Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Review of data
Analysis
Processes are Isolated By
Logic Bomb
Full Test (Full Interruption)

2. The managerial approval to operate a system based upon knowledge of risk to operate
Archival Data
Strategic
Surge Suppressor
Accreditation

3. To stop damage from spreading
Substitution
Mobile Recovery
One Time Pad
Containment

4. Control category - more than one control on a single asset
Non-Discretionary Access Control
Compensating
Residual Risk
Computer Forensics

5. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities
Application Programming Interface
BCP Testing Drills and Exercises
Hot Site
Object

6. Intellectual property protection for an confidential and critical process
Fire Detection
Polyalphabetic
Discretionary Access Control (DAC)
Trade Secret

7. Sudden rise in voltage in the power supply.
Classification Scheme
Surge
Birthday Attack
Masquerading

8. Written step-by-step actions
Distributed Denial Of Service
Procedure
Data Leakage
Distributed Processing

9. Independent malware that requires user interaction to execute
Intrusion Detection Systems
Virus
Disaster Recovery Plan
Fraggle

10. Renders the file inaccessible to the operating system - available to reuse for data storage.
Tracking
Cross-Site Scripting
Brownout
File Level Deletion

11. The problems solving state - the opposite of supervisor mode
Object
Polyalphabetic
User Mode (problem or program state)
Information Technology Security Evaluation Criteria - ITSEC

12. A technology that reduces the size of a file.
Risk Assessment / Analysis
Entrapment
Compression
Coaxial Cable

13. Real-time data backup ( Data Mirroring)
Decipher
Database Shadowing
Primary Storage
Multi-Core

14. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur
Emergency Operations Center (EOC)
Failure Modes and Effect Analysis (FEMA)
Virus
File Sharing

15. A temporary public file to inform others of a compromised digital certificate
Certificate Revocation List (CRL)
Vulnerability
Tactical
Analysis

16. Joining two pieces of text
Cryptography
Concatenation
Worldwide Interoperability for Microwave Access (WI-MAX )
Test Plan

17. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk
Structured Walk-Through Test
Orange Book B1 Classification
Executive Succession
Residual Risk

18. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
Running
Criminal Law
High-Risk Areas
Desk Check Test

19. Process whereby data is removed from active files and other data storage structures
Trademark
Multi-Programming
Copyright
Deletion

20. Unchecked data which spills into another location in memory
Cross Certification
Trade Secret
Buffer Overflow
Emergency Procedures

21. Some systems are actually run at the alternate site
Parallel Test
Inheritance
Digital Signature
Sag/Dip

22. Sphere of influence
Data Diddler
5 Rules Of Evidence
Data Recovery
Domain

23. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Buffer Overflow
Chain of Custody
Business Impact Analysis
Bit

24. The study of cryptography and cryptanalysis
Cryptology
Work Factor
Forward Recovery
User

25. System of law based upon precedence - with major divisions of criminal - tort - and administrative
Gateway
Backup
Orange Book C2 Classification
Common Law

26. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
Patent
Ethics
Critical Functions
Business Records

27. An unintended communication path
Satellite
Byte
Monitor
Covert Channel

28. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Concentrator
Electronic Vaulting
Polyalphabetic
Business Continuity Steering Committee

29. To load the first piece of software that starts a computer.
Boot (V.)
Detection
Virus
Certification Authority

30. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner
Deterrent
Structured Walk-Through Test
Denial Of Service
Life Cycle of Evidence

31. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.
Sequence Attacks
Exercise
Administrative Access Controls
Trusted Computing Base

32. Guidelines within an organization that control the rules and configurations of an IDS
Site Policy
Liability
Hard Disk
False Attack Stimulus

33. Controls for logging and alerting
Intrusion Detection Systems
Information Flow Model
3 Types of harm Addressed in computer crime laws
Fraggle

34. A form of data hiding which protects running threads of execution from using each other's memory
DR Or BC Coordinator
Process Isolation
Access Control
Evidence

35. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components
Tracking
Exercise
Masked/Interruptible
Rollback

36. Something that happened
Keyed-Hashing For Message Authentication
Data Custodian
Event
TNI (Red Book)

37. Tool which mediates access
Control
Content Dependent Access Control
Uninterruptible Power Supply (UPS)
Substitution

38. For PKI - to store another copy of a key
Internal Use Only
Key Escrow
Complete
Examples of technical security components

39. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
Remote Journaling
Radio Frequency Interference (RFI)
Discretionary
Processes are Isolated By

40. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Mantrap (Double Door System)
Corrective
Firewall
Access Control Attacks

41. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Least Privilege
ff Site
Emergency
Redundant Array Of Independent Drives (RAID)

42. Is secondhand and usually not admissible in court
EMI
War Dialing
Safeguard
Hearsay Evidence

43. A hash that has been further encrypted with a symmetric algorithm
Honeynet
Keyed-Hashing For Message Authentication
Elements of Negligence
Keystroke Logging

44. Inappropriate data
Malformed Input
Business Continuity Steering Committee
Governance
Keystroke Logging

45. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Twisted Pair
Strong Authentication
TCSEC (Orange Book)
Distributed Processing

46. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.
Overlapping Fragment Attack
Criminal Law
Honeypot
File Server

47. Communicate to stakeholders
Maximum Tolerable Downtime (MTD)
Physical Tampering
Debriefing/Feedback
Database Replication

48. The chance that something negative will occur
Transfer
Risk
Mirrored Site
Modification

49. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
Fire Classes
Covert Channel
Modems
Containment

50. Uncheck data input which results in redirection
Threat Agent
HTTP Response Splitting
Structured Walk-Through Test
Data Dictionary