
Remote Journaling

33. Planning with a goal of returning to the normal business function
Certification
Key Clustering
Business Interruption Insurance
Restoration

34. A passive network attack involving monitoring of traffic.
Exercise
Eavesdropping
Data Owner
Hot Site

35. Define the way in which the organization operates.
Authentic
Proprietary
Mixed Law System
Fire Suppression

36. An availability attack - to consume resources to the point of exhaustion from multiple vectors
Sag/Dip
Distributed Denial Of Service
Metadata
Authorization

37. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Tar Pits
Separation Of Duties
Discretionary Access Control (DAC)
Mitigate

38. A system designed to prevent unauthorized access to or from a private network.
Corrective
Walk Though
Firewall
ISO/IEC 27002

39. Indivisible - data field must contain only one value that either all transactions take place or none do
Tactical
UPS
Atomicity
Strategic

40. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.
Compartmentalize
Test Plan
Off-Site Storage
Orange Book B2 Classification

41. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
Patch Management
Processes are Isolated By
3 Types of harm Addressed in computer crime laws
Containment

42. Statistical probabilities of a collision are more likely than one thinks
Criminal Law
Key Escrow
Open Mail Relay Servers
Birthday Attack

43. Substitution at the word or phrase level
Risk Mitigation
BCP Testing Drills and Exercises
Code
Steganography

44. Identification and notification of an unauthorized and/or undesired action
Business Interruption
Wait
Collisions
Detection

45. A database that contains the name - type - range of values - source and authorization for access for each data element
Data Dictionary
Integrated Test
Business Interruption
Recovery

46. The level and label given to an individual for the purpose of compartmentalization
Mandatory Vacations
Security Clearance
HTTP Response Splitting
Adware

47. A computer designed for the purpose of studying adversaries
Mantrap (Double Door System)
False Negative
Cross Certification
Honeypot

48. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination
Operating
Legacy Data
Man-In-The-Middle Attack
Identification

49. Employment education done once per position or at significant change of function
Recovery Period
Job Training
Primary Storage
Smurf

50. Memory - RAM
Administrative Law
Primary Storage
Alternate Site
Inference