Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A electronic attestation of identity by a certificate authority
Business Impact Assessment (BIA)
Recovery
Digital Certificate
Standalone Test

2. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Need-To-Know
Alternate Data Streams (File System Forks)
Uninterruptible Power Supply (UPS)
The ACID Test

3. OOP concept of a class's details to be hidden from object
Encapsulation
E-Mail Spoofing
Orange Book B1 Classification
Kernel

4. Potentially compromising leakage of electrical or acoustical signals.
Operational Impact Analysis
Common Criteria
Disaster Recovery Plan
Emanations

5. A description of a database
Data Dictionary
Interception
Certification
Security Domain

6. Someone who wants to cause harm
Attacker (Black hat - Hacker)
Test Plan
Liability
Trojan Horse

7. Abstract and mathematical in nature - defining all possible states - transitions and operations
Steganography
Data Backup Strategies
Tapping
State Machine Model

8. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Information Risk Management (IRM)
Event
E-Mail Spoofing
Processes are Isolated By

9. Narrow scope examination of a system
Business Impact Analysis
Targeted Testing
Transfer
Identification

10. Review of data
Job Rotation
Analysis
Mobile Site
Hard Disk

11. A Trojan horse with the express underlying purpose of controlling host from a distance
Proxies
Concatenation
Remote Access Trojan
Trademark

12. Just enough access to do the job
Collisions
One Time Pad
Symmetric
Least Privilege

13. High frequency noise
Orange Book B2 Classification
Hearsay
Electromagnetic Interference (EMI)
System Life Cycle

14. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)
Electronic Vaulting
Domain
Interception
Confidence Value

15. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.
Interpreter
Threats
Non-Discretionary Access Control
Collisions

16. Planning for the delegation of authority required when decisions must be made without the normal chain of command
Electrostatic Discharge
Executive Succession
Running
Database Replication

17. Using small special tools all tumblers of the lock are aligned - opening the door
Fire Prevention
Liability
Watermarking
Picking

18. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Job Rotation
Masquerading
Kerberos
Recovery Period

19. Control category- to give instructions or inform
Radio Frequency Interference (RFI)
Directive
Executive Succession
Incident Response

20. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.
Isolation
Monitor
False Attack Stimulus
Mission-Critical Application

21. To stop damage from spreading
Injection
Key Clustering
Qualitative
Containment

22. Statistical probabilities of a collision are more likely than one thinks
Message Digest
Birthday Attack
Access Control Lists
Business Interruption

23. A race condition where the security changes during the object's access
Mission-Critical Application
Encryption
Workaround Procedures
Time Of Check/Time Of Use

24. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Orange Book B2 Classification
Fire Prevention
Machine Language (Machine Code)
Emergency

25. Intellectual property protection for an invention
Record Level Deletion
Patent
Detective
Certification

26. Alerts personnel to the presence of a fire
Redundant Array Of Independent Drives (RAID)
TCSEC (Orange Book)
Fire Detection
Object

27. An administrative unit or a group of objects and subjects controlled by one reference monitor
Security Domain
Multiplexers
Digital Signature
Distributed Processing

28. Fault tolerance for power
Brute Force
Generator
Object Oriented Programming (OOP)
One Time Pad

29. Actions measured against either a policy or what a reasonable person would do
Top Secret
Examples of technical security components
Due Diligence
Patent

30. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
Running
Data Hiding
File Server
Multi-Programming

31. Sphere of influence
Surge Suppressor
Accurate
Brute Force
Domain

32. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.
Directive
Secondary Storage
Spyware
Structured Walkthrough

33. Control category- to record an adversary's actions
Detective
Incident Handling
TCSEC (Orange Book)
Alert/Alarm

34. A computer designed for the purpose of studying adversaries
Legacy Data
Common Criteria
Honeypot
Strategic

35. Provides a physical cross connect point for devices.
Object Oriented Programming (OOP)
Patch Panels
Attacker (Black hat - Hacker)
Executive Succession

36. People protect their domain
System Downtime
Plain Text
Territoriality
Civil Or Code Law

37. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
Mirrored Site
Recovery Period
Dangling Pointer
ITSEC

38. An asymmetric cryptography mechanism that provides authentication.
Bollard
Information Flow Model
Data Backups
Digital Signature

39. A technology that reduces the size of a file.
Vulnerability
Desk Check Test
Compression
TIFF (Tagged Image File Format)

40. Uses two or more legal systems
Mixed Law System
Log
Cross-Site Scripting
ff Site

41. A protocol for the efficient transmission of voice over the Internet
Recovery Point Objective (RPO)
Voice Over IP (VOIP)
Twisted Pair
Hijacking

42. A copy of transaction data - designed for querying and reporting
Data Warehouse
Reciprocal Agreement
The ACID Test
Fiber Optics

43. To reduce sudden rises in current
Surge Suppressor
Buffer Overflow
Radio Frequency Interference (RFI)
Business Continuity Planning (BCP)

44. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.
Voice Over IP (VOIP)
Bit
False Attack Stimulus
Satellite

45. Data or interference that can trigger a false positive
Noise
Adware
Microwave
Discretionary

46. An attack involving the hijacking of a TCP session by predicting a sequence number.
Fire Prevention
File Level Deletion
Restoration
Sequence Attacks

47. Uncleared buffers or media
Interference (Noise)
Object Reuse
Administrative Law
Slack Space

48. For PKI - to store another copy of a key
Key Escrow
Infrastructure
Denial Of Service
Parallel Test

49. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
Steganography
Forward Recovery
Change Control
Ring Protection

50. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Checkpoint
Business Records
Governance
Highly Confidential