Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Memory - RAM
Kernel
Primary Storage
Twisted Pair
Containment

2. Written step-by-step actions
Secondary Storage
Wait
Procedure
Blind Testing

3. Moving the alphabet intact a certain number spaces
Shift Cipher (Caesar)
Multiplexers
Reciprocal Agreement
E-Mail Spoofing

4. Can be statistical (monitor behavior) or signature based (watch for known attacks)
Shielding
IDS Intrusion Detection System
Cookie
Hijacking

5. Subject based description of a system or a collection of resources
Recovery Time Objectives
Faraday Cage/ Shield
Capability Tables
Storage Area Network (SAN)

6. Mitigation of system or component loss or interruption through use of backup capability.
CPU Cache
Fault Tolerance
Access Control
Containment

7. Business and technical process of applying security software updates in a regulated periodic way
Mission-Critical Application
Security Kernel
Record Level Deletion
Patch Management

8. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk
Risk Mitigation
Information Risk Management (IRM)
Codec
Payload

9. The managerial approval to operate a system based upon knowledge of risk to operate
Hearsay
Accreditation
Double Blind Testing
Gateway

10. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Uninterruptible Power Supply (UPS)
Work Factor
Orange Book B2 Classification
Inrush Current

11. The one person responsible for data - its classification and control setting
War Driving
Intrusion Prevention Systems
Information Owner
Attacker (Black hat - Hacker)

12. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Asymmetric
Collisions
Classification
Faraday Cage/ Shield

13. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Remanence
Quantitative Risk Analysis
TIFF (Tagged Image File Format)
Shadowing (file shadowing)

14. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Tort
DR Or BC Coordinator
Critical Records
Liability

15. A choice in risk management - to convince another to assume risk - typically by payment
Recovery Time Objectives
Transfer
Control Type
Control

16. Deals with discretionary protection
Orange Book C Classification
Covert Channel
Buffer Overflow
Site Policy Awareness

17. A mobilized resource purchased or contracted for the purpose of business recovery.
Business Interruption Insurance
Byte Level Deletion
Mobile Recovery
Patch Management

18. Eight bits.
Access Control Lists
Byte
File
Deletion

19. Act of scrambling the cleartext message by using a key.
Application Programming Interface
Due Diligence
Encipher
Hard Disk

20. A computer designed for the purpose of studying adversaries
Control
Honeypot
Aggregation
Multi-Processor

21. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.
Central Processing Unit (CPU)
Separation Of Duties
File Level Deletion
Business Continuity Program

22. A Trojan horse with the express underlying purpose of controlling host from a distance
Operational Test
Criminal Law
Contingency Plan
Remote Access Trojan

23. Narrow scope examination of a system
Non-Interference
TIFF (Tagged Image File Format)
Open Mail Relay Servers
Targeted Testing

24. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Top Secret
Incident
Domain
Microwave

25. An asymmetric cryptography mechanism that provides authentication.
MOM
Cross Certification
Integrated Test
Digital Signature

26. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?
File
Full Test (Full Interruption)
War Driving
Deleted File

27. A type of multitasking that allows for more even distribution of computing time among competing request
Certification Authority
Watermarking
Preemptive
Site Policy Awareness

28. A protocol for the efficient transmission of voice over the Internet
File Level Deletion
Countermeasure
Walk Though
Voice Over IP (VOIP)

29. A backup of data located where staff can gain access immediately
Encryption
Mixed Law System
On-Site
Compartmentalize

30. A control after attack
Countermeasure
Residual Risk
Interception
Data Backups

31. Malware that makes many small changes over time to a single data point or system
IP Address Spoofing
Conflict Of Interest
Salami
Firmware

32. Low level - pertaining to planning
Critical Infrastructure
Worldwide Interoperability for Microwave Access (WI-MAX )
Tactical
Recovery Time Objectives

33. Momentary loss of power
MOM
Recovery Period
Fault
Plaintext

34. Code making
Cryptography
Brute Force
Emergency Operations Center (EOC)
Cross-Site Scripting

35. A temporary public file to inform others of a compromised digital certificate
Orange Book B1 Classification
Hearsay
Modems
Certificate Revocation List (CRL)

36. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court
ff Site
Access Control Matrix
Chain of Custody
Malformed Input

37. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Data Owner
Overlapping Fragment Attack
Uninterruptible Power Supply (UPS)
Control Category

38. Real-time data backup ( Data Mirroring)
Architecture
Orange Book D Classification
Database Shadowing
Compartmentalize

39. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Civil Law
Business Interruption
Executive Succession
Alternate Data Streams (File System Forks)

40. Descrambling the encrypted message with the corresponding key
Storage Area Network (SAN)
Ring Protection
Cross Certification
Decipher

41. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.
Authentication
Generator
Incident Response
Burn

42. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
High-Risk Areas
Simulation
On-Site
Mandatory

43. Code breaking - practice of defeating the protective properties of cryptography.
Resumption
Hijacking
Job Training
Cryptanalysis

44. Object reuse protection and auditing
Admissible
Orange Book C2 Classification
Voice Over IP (VOIP)
Targeted Testing

45. A secure connection to another network.
Business Records
Consistency
Gateway
Hijacking

46. A backup of data located where staff can gain access readily and a localized disaster will not cause harm
TIFF (Tagged Image File Format)
Revocation
File
Near Site

47. Information about a particular data set
Classification
Noise
Metadata
Convincing

48. One way encryption
Shielding
Hash Function
Administrative Law
Top Secret

49. A world-wide wireless technology
Time Of Check/Time Of Use
File Server
Threats
Wireless Fidelity (Wi-Fi )

50. To reduce sudden rises in current
Trojan Horse
Surge Suppressor
Secondary Storage
Access Control Attacks