Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
Liability
Sag/Dip
CobiT
Collisions

2. A risk assessment method - measurable real money cost
Discretionary
IDS Intrusion Detection System
Life Cycle of Evidence
Quantitative

3. To set the clearance of a subject or the classification of an object
Operational Exercise
Labeling
Cryptography
Trade Secret

4. Responsibility for actions
Quantitative
Job Rotation
Liability
Change Control

5. Specific format of technical and physical controls that support the chosen framework and the architecture
System Life Cycle
Infrastructure
Mock Disaster
Convincing

6. Individuals and departments responsible for the storage and safeguarding of computerized data.
Data Custodian
Detective
Hearsay
Microwave

7. Unsolicited advertising software
Faraday Cage/ Shield
Ethics
Adware
Sag/Dip

8. High degree of visual control
Surveillance
Full Test (Full Interruption)
Recovery Period
Dangling Pointer

9. Consume resources to a point of exhaustion - loss of availability
EMI
Denial Of Service
Trusted Computing Base
Emergency Operations Center (EOC)

10. Recovery alternative which includes cold site and some equipment and infrastructure is available
Off-Site Storage
Packet Filtering
Key Space
Warm Site

11. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things
Disk Mirroring
Metadata
MOM
Site Policy Awareness

12. A distributed system's transaction control that requires updates to complete or rollback
2-Phase Commit
Risk Mitigation
Cryptanalysis
Overlapping Fragment Attack

13. Memory management technique that allows two processes to run concurrently without interaction
Preemptive
User
Declaration
Protection

14. Try a list of words in passwords or encryption keys
Dictionary Attack
Chain of Custody
Identification
Evidence

15. OOP concept of a class's details to be hidden from object
Cache
Fragmented Data
Interference (Noise)
Encapsulation

16. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Phishing
Executive Succession
Coaxial Cable
Consistency

17. A legal enforceable agreement between: two people - two organizations - a person and an organization.
Business Interruption Insurance
Tort
Work Factor
Shielding

18. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Highly Confidential
Conflict Of Interest
Alert/Alarm
Masquerading

19. An event which stops business from continuing.
Workaround Procedures
Interpreter
Supervisor Mode (monitor - system - privileged)
Disaster

20. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.
Hacker
Fiber Optics
False Attack Stimulus
Data Dictionary

21. The technical and risk assesment of a system within the context of the operating environment
Dangling Pointer
Intrusion Detection Systems
TEMPEST
Certification

22. Information about a particular data set
Business Recovery Timeline
Metadata
Policy
Data Marts

23. Firewalls - encryption - and access control lists
Voice Over IP (VOIP)
Data Hiding
Examples of technical security components
Restoration

24. For PKI - decertify an entities certificate
Confidence Value
Hub
Certification
Revocation

25. Recording activities at the keyboard level
Restoration
Checklist Test
Public Key Infrastructure (PKI)
Keystroke Logging

26. All of the protection mechanism in a computer system
Trusted Computing Base
True Attack Stimulus
UPS
Access Control Attacks

27. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
Data Backups
Fault Tolerance
Forensic Copy
Convincing

28. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc
Masked/Interruptible
Detection
Critical Infrastructure
SYN Flooding

29. A electronic attestation of identity by a certificate authority
Compensating
Blind Testing
Digital Certificate
Tracking

30. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
TNI (Red Book)
Recovery Point Objective (RPO)
Process Isolation
Layering

31. Using many alphabets
Spam
Polyalphabetic
Voice Over IP (VOIP)
Database Shadowing

32. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
Non-Discretionary Access Control
Degauss
Surveillance
IP Address Spoofing

33. Deals with discretionary protection
Orange Book C Classification
Threats
Damage Assessment
Event

34. Uncheck data input which results in redirection
Failure Modes and Effect Analysis (FEMA)
Algorithm
HTTP Response Splitting
Degauss

35. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Cross Training
Call Tree
Recovery Period
Waterfall

36. The chance that something negative will occur
Locard's Principle
Risk
Mission-Critical Application
Code

37. Measures followed to restore critical functions following a security incident.
Mock Disaster
Recovery
EMI
Remote Journaling

38. Total number of keys available that may be selected by the user of a cryptosystem
Transients
Key Space
UPS
Intrusion Prevention Systems

39. A template for the designing the architecture
Buffer Overflow
Site Policy
Security Blueprint
Record Level Deletion

40. The partial or full duplication of data from a source database to one or more destination databases.
Due Diligence
Deletion
Database Replication
Public Key Infrastructure (PKI)

41. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Reciprocal Agreement
Rogue Access Points
Control Type
Cipher Text

42. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Workaround Procedures
Common Law
Information Technology Security Evaluation Criteria - ITSEC
Deletion

43. Weakness or flaw in an asset
Overlapping Fragment Attack
Separation Of Duties
Checklist Test
Vulnerability

44. Property that data is represented in the same manner at all times
Consistency
Incident Response Team
Surveillance
Patch Management

45. Two certificate authorities that trust each other
Cross Certification
Inheritance
Certificate Revocation List (CRL)
Routers

46. Objects or programming that looks the different but act same
Polymorphism
Denial Of Service
Journaling
Cookie

47. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas
Uninterruptible Power Supply (UPS)
Quantitative Risk Analysis
Backup
Incident Response Team

48. Sudden rise in voltage in the power supply.
Authorization
Legacy Data
Recovery
Surge

49. Tool which mediates access
Fragmented Data
Control
Protection
Elements of Negligence

50. Act of luring an intruder and is legal.
Archival Data
Cross Certification
Enticement
Trusted Computing Base