Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Less granular organization of controls -
Accurate
Control Type
Mobile Site
Disaster Recovery Teams (Business Recovery Teams)

2. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
Cache
Recovery Point Objective (RPO)
Basics Of Secure Design
Tar Pits

3. Abstract and mathematical in nature - defining all possible states - transitions and operations
Marking
State Machine Model
Plain Text
Alert/Alarm

4. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.
Elements of Negligence
Honeypot
Information Technology Security Evaluation Criteria - ITSEC
Preemptive

5. A computer designed for the purpose of studying adversaries
Access Control
Honeypot
Patch Management
Spam

6. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
Architecture
Disaster Recovery Plan
Mission-Critical Application
Embedded

7. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing
Technical Access Controls
Multi-Tasking
Standard
Fragmented Data

8. Lower frequency noise
Locard's Principle
Copyright
Metadata
Radio Frequency Interference (RFI)

9. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.
User Mode (problem or program state)
Fiber Optics
Worm
Quantitative

10. A device that sequentially switches multiple analog inputs to the output.
Security Kernel
Fault Tolerance
Multiplexers
Phishing

11. Property that data is represented in the same manner at all times
Cross Training
Plan Maintenance Procedures
Consistency
Repeaters

12. Sudden rise in voltage in the power supply.
Firmware
Phishing
Side Channel Attack
Surge

13. An individuals conduct that violates government laws developed to protect the public
Man-In-The-Middle Attack
TNI (Red Book)
Territoriality
Criminal Law

14. Code making
Cryptography
Resumption
Ethics
Checklist Test

15. A hash that has been further encrypted with a symmetric algorithm
Tort
Policy
Patch Panels
Keyed-Hashing For Message Authentication

16. Final purpose or result
Blind Testing
Payload
Monitor
Full Test (Full Interruption)

17. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Rootkit
Business Impact Assessment (BIA)
Incident Handling
Encryption

18. Controls deployed to avert unauthorized and/or undesired actions.
Guidelines
Prevention
Recovery
Chain Of Custody

19. A choice in risk management - to convince another to assume risk - typically by payment
Microwave
Transfer
Honeynet
Business Recovery Timeline

20. An attack that breaks up malicious code into fragments - in an attempt to elude detection.
Central Processing Unit (CPU)
IP Fragmentation
Business Continuity Steering Committee
TEMPEST

21. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
Territoriality
SQL Injection
Cryptology
Degauss

22. Intellectual property protection for an confidential and critical process
Multi-Core
Trade Secret
Non-Interference
State Machine Model

23. A one way - directed graph which indicates confidentiality or integrity flow
Fault
Keystroke Logging
Administrative
Lattice

24. Most granular organization of controls
Remote Journaling
Checklist Test (desk check)
Fault
Control Category

25. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.
Layering
Evidence
Slack Space
One Time Pad

26. Moving letters around
Cookie
Mixed Law System
CPU Cache
Permutation /Transposition

27. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
Tort
Mirroring
Critical Infrastructure
Desk Check Test

28. A control after attack
Brute Force
Orange Book D Classification
Evidence
Countermeasure

29. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.
Internal Use Only
Classification
Lattice
File Server

30. To start business continuity processes
Activation
Hijacking
Data Backup Strategies
Lattice

31. Memory - RAM
Emergency Operations Center (EOC)
Primary Storage
Tapping
Executive Succession

32. Mitigate damage by isolating compromised systems from the network.
Containment
Procedure
Spiral
Forward Recovery

33. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Log
Surveillance
Standalone Test
Emergency

34. A trusted issuer of digital certificates
Information Risk Management (IRM)
Certification Authority
Physical Tampering
Durability

35. A back up type - where the organization has excess capacity in another location.
Vulnerability
Distributed Processing
Inheritance
Recovery Period

36. To load the first piece of software that starts a computer.
Domain
Boot (V.)
Analysis
Structured Walk-Through Test

37. Converts source code to an executable
Compiler
Electronic Vaulting
Mobile Site
Entrapment

38. Information about a particular data set
Compression
Mandatory
Metadata
Process Isolation

39. Written suggestions that direct choice to a few alternatives
Memory Management
Firewall
High-Risk Areas
Guidelines

40. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Checklist Test
Dangling Pointer
Common Criteria
Access Point

41. Record of system activity - which provides for monitoring and detection.
Access Control Lists
Log
Preemptive
Job Rotation

42. Renders the file inaccessible to the operating system - available to reuse for data storage.
Recovery
Examples of non-technical security components
Policy
File Level Deletion

43. Specific format of technical and physical controls that support the chosen framework and the architecture
Infrastructure
Data Integrity
Remote Journaling
Security Domain

44. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.
IDS Intrusion Detection System
Buffer Overflow
Embedded Systems
Electrostatic Discharge

45. Hiding the fact that communication has occurred
Mobile Recovery
Steganography
Common Criteria
Need-To-Know

46. Reduction of voltage by the utility company for a prolonged period of time
Brownout
Risk Mitigation
Secondary Storage
Accurate

47. A description of a database
Object
Mission-Critical Application
Alternate Data Streams (File System Forks)
Data Dictionary

48. The study of cryptography and cryptanalysis
Cryptology
Proxies
Spyware
Trade Secret

49. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?
Databases
Crisis
Checklist Test (desk check)
System Downtime

50. OOP concept of an object at runtime
Stopped
Critical Infrastructure
Instance
Application Programming Interface