Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Reduces causes of fire
Sequence Attacks
Debriefing/Feedback
Fire Prevention
Hot Spares

2. Malware that makes small random changes to many data points
Mirrored Site
SQL Injection
Wait
Data Diddler

3. A temporary public file to inform others of a compromised digital certificate
Certificate Revocation List (CRL)
Emanations
Mobile Site
Trade Secret

4. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.
Sampling
One Time Pad
Computer System Evidence
Full-Interruption test

5. System of law based upon precedence - with major divisions of criminal - tort - and administrative
Residual Risk
Common Law
Sag/Dip
Critical Functions

6. Using many alphabets
Data Custodian
Remote Access Trojan
Polyalphabetic
Process Isolation

7. A process state - to be executing a process on the CPU
Control Type
Labeling
Running
Infrastructure

8. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
Surge Suppressor
Countermeasure
Data Backups
HTTP Response Splitting

9. The core logic engine of an operating system which almost never changes
Triage
Intrusion Detection Systems
Cipher Text
Kernel

10. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Coaxial Cable
Rootkit
Business Recovery Team
Denial Of Service

11. Intellectual property protection for marketing efforts
Threats
Trademark
Packet Filtering
Cipher Text

12. Try a list of words in passwords or encryption keys
Pervasive Computing and Mobile Computing Devices
Rootkit
Hearsay
Dictionary Attack

13. Mediation of covert channels must be addressed
Hot Spares
Information Flow Model
Consistency
Control Category

14. Eavesdropping on network communications by a third party.
Orange Book A Classification
Business Impact Analysis
Sniffing
Data Backup Strategies

15. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Reference Monitor
Phishing
Stopped
Birthday Attack

16. Vehicle or tool that exploits a weakness
Method
Threats
Countermeasure
Multi-Processing

17. A subnetwork with storage devices servicing all servers on the attached network.
SYN Flooding
Key Escrow
Storage Area Network (SAN)
Inrush Current

18. Provides a physical cross connect point for devices.
Patch Panels
Supervisor Mode (monitor - system - privileged)
Copyright
Change Control

19. Binary decision by a system of permitting or denying access to the entire system
Access Control Attacks
Total Risk
Authentication
Codec

20. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
Message Digest
Virtual Memory
Polymorphism
Legacy Data

21. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Containment
Contingency Plan
Concentrator
Hacker

22. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Interception
Control
Transients
Surge Suppressor

23. People who interact with assets
Trapdoors (Backdoors) (Maintenance Hooks)
Business Continuity Steering Committee
Botnet
User

24. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Data Warehouse
Mandatory
Data Recovery
Recovery Strategy

25. Object based description of a system or a collection of resources
Damage Assessment
Key Space
Packet Filtering
Access Control Matrix

26. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
Threats
File Server
Legacy Data
Hard Disk

27. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm
Collisions
Distributed Denial Of Service
Tar Pits
Mandatory Access Control (MAC)

28. Use of specialized techniques for recovery - authentication - and analysis of electronic data
Pointer
Polymorphism
Computer Forensics
Compensating

29. A covert storage channel on the file attribute
Gateway
Key Escrow
Alternate Data Streams (File System Forks)
Mission-Critical Application

30. The managerial approval to operate a system based upon knowledge of risk to operate
Accreditation
IP Address Spoofing
Honeypot
Botnet

31. Intellectual property management technique for identifying after distribution
Emergency Procedures
Watermarking
SQL Injection
Message Digest

32. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Twisted Pair
True Attack Stimulus
Spiral
CobiT

33. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Emergency Procedures
Orange Book C2 Classification
Containment
Operating

34. To assert or claim credentialing to an authentication system
Business Interruption
Permutation /Transposition
Identification
Workaround Procedures

35. A system designed to prevent unauthorized access to or from a private network.
Recovery Time Objectives
Firewall
5 Rules Of Evidence
Hot Spares

36. Substitution at the word or phrase level
Code
Malformed Input
Dangling Pointer
Honeypot

37. Another subject cannot see an ongoing or pending update until it is complete
Identification
Isolation
Alternate Data Streams (File System Forks)
Non-Repudiation

38. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Classification
Fault Tolerance
User
Cryptovariable

39. Data or interference that can trigger a false positive
Pervasive Computing and Mobile Computing Devices
TEMPEST
Replication
Noise

40. A running key using a random key that is never used again
Key Clustering
One Time Pad
Failure Modes and Effect Analysis (FEMA)
Executive Succession

41. Recovery alternative which outsources a business function at a cost
Qualitative
Service Bureau
Orange Book D Classification
Asymmetric

42. People protect their domain
Countermeasure
Territoriality
Mirroring
Remote Access Trojan

43. Define the way in which the organization operates.
Proprietary
Fire Classes
Overlapping Fragment Attack
Safeguard

44. Small data warehouse
Firmware
Instance
Hearsay
Data Marts

45. Someone who wants to cause harm
Attacker (Black hat - Hacker)
Tar Pits
Elements of Negligence
Risk

46. Maintenance procedures outline the process for the review and update of business continuity plans.
Microwave
Plan Maintenance Procedures
Firewalls
Prevention

47. The study of cryptography and cryptanalysis
Compartmentalize
Cryptology
Source Routing Exploitation
Internal Use Only

48. Methodical research of an incident with the purpose of finding the root cause
Investigation
False (False Positive)
Business Continuity Steering Committee
Steganography

49. Renders the record inaccessible to the database management system
Record Level Deletion
Mobile Recovery
Infrastructure
Cross Certification

50. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Locard's Principle
Deterrent
Exposure
Simulation