Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Control category- to discourage an adversary from attempting to access
Disk Mirroring
Non-Interference
Recovery
Deterrent

2. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Examples of technical security components
Spyware
War Dialing
Administrative Law

3. Deals with discretionary protection
Keystroke Logging
Orange Book C Classification
ISO/IEC 27002
Fire Classes

4. A device that converts between digital and analog representation of data.
Modems
Restoration
Message Digest
File Shadowing

5. Lower frequency noise
High-Risk Areas
Radio Frequency Interference (RFI)
EMI
Switches

6. A database that contains the name - type - range of values - source and authorization for access for each data element
Data Dictionary
Business Interruption
Embedded Systems
Remanence

7. Weak evidence
Data Recovery
Archival Data
Object Reuse
Hearsay

8. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Resumption
Non-Repudiation
Multiplexers
Chain of Custody

9. Creation distribution update and deletion
Moore's Law
Business Interruption Insurance
Key Management
Contact List

10. Collection of data on business functions which determines the strategy of resiliency
Dictionary Attack
Business Impact Assessment (BIA)
Analysis
Non-Repudiation

11. Momentary loss of power
Brownout
HTTP Response Splitting
Fault
Data Custodian

12. A Denial of Service attack that floods the target system with connection requests that are not finalized.
Key Escrow
Birthday Attack
SYN Flooding
Memory Management

13. Recording the Who What When Where How of evidence
Object Reuse
Top Secret
Chain Of Custody
Salami

14. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Business Impact Assessment (BIA)
Mixed Law System
Application Programming Interface
Site Policy Awareness

15. The core of a computer that calculates
Tracking
Machine Language (Machine Code)
Central Processing Unit (CPU)
Lattice

16. The connection between a wireless and wired network.
Access Point
Business Continuity Program
Wireless Fidelity (Wi-Fi )
Voice Over IP (VOIP)

17. Uses two or more legal systems
Sequence Attacks
Mixed Law System
Teardrop
User Mode (problem or program state)

18. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.
Orange Book C Classification
Kerberos
Data Dictionary
Mock Disaster

19. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).
Tracking
Routers
Discretionary Access Control (DAC)
Slack Space

20. Impossibility of denying authenticity and identity
Packet Filtering
Non-Repudiation
Cold Site
Active Data

21. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.
Restoration
Preemptive
Storage Area Network (SAN)
IDS Intrusion Detection System

22. Unauthorized wireless network access device.
Rogue Access Points
Cipher Text
Admissible
True Attack Stimulus

23. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Event
Orange Book C2 Classification
Remote Journaling
Injection

24. Record history of incident
Tracking
Investigation
Examples of non-technical security components
Logic Bomb

25. To execute more than one instruction at an instant in time
Digital Signature
Territoriality
Resumption
Multi-Processing

26. Process of statistically testing a data set for the likelihood of relevant information.
Cipher Text
Business Continuity Program
Data Hiding
Sampling

27. High level - pertaining to planning
Strategic
Disaster Recovery Tape
Certificate Revocation List (CRL)
ISO/IEC 27001

28. Potentially compromising leakage of electrical or acoustical signals.
Cache
Intrusion Detection Systems
Emanations
Stopped

29. A process state - to be either be unable to run waiting for an external event or terminated
Data Recovery
Deleted File
Stopped
Service Bureau

30. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Trademark
Fiber Optics
Fraggle
Mock Disaster

31. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.
Basics Of Secure Design
Strategic
Encipher
Chain of Custody

32. Uncleared buffers or media
Warm Site
Data Marts
Object
Object Reuse

33. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Simulation
Identification
Operational
Recovery Point Objective (RPO)

34. Threats x Vulnerability x Asset Value = Total Risk
Examples of non-technical security components
Privacy Laws
Total Risk
Mirrored Site

35. A process state - to be executing a process on the CPU
Need-To-Know
Race Condition
Running
Basics Of Secure Design

36. Unauthorized access of network devices.
Physical Tampering
Interception
Routers
Architecture

37. The technical and risk assesment of a system within the context of the operating environment
Cryptology
Framework
Digital Signature
Certification

38. Calculation encompassing threats - vulnerabilities and assets
Total Risk
Injection
On-Site
Disk Mirroring

39. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress
BCP Testing Drills and Exercises
True Attack Stimulus
Examples of non-technical security components
Ethics

40. Control category- to record an adversary's actions
Certification
Detective
BCP Testing Drills and Exercises
Cipher Text

41. A planned or unplanned interruption in system availability.
Data Recovery
File
Executive Succession
System Downtime

42. Memory management technique that allows two processes to run concurrently without interaction
Protection
Service Bureau
State Machine Model
Exposure

43. Trading one for another
Business Continuity Steering Committee
Substitution
Containment
Quantitative

44. Reprogrammable basic startup instructions
Access Point
Operational Impact Analysis
Assembler
Firmware

45. A secure connection to another network.
Architecture
Gateway
Encipher
Database Replication

46. A condition in which neither party is willing to stop their activity for the other to complete
Mock Disaster
Structured Walkthrough
Deadlock
Central Processing Unit (CPU)

47. High frequency noise
Electromagnetic Interference (EMI)
Bollard
Injection
True Attack Stimulus

48. A race condition where the security changes during the object's access
Time Of Check/Time Of Use
Modems
Top Secret
Due Care

49. Statistical probabilities of a collision are more likely than one thinks
Mirroring
Birthday Attack
Hard Disk
Generator

50. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.
Infrastructure
Interpreter
Process Isolation
File Server