Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Potentially retrievable data residue that remains following intended erasure of data.






2. Indivisible - data field must contain only one value that either all transactions take place or none do






3. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






4. A state for operating system tasks only






5. What is will remain - persistence






6. High frequency noise






7. Act of luring an intruder and is legal.






8. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






9. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.






10. A copy of transaction data - designed for querying and reporting






11. Outputs within a given function are the same result






12. Long term knowledge building






13. The partial or full duplication of data from a source database to one or more destination databases.






14. A structured group of teams ready to take control of the recovery operations if a disaster should occur.






15. An availability attack - to consume resources to the point of exhaustion from multiple vectors






16. Third party processes used to organize the implementation of an architecture






17. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






18. Converts source code to an executable






19. System mediation of access with the focus on the context of the request






20. Controls for termination of attempt to access object






21. A collection of data or information that has a name






22. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






23. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.






24. The one person responsible for data - its classification and control setting






25. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






26. High degree of visual control






27. Line noise that is superimposed on the supply circuit.






28. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






29. Subject based description of a system or a collection of resources






30. Recognition of an individual's assertion of identity.






31. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






32. OOP concept of a distinct copy of the class






33. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






34. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






35. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.






36. Calculation encompassing threats - vulnerabilities and assets






37. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






38. The principles a person sets for themselves to follow






39. Subjects will not interact with each other's objects






40. A backup of data located where staff can gain access immediately






41. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






42. Recovery alternative - short-term - high cost movable processing location






43. For PKI - decertify an entities certificate






44. Fault tolerance for power






45. Eavesdropping on network communications by a third party.






46. System of law based upon what is good for society






47. Line by line translation from a high level language to machine code






48. A basic level of network access control that is based upon information contained in the IP packet header.






49. Mitigation of system or component loss or interruption through use of backup capability.






50. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)