Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)
Hub
Operational Impact Analysis
Fragmented Data
Exposure

2. Mediation of covert channels must be addressed
Aggregation
Shadowing (file shadowing)
Shift Cipher (Caesar)
Information Flow Model

3. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.
ITSEC
Fire Classes
Business Interruption Insurance
Object Oriented Programming (OOP)

4. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).
TCSEC (Orange Book)
Embedded
Algorithm
Hub

5. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc
Pervasive Computing and Mobile Computing Devices
Critical Infrastructure
Multi-Programming
Analysis

6. Weak evidence
Hearsay
Access Point
Education
Control

7. A signal suggesting a system has been or is being attacked.
Routers
Alert/Alarm
Inheritance
ITSEC

8. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.
Pointer
Sharing
Dictionary Attack
3 Types of harm Addressed in computer crime laws

9. Subjects will not interact with each other's objects
Non-Interference
Initialization Vector
Restoration
Data Marts

10. The level and label given to an individual for the purpose of compartmentalization
Patch Panels
Orange Book C2 Classification
Security Clearance
Data Backups

11. Potentially compromising leakage of electrical or acoustical signals.
Cross Training
Cold Site
Orange Book C Classification
Emanations

12. Maximum tolerance for loss of certain business function - basis of strategy
Recovery Time Objectives
ff Site
Orange Book B2 Classification
Common Law

13. Mediation of subject and object interactions
Encapsulation
Security Clearance
Honeypot
Access Control

14. An administrative unit or a group of objects and subjects controlled by one reference monitor
Technical Access Controls
Object
Analysis
Security Domain

15. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Satellite
JPEG (Joint Photographic Experts Group)
Parallel Test
Electronic Vaulting

16. Malware that makes many small changes over time to a single data point or system
Contact List
Test Plan
Alternate Data Streams (File System Forks)
Salami

17. A technology that reduces the size of a file.
Site Policy
Compression
Hot Site
Proprietary

18. Moving the alphabet intact a certain number spaces
Blackout
Shift Cipher (Caesar)
Injection
DR Or BC Coordinator

19. A layer 2 device that used to connect two or more network segments and regulate traffic.
Orange Book D Classification
Switches
Checksum
Process Isolation

20. Hiding the fact that communication has occurred
Control
Site Policy Awareness
Byte Level Deletion
Steganography

21. Abstract and mathematical in nature - defining all possible states - transitions and operations
State Machine Model
Incident Handling
Kernel
Burn

22. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Elements of Negligence
Examples of technical security components
Phishing
Surge Suppressor

23. The core of a computer that calculates
Interpreter
Custodian
Fragmented Data
Central Processing Unit (CPU)

24. Intellectual property protection for an confidential and critical process
ff Site
Contingency Plan
Processes are Isolated By
Trade Secret

25. Measures followed to restore critical functions following a security incident.
Archival Data
High-Risk Areas
Recovery
Hub

26. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs
Need-To-Know
Application Programming Interface
Plan Maintenance Procedures
Backup

27. The core logic engine of an operating system which almost never changes
Procedure
Kernel
Public Key Infrastructure (PKI)
Deletion

28. Memory management technique that allows two processes to run concurrently without interaction
Protection
Data Dictionary
Kernel
Multilevel Security System

29. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.
Race Condition
Hard Disk
Data Owner
False (False Positive)

30. A unit of execution
War Driving
Threads
Polyalphabetic
Incident Manager

31. A subnetwork with storage devices servicing all servers on the attached network.
Honeypot
Storage Area Network (SAN)
Primary Storage
Algorithm

32. A distributed system's transaction control that requires updates to complete or rollback
Capability Tables
Malformed Input
2-Phase Commit
Non-Repudiation

33. Natural or human-readable form of message
Uninterruptible Power Supply (UPS)
ITSEC
Plain Text
Remote Access Trojan

34. A group or network of honeypots
Honeynet
ISO/IEC 27002
Consistency
Job Rotation

35. A control before attack
Permutation /Transposition
Safeguard
Information Risk Management (IRM)
Picking

36. The one person responsible for data - its classification and control setting
Reference Monitor
Waterfall
Information Owner
Record Level Deletion

37. Mitigation of system or component loss or interruption through use of backup capability.
Job Rotation
Polyalphabetic
Fault Tolerance
Emergency Procedures

38. A process state - to be either be unable to run waiting for an external event or terminated
Redundant Array Of Independent Drives (RAID)
Discretionary Access Control (DAC)
Accurate
Stopped

39. Subject based description of a system or a collection of resources
ISO/IEC 27001
Capability Tables
Life Cycle of Evidence
Database Replication

40. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware
Cross-Site Scripting
Administrative Law
Administrative Laws
Brute Force

41. Controls for termination of attempt to access object
Trade Secret
Intrusion Prevention Systems
Alternate Site
Digital Certificate

42. Recovery alternative - everything needed for the business function - except people and last backup
Redundant Array Of Independent Drives (RAID)
Firewalls
TEMPEST
Hot Site

43. All of the protection mechanism in a computer system
Security Blueprint
Database Shadowing
Trusted Computing Base
Contingency Plan

44. Planning with a goal of returning to the normal business function
Certification Authority
Restoration
Polyalphabetic
Centralized Access Control Technologies

45. Consume resources to a point of exhaustion - loss of availability
Electronic Vaulting
Recovery
Criminal Law
Denial Of Service

46. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.
Generator
Eavesdropping
Data Leakage
Slack Space

47. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.
Checklist Test (desk check)
Buffer Overflow
Teardrop
Declaration

48. A planned or unplanned interruption in system availability.
Basics Of Secure Design
Machine Language (Machine Code)
Trojan Horse
System Downtime

49. Individuals and departments responsible for the storage and safeguarding of computerized data.
Activation
Data Custodian
Near Site
Cross Certification

50. A layer 3 device that used to connect two or more network segments and regulate traffic.
Multi-Processor
Mobile Site
Metadata
Routers