Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






2. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.






3. Inappropriate data






4. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






5. Memory management technique which allows subjects to use the same resource






6. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






7. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






8. More than one CPU on a single board






9. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






10. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.






11. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






12. To smooth out reductions or increases in power






13. A program with an inappropriate second purpose






14. Amount of time for restoring a business process or function to normal operations without major loss






15. Impossibility of denying authenticity and identity






16. Object reuse protection and auditing






17. A device that sequentially switches multiple analog inputs to the output.






18. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






19. Individuals and departments responsible for the storage and safeguarding of computerized data.






20. Measures followed to restore critical functions following a security incident.






21. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






22. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated






23. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs






24. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.






25. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






26. Renders the file inaccessible to the operating system - available to reuse for data storage.






27. Two different keys decrypt the same cipher text






28. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination






29. A planned or unplanned interruption in system availability.






30. OOP concept of a taking attributes from the original or parent






31. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.






32. To set the clearance of a subject or the classification of an object






33. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






34. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.






35. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.






36. Deals with discretionary protection






37. Organized group of compromised computers






38. Intellectual property protection for an confidential and critical process






39. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.






40. For PKI - to have more than one person in charge of a sensitive function






41. Written step-by-step actions






42. System directed mediation of access with labels






43. Owner directed mediation of access






44. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






45. Firewalls - encryption - and access control lists






46. Location where coordination and execution of BCP or DRP is directed






47. Provides a physical cross connect point for devices.






48. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.






49. Those who initiate the attack






50. A layer 2 device that used to connect two network segments and regulate traffic.