Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Smurf
Prevention
Recovery Strategy
TCSEC (Orange Book)

2. A set of laws that the organization agrees to be bound by
Exposure
Administrative Law
Symmetric
Intrusion Detection Systems

3. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
Fire Classes
Multi-Party Control
Mirroring
Access Control Attacks

4. Recovery alternative which includes cold site and some equipment and infrastructure is available
Transients
Recovery Strategy
Warm Site
Trusted Computing Base

5. Location to perform the business function
Alternate Site
Checklist Test
Redundant Array Of Independent Drives (RAID)
Deadlock

6. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Uninterruptible Power Supply (UPS)
Botnet
Prevention
Orange Book B2 Classification

7. Forging of an IP address.
IP Address Spoofing
CPU Cache
Site Policy Awareness
Twisted Pair

8. Deals with discretionary protection
Orange Book C Classification
3 Types of harm Addressed in computer crime laws
Accreditation
File Extension

9. Act of luring an intruder and is legal.
Computer System Evidence
Off-Site Storage
Enticement
Elements of Negligence

10. Less granular organization of controls -
Payload
Separation Of Duties
Control Type
Phishing

11. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Checklist Test
Risk Assessment / Analysis
Trojan Horse
Acronym for American Standard Code for Information Interchange (ASCII)

12. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.
Alert
Electrostatic Discharge
Multi-Processing
Blackout

13. Of a system without prior knowledge by the tester or the tested
Brownout
Total Risk
Countermeasure
Double Blind Testing

14. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Satellite
Digital Signature
Electronic Vaulting
Separation Of Duties

15. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.
Surveillance
Honeynet
Job Training
Business Recovery Team

16. A system designed to prevent unauthorized access to or from a private network.
Business Records
Debriefing/Feedback
Firewall
Countermeasure

17. Intellectual property protection for an confidential and critical process
Elements of Negligence
Trade Secret
Orange Book C2 Classification
Multi-Tasking

18. Small data warehouse
Data Marts
Alternate Site
Log
On-Site

19. OOP concept of an object's abilities - what it does
Method
Rootkit
Patent
Criminal Law

20. Statistical probabilities of a collision are more likely than one thinks
Birthday Attack
Contact List
Data Leakage
Guidelines

21. Pertaining to law - no omissions
Complete
Protection
Job Training
Binary

22. A mobilized resource purchased or contracted for the purpose of business recovery.
Kerckhoff's Principle
Mobile Recovery
Codec
Tracking

23. Summary of a communication for the purpose of integrity
Message Digest
Wait
Relocation
Integrated Test

24. A covert storage channel on the file attribute
Alternate Data Streams (File System Forks)
Need-To-Know
Shadowing (file shadowing)
Vital Record

25. Power surge
Cryptanalysis
Electrostatic Discharge
Critical Functions
Data Dictionary

26. Business and technical process of applying security software updates in a regulated periodic way
Concatenation
Patch Management
Business Recovery Team
Hot Spares

27. Another subject cannot see an ongoing or pending update until it is complete
Disk Mirroring
Fire Detection
Site Policy
Isolation

28. Identification and notification of an unauthorized and/or undesired action
Critical Functions
Detection
Mantrap (Double Door System)
Service Bureau

29. A condition in which neither party is willing to stop their activity for the other to complete
Metadata
Deadlock
Basics Of Secure Design
Time Of Check/Time Of Use

30. A programming device use in development to circumvent controls
Trapdoors (Backdoors) (Maintenance Hooks)
Access Control Matrix
Data Owner
Tactical

31. Renders the record inaccessible to the database management system
Deadlock
Record Level Deletion
Remote Journaling
Internal Use Only

32. Code breaking - practice of defeating the protective properties of cryptography.
Network Attached Storage (NAS)
Cryptanalysis
Double Blind Testing
Noise

33. RADIUS - TACACS+ - Diameter
Mission-Critical Application
Noise
Marking
Centralized Access Control Technologies

34. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
Forward Recovery
Desk Check Test
HTTP Response Splitting
Separation Of Duties

35. Hiding the fact that communication has occurred
Business Interruption Insurance
Vulnerability
Steganography
TIFF (Tagged Image File Format)

36. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.
Civil Law
Residual Risk
War Dialing
Governance

37. A Trojan horse with the express underlying purpose of controlling host from a distance
Remote Access Trojan
Critical Infrastructure
Primary Storage
Running Key

38. Information that - if made public or even shared around the organization - could seriously impede the organization's operations
Open Mail Relay Servers
Civil Law
Electronic Vaulting
Highly Confidential

39. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.
Blackout
Burn
Source Routing Exploitation
Orange Book B1 Classification

40. Forgery of the sender's email address in an email header.
Reference Monitor
False (False Positive)
Remanence
E-Mail Spoofing

41. The managerial approval to operate a system based upon knowledge of risk to operate
Rogue Access Points
Accreditation
JPEG (Joint Photographic Experts Group)
Information Owner

42. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Infrastructure
Application Programming Interface
Analysis
Hub

43. Intellectual property protection for an invention
Patent
Sniffing
Spiral
Threats

44. The level and label given to an individual for the purpose of compartmentalization
Security Clearance
Information Owner
Checkpoint
Remanence

45. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.
Deadlock
Processes are Isolated By
Teardrop
Uninterruptible Power Supply (UPS)

46. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
Man-In-The-Middle Attack
IP Fragmentation
Qualitative
Proxies

47. The connection between a wireless and wired network.
Packet Filtering
Certification
Access Point
Threats

48. Evaluation of a system without prior knowledge by the tester
Primary Storage
Business Continuity Planning (BCP)
War Dialing
Blind Testing

49. A telephone exchange for a specific office or business.
Multi-Programming
Preemptive
IP Fragmentation
Private Branch Exchange (PBX)

50. Interception of a communication session by an attacker.
Covert Channel
Databases
Inference
Hijacking