Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Alarm Filtering
Copyright
Data Integrity
Fault

2. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.
Orange Book B2 Classification
Data Dictionary
Restoration
False (False Positive)

3. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.
Atomicity
Assembler
Packet Filtering
Business Recovery Team

4. A template for the designing the architecture
JPEG (Joint Photographic Experts Group)
Monitor
Security Blueprint
Source Routing Exploitation

5. Object based description of a single resource and the permission each subject
Access Control Lists
Microwave
Cryptanalysis
Detection

6. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.
Custodian
Activation
Internal Use Only
Moore's Law

7. A BCP testing type - a test that answers the question: Can the organization replicate the business process?
Simulation
Key Clustering
Warm Site
Common Law

8. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
Targeted Testing
Notification
Memory Management
Triage

9. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.
Criminal Law
Standalone Test
Data Leakage
Checklist Test (desk check)

10. Long term knowledge building
Multi-Party Control
Blackout
Education
False (False Positive)

11. To assert or claim credentialing to an authentication system
Transfer
Copyright
Data Owner
Identification

12. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Initialization Vector
Enticement
One Time Pad
2-Phase Commit

13. Someone who want to know how something works - typically by taking it apart
Site Policy
Sequence Attacks
Strong Authentication
Hacker

14. Unsolicited commercial email
5 Rules Of Evidence
Cross Training
Spam
Operational

15. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data
Critical Functions
Embedded
Byte Level Deletion
Isolation

16. Unchecked data which spills into another location in memory
Processes are Isolated By
Buffer Overflow
Code
Cryptography

17. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Electronic Vaulting
Marking
Wait
Smurf

18. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
Cross Certification
Data Diddler
Highly Confidential
3 Types of harm Addressed in computer crime laws

19. Control category - more than one control on a single asset
Compensating
Steganography
Binary
Secondary Storage

20. Control category- to give instructions or inform
Directive
Job Training
Recovery Period
Inrush Current

21. Mathematical function that determines the cryptographic operations
Non-Interference
Activation
Data Hiding
Algorithm

22. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
System Life Cycle
Investigation
Cookie
Business Interruption

23. Recognition of an individual's assertion of identity.
Recovery Strategy
Identification
Log
Spyware

24. Intellectual property protection for an confidential and critical process
Trade Secret
Mixed Law System
Journaling
Off-Site Storage

25. A shield against leakage of electromagnetic signals.
ff Site
Entrapment
Faraday Cage/ Shield
Steganography

26. Program that inappropriately collects private data or activity
Spyware
Protection
Control Type
Damage Assessment

27. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
Information Owner
ff Site
Incident Handling
Disaster Recovery Plan

28. Unauthorized access of network devices.
Physical Tampering
Security Domain
Remanence
System Downtime

29. OOP concept of an object's abilities - what it does
Kernel
Business Impact Assessment (BIA)
State Machine Model
Method

30. A computer designed for the purpose of studying adversaries
Asymmetric
Sag/Dip
Honeypot
Quantitative

31. A structured group of teams ready to take control of the recovery operations if a disaster should occur.
Job Rotation
Birthday Attack
Data Dictionary
Disaster Recovery Teams (Business Recovery Teams)

32. Employment education done once per position or at significant change of function
Logic Bomb
Race Condition
Vulnerability
Job Training

33. To collect many small pieces of data
Plaintext
Sequence Attacks
Restoration
Aggregation

34. Vehicle stopping object
Bollard
Emanations
Substitution
Desk Check Test

35. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination
Man-In-The-Middle Attack
Business Continuity Steering Committee
Key Escrow
User

36. An image compression standard for photographs
JPEG (Joint Photographic Experts Group)
SQL Injection
Attacker (Black hat - Hacker)
Virtual Memory

37. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Framework
Tort
Routers
Application Programming Interface

38. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor
Coaxial Cable
Compiler
Multi-Core
Smurf

39. Interception of a communication session by an attacker.
Hijacking
Recovery Point Objective (RPO)
Honeynet
File Shadowing

40. Object reuse protection and auditing
Boot (V.)
Database Shadowing
Orange Book C2 Classification
Remote Access Trojan

41. Malware that makes small random changes to many data points
Access Control Attacks
Risk Assessment
Data Diddler
Control

42. May be responsible for overall recovery of an organization or unit(s).
Job Training
DR Or BC Coordinator
Simulation
Business Continuity Planning (BCP)

43. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.
Fiber Optics
File Server
Attacker (Black hat - Hacker)
Business Unit Recovery

44. Regular operations are stopped and where processing is moved to the alternate site.
Aggregation
Proprietary
Full-Interruption test
Computer System Evidence

45. A test conducted on one or more components of a plan under actual operating conditions.
Operational Test
Key Escrow
Supervisor Mode (monitor - system - privileged)
Modification

46. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress
Race Condition
Active Data
Warm Site
True Attack Stimulus

47. A device that sequentially switches multiple analog inputs to the output.
Generator
Multiplexers
Gateway
Detection

48. A copy of transaction data - designed for querying and reporting
Data Warehouse
Cryptography
Distributed Processing
Convincing

49. Eavesdropping on network communications by a third party.
Tapping
Residual Data
Payload
Denial Of Service

50. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Boot (V.)
Hot Spares
Cryptology
Least Privilege