Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The study of cryptography and cryptanalysis
Exercise
Damage Assessment
Cryptology
Business Continuity Steering Committee

2. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Exposure
Redundant Array Of Independent Drives (RAID)
Polyalphabetic
Operational

3. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
ff Site
Salami
3 Types of harm Addressed in computer crime laws
E-Mail Spoofing

4. An alert or alarm that is triggered when no actual attack has taken place
Electromagnetic Interference (EMI)
False (False Positive)
Targeted Testing
Multilevel Security System

5. An event which stops business from continuing.
Investigation
Multi-Party Control
IDS Intrusion Detection System
Disaster

6. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Incident Response
Education
Backup
Access Point

7. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Emergency Procedures
Blind Testing
Near Site
Residual Risk

8. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
File Server
Brownout
IP Fragmentation
EMI

9. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
Bridge
Faraday Cage/ Shield
Dictionary Attack
Chain of Custody

10. To break a business process into separate functions and assign to different people
Separation Of Duties
Orange Book B2 Classification
Relocation
Threats

11. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Business Continuity Planning (BCP)
Damage Assessment
Inrush Current
Encapsulation

12. Firewalls - encryption - and access control lists
Concentrator
Examples of technical security components
Safeguard
ISO/IEC 27002

13. Uncleared buffers or media
Concatenation
Policy
Emergency
Object Reuse

14. Recognition of an individual's assertion of identity.
MOM
Metadata
Identification
Method

15. Unchecked data which spills into another location in memory
Executive Succession
Salami
Buffer Overflow
Chain of Custody

16. Event(s) that cause harm
Shift Cipher (Caesar)
Incident
Public Key Infrastructure (PKI)
Control

17. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.
Fraggle
Layering
Restoration
Fire Suppression

18. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Encipher
Kerckhoff's Principle
Proprietary
Orange Book D Classification

19. Total number of keys available that may be selected by the user of a cryptosystem
Message Digest
Computer System Evidence
Custodian
Key Space

20. Memory management technique which allows data to be moved from one memory address to another
Analysis
Relocation
Brouter
Covert Channel

21. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
Mandatory Vacations
Checksum
Fault Tolerance
Legacy Data

22. Intellectual property management technique for identifying after distribution
Business Impact Analysis
Guidelines
Watermarking
Lattice

23. Two different keys decrypt the same cipher text
Mock Disaster
Compiler
Key Clustering
Administrative

24. Searching for wireless networks in a moving car.
War Driving
Repeaters
Emergency
Threats

25. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing
Administrative Access Controls
SYN Flooding
Isolation
Steganography

26. Location where coordination and execution of BCP or DRP is directed
Site Policy Awareness
Information Owner
Access Control Matrix
Emergency Operations Center (EOC)

27. Converts source code to an executable
Rogue Access Points
DR Or BC Coordinator
Off-Site Storage
Compiler

28. Representatives from each functional area or department get together and walk through the plan from beginning to end.
Checksum
On-Site
Examples of technical security components
Structured Walk-Through Test

29. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.
Data Backup Strategies
Keystroke Logging
Common Criteria
Alternate Site

30. A layer 2 device that used to connect two or more network segments and regulate traffic.
Rootkit
Eavesdropping
Switches
Parallel Test

31. A covert storage channel on the file attribute
Alternate Data Streams (File System Forks)
Need-To-Know
User Mode (problem or program state)
Checklist Test

32. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements
Worm
Prevention
ITSEC
Interpreter

33. The core logic engine of an operating system which almost never changes
Business Recovery Timeline
Custodian
Kernel
Critical Functions

34. Used to code/decode a digital data stream.
Codec
Phishing
Masquerading
Total Risk

35. OOP concept of a template that consist of attributes and behaviors
Rogue Access Points
Walk Though
Class
Custodian

36. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.
Threats
Risk
Worm
Emergency

37. The first rating that requires security labels
Job Training
Access Control Lists
Mantrap (Double Door System)
Orange Book B1 Classification

38. Specific format of technical and physical controls that support the chosen framework and the architecture
Infrastructure
Warm Site
Critical Functions
Faraday Cage/ Shield

39. For PKI - decertify an entities certificate
Control
Revocation
E-Mail Spoofing
Orange Book C2 Classification

40. The event signaling an IDS to produce an alarm when no attack has taken place
False Attack Stimulus
Administrative Access Controls
Inference
Collisions

41. State of computer - to be running a process
Control
Operating
Analysis
Substitution

42. Try a list of words in passwords or encryption keys
Ring Protection
Dictionary Attack
Administrative Laws
Cold Site

43. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
Hash Function
Repeaters
Database Shadowing
EMI

44. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Source Routing Exploitation
Degauss
Picking
IDS Intrusion Detection System

45. Fault tolerance for power
Secondary Storage
Digital Signature
Job Training
Generator

46. Using small special tools all tumblers of the lock are aligned - opening the door
Sag/Dip
Digital Signature
Picking
Qualitative

47. A process state - to be executing a process on the CPU
Metadata
Data Owner
Enticement
Running

48. A system designed to prevent unauthorized access to or from a private network.
Common Criteria
Bumping
Crisis
Firewall

49. Mediation of covert channels must be addressed
Deadlock
Hot Spares
Kernel
Information Flow Model

50. A device that sequentially switches multiple analog inputs to the output.
Kerckhoff's Principle
Multiplexers
Elements of Negligence
Durability