Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Sphere of influence
Plain Text
Prevention
Domain
Access Control Lists

2. Only the key protects the encrypted information

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

3. Uses two or more legal systems
Mixed Law System
Life Cycle of Evidence
Administrative Law
Instance

4. Initial surge of current
Inrush Current
Digital Signature
Metadata
Checklist Test

5. Power surge
Recovery Period
File Extension
Deleted File
Electrostatic Discharge

6. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Mantrap (Double Door System)
Business Interruption
Bumping
Inheritance

7. Evidence must be: admissible - authentic - complete - accurate - and convincing
5 Rules Of Evidence
Collisions
Control Category
Tapping

8. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Compensating
CPU Cache
Alert
Security Blueprint

9. A programming device use in development to circumvent controls
Cache
Trapdoors (Backdoors) (Maintenance Hooks)
Tactical
Sampling

10. Some systems are actually run at the alternate site
Inrush Current
Parallel Test
Birthday Attack
Permutation /Transposition

11. An availability attack - to consume resources to the point of exhaustion from multiple vectors
Data Hiding
War Dialing
Database Shadowing
Distributed Denial Of Service

12. A mail server that improperly allows inbound SMTP connections for domains it does not serve.
Cryptanalysis
Open Mail Relay Servers
Blackout
Replication

13. Someone who want to know how something works - typically by taking it apart
Hub
Shift Cipher (Caesar)
Alternate Site
Hacker

14. Unauthorized wireless network access device.
Sag/Dip
Rogue Access Points
Lattice
Electromagnetic Interference (EMI)

15. Lower frequency noise
Modification
Least Privilege
Radio Frequency Interference (RFI)
Redundant Array Of Independent Drives (RAID)

16. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).
Voice Over IP (VOIP)
Entrapment
Non-Interference
Concentrator

17. Subset of operating systems components dedicated to protection mechanisms
Security Kernel
Phishing
Denial Of Service
Code

18. A collection of data or information that has a name
File
Directive
Risk Assessment
Failure Modes and Effect Analysis (FEMA)

19. To execute more than one instruction at an instant in time
Tapping
Multi-Processing
Confidence Value
Remote Access Trojan

20. Written step-by-step actions
Sequence Attacks
Surveillance
Procedure
Cryptography

21. Uncleared buffers or media
Labeling
Object Reuse
Remote Journaling
Need-To-Know

22. Consume resources to a point of exhaustion - loss of availability
Denial Of Service
Civil Law
Keystroke Logging
Backup

23. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
Aggregation
Civil Or Code Law
Fraggle
Brownout

24. Dedicated fast memory located on the same board as the CPU
CPU Cache
File Shadowing
Checklist Test
Job Rotation

25. A technology that reduces the size of a file.
Trojan Horse
File Sharing
Compression
Business Impact Assessment (BIA)

26. Induces a crime - tricks a person - and is illegal
Entrapment
Dictionary Attack
Off-Site Storage
Work Factor

27. System of law based upon precedence - with major divisions of criminal - tort - and administrative
Common Law
Trade Secret
Transfer
Checklist Test (desk check)

28. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Spyware
Smurf
Confidence Value
Structured Walkthrough

29. A device that converts between digital and analog representation of data.
SYN Flooding
Modems
Criminal Law
Blind Testing

30. Granular decision by a system of permitting or denying access to a particular resource on the system
Authorization
Public Key Infrastructure (PKI)
Quantitative Risk Analysis
Alert

31. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements
TCSEC (Orange Book)
Qualitative
Data Integrity
Data Custodian

32. Weakness or flaw in an asset
Threat Agent
Compensating
Deletion
Vulnerability

33. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Revocation
Administrative Access Controls
ff Site
Blackout

34. A failure of an IDS to detect an actual attack
False Negative
Access Point
Highly Confidential
Hot Site

35. Intellectual property protection for an invention
Full Test (Full Interruption)
Hot Site
Identification
Patent

36. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
ff Site
Covert Channel
Information Technology Security Evaluation Criteria - ITSEC
Warm Site

37. Individuals and departments responsible for the storage and safeguarding of computerized data.
Stopped
Mission-Critical Application
Elements of Negligence
Data Custodian

38. Pertaining to law - lending it self to one side of an argument
Convincing
Cryptography
Classification
Wait

39. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress
Recovery
True Attack Stimulus
Eavesdropping
Application Programming Interface

40. Maximum tolerance for loss of certain business function - basis of strategy
Radio Frequency Interference (RFI)
Recovery Time Objectives
High-Risk Areas
Critical Functions

41. Forgery of the sender's email address in an email header.
Business Impact Analysis
E-Mail Spoofing
Key Management
Strategic

42. The study of cryptography and cryptanalysis
Patch Management
Cryptology
Data Recovery
Business Impact Assessment (BIA)

43. Recording the Who What When Where How of evidence
Intrusion Detection Systems
Workaround Procedures
Chain Of Custody
SQL Injection

44. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
Ring Protection
Operational Exercise
Hash Function
Virtual Memory

45. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Electronic Vaulting
Tar Pits
Data Backup Strategies
Embedded Systems

46. Mediation of subject and object interactions
Highly Confidential
Exposure
Debriefing/Feedback
Access Control

47. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.
Authorization
Key Space
Recovery Point Objective (RPO)
Executive Succession

48. Information about a particular data set
Cross-Site Scripting
File Shadowing
Metadata
Common Criteria

49. Mitigation of system or component loss or interruption through use of backup capability.
Identification
Business Recovery Timeline
Forward Recovery
Fault Tolerance

50. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Certification
Due Diligence
Orange Book D Classification
Non-Interference