Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Pertaining to law - lending it self to one side of an argument
Convincing
Fraggle
5 Rules Of Evidence
Discretionary

2. Abstract and mathematical in nature - defining all possible states - transitions and operations
File Extension
Residual Risk
State Machine Model
Incident Handling

3. Third party processes used to organize the implementation of an architecture
Trusted Computing Base
Framework
High-Risk Areas
Executive Succession

4. Communication of a security incident to stakeholders and data owners.
Notification
Security Kernel
Source Routing Exploitation
Mobile Site

5. Redundant component that provides failover capability in the event of failure or interruption of a primary component.
Eavesdropping
Hot Spares
Governance
Fire Suppression

6. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.
Threats
Metadata
Data Diddler
Quantitative Risk Analysis

7. Hardware or software that is part of a larger system
Incident Response Team
Embedded
Slack Space
Honeypot

8. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.
Overlapping Fragment Attack
IP Fragmentation
Satellite
Accreditation

9. To reduce fire
Fire Suppression
Hash Function
Information Flow Model
Qualitative

10. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
Source Routing Exploitation
Keystroke Logging
Mirroring
Identification

11. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Surge
War Dialing
Cryptography
Standalone Test

12. An asymmetric cryptography mechanism that provides authentication.
Recovery Period
Certificate Revocation List (CRL)
Distributed Processing
Digital Signature

13. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.
Territoriality
Certification
Fiber Optics
Off-Site Storage

14. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
Detection
ISO/IEC 27002
Man-In-The-Middle Attack
Data Owner

15. Recovery alternative - short-term - high cost movable processing location
Mobile Site
Gateway
Recovery Time Objectives
Identification

16. Responsibility of a user for the actions taken by their account which requires unique identification
Eavesdropping
Remote Journaling
Accountability
Control Category

17. Two different keys decrypt the same cipher text
Substitution
Attacker (Black hat - Hacker)
Key Clustering
Call Tree

18. Most granular organization of controls
Control Category
Running Key
Site Policy
Cryptology

19. A basic level of network access control that is based upon information contained in the IP packet header.
Deadlock
Packet Filtering
Salami
Bit

20. Natural or human-readable form of message
Plain Text
Cross Certification
Monitor
Incident Response

21. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management
Primary Storage
Modification
Business Impact Analysis
Territoriality

22. Something that happened
Incident Handling
Event
Embedded Systems
Strong Authentication

23. A backup of data located where staff can gain access immediately
Covert Channel
Countermeasure
On-Site
Proxies

24. Inference about encrypted communications
Side Channel Attack
Event
TEMPEST
Due Diligence

25. Unsolicited advertising software
Critical Records
Elements of Negligence
Adware
Data Warehouse

26. Try a list of words in passwords or encryption keys
Object Reuse
Orange Book B1 Classification
Cache
Dictionary Attack

27. Alerts personnel to the presence of a fire
BCP Testing Drills and Exercises
Cold Site
Denial Of Service
Fire Detection

28. An image compression standard for photographs
Structured Walkthrough
One Time Pad
Examples of technical security components
JPEG (Joint Photographic Experts Group)

29. Mitigate damage by isolating compromised systems from the network.
Containment
Safeguard
War Driving
Enticement

30. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.
Disk Mirroring
Remote Journaling
Risk Assessment / Analysis
Compensating

31. Eight bits.
Encipher
Remote Access Trojan
Byte
Civil Law

32. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions
Administrative Access Controls
Restoration
Orange Book D Classification
Workaround Procedures

33. The chance that something negative will occur
Risk
Symmetric
Trade Secret
Reciprocal Agreement

34. Subjects will not interact with each other's objects
Deletion
Instance
Non-Interference
Event

35. To create a copy of data as a precaution against the loss or damage of the original data.
Sequence Attacks
Backup
Technical Access Controls
Running

36. Calculation encompassing threats - vulnerabilities and assets
Examples of technical security components
Buffer Overflow
Total Risk
Failure Modes and Effect Analysis (FEMA)

37. A electronic attestation of identity by a certificate authority
Machine Language (Machine Code)
Polyalphabetic
Preemptive
Digital Certificate

38. The problems solving state - the opposite of supervisor mode
Authentication
User Mode (problem or program state)
Detective
Collisions

39. A design methodology which executes in a linear one way fashion
Content Dependent Access Control
Tort
Fire Suppression
Waterfall

40. A database that contains the name - type - range of values - source and authorization for access for each data element
Fraggle
Detection
Data Dictionary
Cryptovariable

41. Recovery alternative - complete duplication of services including personnel
Separation Of Duties
Network Attached Storage (NAS)
Certification Authority
Mirrored Site

42. Ertaining to a number system that has just two unique digits.
Checklist Test (desk check)
Binary
Multiplexers
MOM

43. The core of a computer that calculates
Object Reuse
Multiplexers
Exposure
Central Processing Unit (CPU)

44. A race condition where the security changes during the object's access
Time Of Check/Time Of Use
Bridge
Sag/Dip
The ACID Test

45. Specific format of technical and physical controls that support the chosen framework and the architecture
Primary Storage
Network Attached Storage (NAS)
Infrastructure
Instance

46. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Key Space
Business Continuity Planning (BCP)
Labeling
Inrush Current

47. Data or interference that can trigger a false positive
Data Owner
Data Backup Strategies
Noise
Storage Area Network (SAN)

48. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.
Critical Infrastructure
Identification
Business Recovery Timeline
Data Diddler

49. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability
Service Bureau
The ACID Test
Embedded Systems
Storage Area Network (SAN)

50. Pertaining to law - verified as real
Interpreter
Authentic
Key Escrow
Remanence