Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The event signaling an IDS to produce an alarm when no attack has taken place






2. Intellectual property protection for an invention






3. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).






4. An attack that breaks up malicious code into fragments - in an attempt to elude detection.






5. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.






6. To assert or claim credentialing to an authentication system






7. A description of a database






8. To jump to a conclusion






9. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.






10. Small data files written to a user's hard drive by a web server.






11. To stop damage from spreading






12. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.






13. OOP concept of an object's abilities - what it does






14. A one way - directed graph which indicates confidentiality or integrity flow






15. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






16. An administrative unit or a group of objects and subjects controlled by one reference monitor






17. Encryption system using a pair of mathematically related unequal keys






18. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






19. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






20. A unit of execution






21. Small data warehouse






22. Real-time data backup ( Data Mirroring)






23. Pertaining to law - high degree of veracity






24. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






25. To know more than one job






26. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






27. OOP concept of a class's details to be hidden from object






28. Act of luring an intruder and is legal.






29. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.






30. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.






31. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities






32. Physical description on the exterior of an object that communicates the existence of a label






33. A hash that has been further encrypted with a symmetric algorithm






34. A backup type which creates a complete copy






35. Unsolicited advertising software






36. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.






37. Employment education done once per position or at significant change of function






38. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






39. Written step-by-step actions






40. Just enough access to do the job






41. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






42. Fault tolerance for power






43. Subset of operating systems components dedicated to protection mechanisms






44. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.






45. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements






46. A set of laws that the organization agrees to be bound by






47. A world-wide wireless technology






48. Measures followed to restore critical functions following a security incident.






49. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






50. Intellectual property management technique for identifying after distribution