Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Intermediate level - pertaining to planning
Patent
Operational
Basics Of Secure Design
5 Rules Of Evidence

2. Provides a physical cross connect point for devices.
Hijacking
Patch Panels
Orange Book B1 Classification
Exercise

3. Pertaining to law - lending it self to one side of an argument
Convincing
Critical Infrastructure
Cookie
Adware

4. Some systems are actually run at the alternate site
Parallel Test
Byte Level Deletion
Burn
Classification Scheme

5. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Information Risk Management (IRM)
Network Attached Storage (NAS)
Private Branch Exchange (PBX)
Recovery

6. Descrambling the encrypted message with the corresponding key
TEMPEST
Replication
Decipher
Orange Book D Classification

7. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions
Resumption
Firewall
Salami
Alarm Filtering

8. Recovery alternative - complete duplication of services including personnel
Alternate Data Streams (File System Forks)
Mirrored Site
Walk Though
Data Custodian

9. The technical and risk assesment of a system within the context of the operating environment
Certification
Running
Forward Recovery
Business Continuity Planning (BCP)

10. Object reuse protection and auditing
Trademark
Backup
Orange Book C2 Classification
Assembler

11. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Business Interruption Insurance
Bumping
Trojan Horse
Critical Records

12. Threats x Vulnerability x Asset Value = Total Risk
Data Custodian
Total Risk
Distributed Processing
Data Marts

13. Moving letters around
Permutation /Transposition
IDS Intrusion Detection System
Rootkit
Exercise

14. Encryption system using a pair of mathematically related unequal keys
Embedded
Cryptanalysis
Time Of Check/Time Of Use
Asymmetric

15. Memory management technique which allows data to be moved from one memory address to another
3 Types of harm Addressed in computer crime laws
Chain of Custody
Relocation
Durability

16. To smooth out reductions or increases in power
Electronic Vaulting
Trapdoors (Backdoors) (Maintenance Hooks)
Authentic
UPS

17. Record of system activity - which provides for monitoring and detection.
Digital Signature
Log
Running
Change Control

18. DoS - Spoofing - dictionary - brute force - wardialing
Brownout
Access Control Attacks
Critical Functions
Life Cycle of Evidence

19. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Threats
Quantitative Risk Analysis
Teardrop
Call Tree

20. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Embedded Systems
IDS Intrusion Detection System
Work Factor
Investigation

21. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Centralized Access Control Technologies
Pervasive Computing and Mobile Computing Devices
Cache
System Downtime

22. The chance that something negative will occur
Risk
Symmetric
Examples of non-technical security components
Directive

23. Code breaking - practice of defeating the protective properties of cryptography.
Hearsay Evidence
Interference (Noise)
Cryptanalysis
Masked/Interruptible

24. Maximum tolerance for loss of certain business function - basis of strategy
Certification Authority
Uninterruptible Power Supply (UPS)
Recovery Time Objectives
High-Risk Areas

25. Memory - RAM
Labeling
Primary Storage
Transients
2-Phase Commit

26. A control before attack
Safeguard
Operational
Declaration
High-Risk Areas

27. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination
Alternate Site
Orange Book C2 Classification
Man-In-The-Middle Attack
Risk

28. People who interact with assets
Tar Pits
Database Shadowing
Activation
User

29. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.
Operational Impact Analysis
Coaxial Cable
CobiT
Workaround Procedures

30. A shield against leakage of electromagnetic signals.
Malformed Input
TIFF (Tagged Image File Format)
Backup
Faraday Cage/ Shield

31. Controls for termination of attempt to access object
Confidence Value
Redundant Servers
Intrusion Prevention Systems
Emanations

32. A running key using a random key that is never used again
One Time Pad
Routers
Faraday Cage/ Shield
Basics Of Secure Design

33. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
Embedded
Memory Management
Logic Bomb
Botnet

34. System of law based upon what is good for society
Civil Or Code Law
Polyalphabetic
Total Risk
Replication

35. Unchecked data which spills into another location in memory
Business Interruption
Cross-Site Scripting
Buffer Overflow
Threats

36. Small data files written to a user's hard drive by a web server.
Threats
Cookie
Processes are Isolated By
Metadata

37. To segregate for the purposes of labeling
Evidence
Emergency
Mitigate
Compartmentalize

38. Used to code/decode a digital data stream.
Faraday Cage/ Shield
Active Data
Codec
Hearsay

39. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Declaration
SYN Flooding
Asymmetric
Administrative

40. Review of data
Analysis
Slack Space
Shift Cipher (Caesar)
Bumping

41. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
Concatenation
Instance
Transients
IP Fragmentation

42. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources
Buffer Overflow
Workaround Procedures
Fault Tolerance
Hash Function

43. Key
ff Site
Cryptovariable
Operating
Total Risk

44. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.
Business Impact Assessment (BIA)
Journaling
Hot Spares
Mandatory Access Control (MAC)

45. Scrambled form of the message or data
Accurate
Event
Administrative
Cipher Text

46. A planned or unplanned interruption in system availability.
Authentic
Running Key
Deletion
System Downtime

47. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Incident Handling
Rollback
Byte Level Deletion
Hot Spares

48. A test conducted on one or more components of a plan under actual operating conditions.
Plaintext
Operational Test
Network Attached Storage (NAS)
Byte

49. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.
Sniffing
Boot (V.)
Mixed Law System
Change Control

50. A temporary public file to inform others of a compromised digital certificate
UPS
Certificate Revocation List (CRL)
Tar Pits
Byte Level Deletion