Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Encryption system using a pair of mathematically related unequal keys
Contact List
Accurate
Alert
Asymmetric

2. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.
Spam
UPS
Teardrop
CPU Cache

3. To create a copy of data as a precaution against the loss or damage of the original data.
Backup
Kerckhoff's Principle
Noise
Switches

4. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Cryptovariable
Fiber Optics
Analysis
Assembler

5. Controls for termination of attempt to access object
Accountability
Highly Confidential
Mandatory Access Control (MAC)
Intrusion Prevention Systems

6. A planned or unplanned interruption in system availability.
Virtual Memory
System Downtime
Shielding
Deletion

7. A back up type - where the organization has excess capacity in another location.
Administrative
Active Data
Mirroring
Distributed Processing

8. Uncheck data input which results in redirection
Territoriality
HTTP Response Splitting
Remote Journaling
Digital Signature

9. False memory reference
Dangling Pointer
Risk Assessment / Analysis
Accountability
Inference

10. All of the protection mechanism in a computer system
Trusted Computing Base
ff Site
Multi-Tasking
Simulation Test

11. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.
File Server
Asymmetric
Cipher Text
Change Control

12. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Alert
Process Isolation
Birthday Attack
Directive

13. A state for operating system tasks only
Supervisor Mode (monitor - system - privileged)
Identification
Radio Frequency Interference (RFI)
Data Marts

14. A documented battle plan for coordinating response to incidents.
SYN Flooding
Data Leakage
Incident Handling
Mobile Recovery

15. Moving letters around
Shielding
Vital Record
Primary Storage
Permutation /Transposition

16. Recovery alternative which outsources a business function at a cost
Dangling Pointer
Bridge
Service Bureau
Containment

17. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Acronym for American Standard Code for Information Interchange (ASCII)
Object
Orange Book D Classification
Birthday Attack

18. Act of scrambling the cleartext message by using a key.
Encipher
Digital Certificate
Business Continuity Steering Committee
Spyware

19. A shield against leakage of electromagnetic signals.
Data Dictionary
Classification Scheme
Rollback
Faraday Cage/ Shield

20. A process state - to be executing a process on the CPU
Certificate Revocation List (CRL)
Application Programming Interface
Running
Distributed Processing

21. Malware that subverts the detective controls of an operating system
False Negative
Rootkit
TIFF (Tagged Image File Format)
Collisions

22. A protocol for the efficient transmission of voice over the Internet
Security Domain
Voice Over IP (VOIP)
Denial Of Service
Operational Impact Analysis

23. Vehicle stopping object
Electronic Vaulting
Bollard
Technical Access Controls
Hacker

24. Using small special tools all tumblers of the lock are aligned - opening the door
Picking
Hot Spares
Need-To-Know
Fiber Optics

25. Two different keys decrypt the same cipher text
Key Clustering
IP Fragmentation
Mirrored Site
Slack Space

26. Is secondhand and usually not admissible in court
Business Impact Assessment (BIA)
Hearsay Evidence
Resumption
Aggregation

27. OOP concept of an object at runtime
Assembler
Emergency Procedures
Threat Agent
Instance

28. Periodic - automatic and transparent backup of data in bulk.
Electronic Vaulting
Parallel Test
Integrated Test
Business Interruption

29. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Information Technology Security Evaluation Criteria - ITSEC
Log
Keystroke Logging
Consistency

30. A type of multitasking that allows for more even distribution of computing time among competing request
Preemptive
Polyalphabetic
Accreditation
Declaration

31. To know more than one job
Due Diligence
Off-Site Storage
Quantitative
Cross Training

32. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.
Digital Signature
Parallel Test
Business Unit Recovery
Private Branch Exchange (PBX)

33. Data or interference that can trigger a false positive
Encapsulation
Noise
Qualitative
File Shadowing

34. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Quantitative Risk Analysis
Stopped
Structured Walk-Through Test
Content Dependent Access Control

35. Final purpose or result
Residual Risk
Process Isolation
Payload
Initialization Vector

36. Provides a physical cross connect point for devices.
Substitution
Orange Book D Classification
Digital Certificate
Patch Panels

37. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Double Blind Testing
Data Leakage
Common Law
TIFF (Tagged Image File Format)

38. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Reciprocal Agreement
Tar Pits
False Negative
Liability

39. Sphere of influence
Electromagnetic Interference (EMI)
State Machine Model
Domain
Integrated Test

40. A state where two subjects can access the same object without proper mediation
Race Condition
Steganography
Multiplexers
Structured Walk-Through Test

41. Individuals and departments responsible for the storage and safeguarding of computerized data.
Data Custodian
Compiler
Bumping
Object

42. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Declaration
Data Owner
Teardrop
Distributed Processing

43. Summary of a communication for the purpose of integrity
Message Digest
Spyware
Inheritance
Failure Modes and Effect Analysis (FEMA)

44. Lower frequency noise
Radio Frequency Interference (RFI)
Salami
Analysis
Race Condition

45. The technical and risk assesment of a system within the context of the operating environment
Object Reuse
Corrective
Certification
Race Condition

46. People protect their domain
Business Recovery Timeline
Conflict Of Interest
Territoriality
Instance

47. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Framework
Shadowing (file shadowing)
Injection
Fault Tolerance

48. Unchecked data which spills into another location in memory
Multi-Programming
Blackout
Failure Modes and Effect Analysis (FEMA)
Buffer Overflow

49. Recovery alternative - short-term - high cost movable processing location
Business Continuity Planning (BCP)
Mobile Site
Teardrop
Job Rotation

50. Information about data or records
Algorithm
Plain Text
Trusted Computing Base
Metadata