Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements
Database Replication
TNI (Red Book)
Method
Restoration

2. A group or network of honeypots
Honeynet
Mixed Law System
Strategic
Firewalls

3. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.
Prevention
Business Continuity Planning (BCP)
Bit
Centralized Access Control Technologies

4. A control after attack
Education
Countermeasure
Workaround Procedures
Locard's Principle

5. To jump to a conclusion
Inference
SYN Flooding
Reference Monitor
Due Diligence

6. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.
Reciprocal Agreement
Plaintext
Accreditation
Call Tree

7. A choice in risk management - to implement a control that limits or lessens negative effects
Proxies
Mitigate
Orange Book A Classification
Disaster Recovery Teams (Business Recovery Teams)

8. A design methodology which executes in a linear one way fashion
Waterfall
Incident Response Team
Modification
SQL Injection

9. Act of scrambling the cleartext message by using a key.
Encipher
Open Mail Relay Servers
Content Dependent Access Control
Mirrored Site

10. Recovery alternative which outsources a business function at a cost
Service Bureau
Switches
Overlapping Fragment Attack
Mitigate

11. Intellectual property protection for the expression of an idea
Notification
Copyright
Overlapping Fragment Attack
DR Or BC Coordinator

12. A telephone exchange for a specific office or business.
System Downtime
Private Branch Exchange (PBX)
Bollard
Integrated Test

13. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.
Distributed Denial Of Service
Brute Force
Contingency Plan
Legacy Data

14. Recognition of an individual's assertion of identity.
Residual Data
Eavesdropping
Identification
Sag/Dip

15. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)
Patch Panels
Contingency Plan
Assembler
Spyware

16. Identification and notification of an unauthorized and/or undesired action
Detection
Business Records
Due Care
Machine Language (Machine Code)

17. Sudden rise in voltage in the power supply.
Plan Maintenance Procedures
Capability Tables
IDS Intrusion Detection System
Surge

18. To create a copy of data as a precaution against the loss or damage of the original data.
Orange Book A Classification
Eavesdropping
Data Marts
Backup

19. Location to perform the business function
Alternate Site
Quantitative
Locard's Principle
Activation

20. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Deadlock
Reciprocal Agreement
Certification
Examples of non-technical security components

21. Joining two pieces of text
Fire Classes
Legacy Data
False Attack Stimulus
Concatenation

22. Act of luring an intruder and is legal.
Authentic
TIFF (Tagged Image File Format)
Phishing
Enticement

23. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal
Symmetric
Key Escrow
Hard Disk
System Life Cycle

24. Forgery of the sender's email address in an email header.
Information Owner
Lattice
E-Mail Spoofing
Plain Text

25. A temporary public file to inform others of a compromised digital certificate
Reference Monitor
Certificate Revocation List (CRL)
Man-In-The-Middle Attack
Fraggle

26. The first rating that requires security labels
Orange Book B1 Classification
Quantitative
Data Dictionary
Modification

27. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Framework
Object Reuse
Analysis
Guidelines

28. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.
Business Interruption
Monitor
Side Channel Attack
Countermeasure

29. Malware that makes many small changes over time to a single data point or system
Alternate Site
Salami
Data Dictionary
Intrusion Prevention Systems

30. To move from location to location - keeping the same function
Dictionary Attack
Job Rotation
Archival Data
Business Continuity Planning (BCP)

31. Moving letters around
Permutation /Transposition
Failure Modes and Effect Analysis (FEMA)
Tapping
Isolation

32. A subnetwork with storage devices servicing all servers on the attached network.
Information Owner
File
Storage Area Network (SAN)
Disaster Recovery Tape

33. Pertaining to law - lending it self to one side of an argument
Capability Tables
Shielding
Authentication
Convincing

34. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
3 Types of harm Addressed in computer crime laws
Risk Mitigation
Chain of Custody
Warm Site

35. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements
Exercise
Common Criteria
Security Clearance
Running Key

36. A template for the designing the architecture
Modification
Containment
Security Blueprint
Dangling Pointer

37. Creation distribution update and deletion
Degauss
Codec
Key Management
Code

38. An image compression standard for photographs
Remote Journaling
Risk Assessment
Dangling Pointer
JPEG (Joint Photographic Experts Group)

39. One way encryption
Security Domain
Hash Function
Steganography
Disaster Recovery Plan

40. Organized group of compromised computers
Botnet
Contingency Plan
Firmware
Fire Prevention

41. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.
Business Continuity Steering Committee
Territoriality
Access Point
Site Policy

42. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Interpreter
Threats
Archival Data
Declaration

43. State of computer - to be running a process
Containment
Operating
Isolation
Ring Protection

44. Two certificate authorities that trust each other
Access Control Lists
Threads
Cross Certification
Electronic Vaulting

45. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
Twisted Pair
Confidence Value
Locard's Principle
Processes are Isolated By

46. The guardian of asset(s) - a maintenance activity
Surveillance
Plain Text
Custodian
Hard Disk

47. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.
Data Warehouse
Side Channel Attack
Disk Mirroring
Alarm Filtering

48. Power surge
Secondary Storage
Relocation
Keystroke Logging
Electrostatic Discharge

49. A form of data hiding which protects running threads of execution from using each other's memory
Process Isolation
Workaround Procedures
Sampling
Logic Bomb

50. Control category- to discourage an adversary from attempting to access
TIFF (Tagged Image File Format)
Deterrent
Wireless Fidelity (Wi-Fi )
Decipher