Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Recovery alternative which includes cold site and some equipment and infrastructure is available






2. Unused storage capacity






3. A program that waits for a condition or time to occur that executes an inappropriate activity






4. Just enough access to do the job






5. A collection of data or information that has a name






6. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm






7. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






8. Controls deployed to avert unauthorized and/or undesired actions.






9. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






10. Control category- to record an adversary's actions






11. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals






12. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






13. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.






14. Threats x Vulnerability x Asset Value = Total Risk






15. Object based description of a system or a collection of resources






16. Information about data or records






17. Granular decision by a system of permitting or denying access to a particular resource on the system






18. Recovery alternative which outsources a business function at a cost






19. Asymmetric encryption of a hash of message






20. Standard for the establishment - implementation - control - and improvement of the Information Security Management System






21. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






22. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






23. A disturbance that degrades performance of electronic devices and electronic communications.






24. An encryption method that has a key as long as the message






25. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






26. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.






27. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






28. Scrambled form of the message or data






29. Initial surge of current






30. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






31. A form of data hiding which protects running threads of execution from using each other's memory






32. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks






33. Claiming another's identity at a physical level






34. Lower frequency noise






35. A choice in risk management - to implement a control that limits or lessens negative effects






36. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements






37. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






38. Total number of keys available that may be selected by the user of a cryptosystem






39. Natural or human-readable form of message






40. Owner directed mediation of access






41. An attack that breaks up malicious code into fragments - in an attempt to elude detection.






42. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






43. High degree of visual control






44. Measures followed to restore critical functions following a security incident.






45. Control category - more than one control on a single asset






46. To jump to a conclusion






47. Eavesdropping on network communications by a third party.






48. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






49. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






50. Reduction of voltage by the utility company for a prolonged period of time






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests