Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Recovery alternative which outsources a business function at a cost
Private Branch Exchange (PBX)
Log
Service Bureau
Machine Language (Machine Code)

2. To move from location to location - keeping the same function
Databases
Risk
BCP Testing Drills and Exercises
Job Rotation

3. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
Modems
Redundant Servers
Generator
Shielding

4. Continuous surveillance - to provide for detection and response of any failure in preventive controls.
Access Control Attacks
File Extension
Monitor
User Mode (problem or program state)

5. Intellectual property protection for the expression of an idea
Copyright
Data Backups
Simulation Test
Data Dictionary

6. Encryption system using a pair of mathematically related unequal keys
Asymmetric
Source Routing Exploitation
Redundant Servers
Sequence Attacks

7. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.
Protection
Intrusion Prevention Systems
Content Dependent Access Control
Damage Assessment

8. To reduce sudden rises in current
Object Oriented Programming (OOP)
Key Management
Declaration
Surge Suppressor

9. Business and technical process of applying security software updates in a regulated periodic way
Information Technology Security Evaluation Criteria - ITSEC
Code
File Extension
Patch Management

10. High level - pertaining to planning
Strategic
Orange Book B2 Classification
Directive
Database Replication

11. An encryption method that has a key as long as the message
Prevention
Capability Tables
Double Blind Testing
Running Key

12. Unused storage capacity
Polyalphabetic
Test Plan
Voice Over IP (VOIP)
Slack Space

13. DoS - Spoofing - dictionary - brute force - wardialing
Dangling Pointer
Access Control Attacks
Firewalls
Masquerading

14. Intellectual property protection for marketing efforts
Picking
Non-Repudiation
War Dialing
Trademark

15. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Inrush Current
Reciprocal Agreement
Centralized Access Control Technologies
Parallel Test

16. Control category- to discourage an adversary from attempting to access
Deterrent
Denial Of Service
Attacker (Black hat - Hacker)
Encryption

17. Renders the record inaccessible to the database management system
Record Level Deletion
Packet Filtering
Surge Suppressor
Authentic

18. Autonomous malware that requires a flaw in a service
Worm
System Life Cycle
Compartmentalize
Cross Certification

19. Communicate to stakeholders
Spam
Covert Channel
Debriefing/Feedback
Hacker

20. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Redundant Servers
Accurate
Object
Residual Risk

21. A device that provides the functions of both a bridge and a router.
Phishing
Damage Assessment
File
Brouter

22. Quantity of risk remaining after a control is applied
Residual Risk
Public Key Infrastructure (PKI)
One Time Pad
Security Clearance

23. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Cross Certification
Mock Disaster
Key Escrow
Alert

24. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur
Patch Management
3 Types of harm Addressed in computer crime laws
Failure Modes and Effect Analysis (FEMA)
Risk

25. The collection and summation of risk data relating to a particular asset and controls for that asset
Risk Assessment
Full-Interruption test
Service Bureau
Redundant Servers

26. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
Full Test (Full Interruption)
Failure Modes and Effect Analysis (FEMA)
Parallel Test
Job Rotation

27. State of computer - to be running a process
Slack Space
3 Types of harm Addressed in computer crime laws
Operating
Analysis

28. RADIUS - TACACS+ - Diameter
Smurf
Centralized Access Control Technologies
Failure Modes and Effect Analysis (FEMA)
Fragmented Data

29. Control category - more than one control on a single asset
Compensating
Residual Data
Blind Testing
Packet Filtering

30. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.
Replication
Relocation
Cookie
Risk Mitigation

31. Moving letters around
Vital Record
Security Clearance
Permutation /Transposition
Information Owner

32. Trading one for another
Substitution
Acronym for American Standard Code for Information Interchange (ASCII)
Desk Check Test
Honeynet

33. Actions measured against either a policy or what a reasonable person would do
Consistency
Recovery Time Objectives
Elements of Negligence
Due Diligence

34. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
Mirroring
Business Unit Recovery
Call Tree
Atomicity

35. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Walk Though
Journaling
Open Mail Relay Servers
Virtual Memory

36. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Database Shadowing
Administrative Laws
Trusted Computing Base
Phishing

37. A disturbance that degrades performance of electronic devices and electronic communications.
Total Risk
Radio Frequency Interference (RFI)
Strategic
Wireless Fidelity (Wi-Fi )

38. False memory reference
Brute Force
Redundant Array Of Independent Drives (RAID)
Hot Site
Dangling Pointer

39. Pertaining to law - no omissions
Disaster Recovery Plan
Complete
Classification
Domain

40. A backup of data located where staff can gain access readily and a localized disaster will not cause harm
Logic Bomb
Threat Agent
Near Site
On-Site

41. Two different keys decrypt the same cipher text
Layering
Locard's Principle
Spam
Key Clustering

42. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Orange Book D Classification
Bridge
Examples of non-technical security components
Cross-Site Scripting

43. Fault tolerance for power
Generator
Workaround Procedures
Examples of technical security components
Threats

44. To assert or claim credentialing to an authentication system
BCP Testing Drills and Exercises
Databases
Identification
Containment

45. Reprogrammable basic startup instructions
Codec
Firmware
ITSEC
Full-Interruption test

46. Organized group of compromised computers
Substitution
Botnet
Shadowing (file shadowing)
Ring Protection

47. A system designed to prevent unauthorized access to or from a private network.
Firewall
Contingency Plan
Classification Scheme
Rollback

48. Some systems are actually run at the alternate site
Non-Discretionary Access Control
Firewall
E-Mail Spoofing
Parallel Test

49. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
Degauss
Data Dictionary
Disaster Recovery Tape
Prevention

50. One entity with two competing allegiances
Job Rotation
Risk Mitigation
Due Diligence
Conflict Of Interest