Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Unsolicited commercial email






2. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






3. Subset of operating systems components dedicated to protection mechanisms






4. A condition in which neither party is willing to stop their activity for the other to complete






5. Intellectual property protection for marketing efforts






6. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






7. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






8. High frequency noise






9. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






10. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






11. Information that - if made public or even shared around the organization - could seriously impede the organization's operations






12. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






13. Responsibility for actions






14. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






15. Disruption of operation of an electronic device due to a competing electromagnetic field.






16. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






17. An unintended communication path






18. Unchecked data which spills into another location in memory






19. A type a computer memory that temporarily stores frequently used information for quick access.






20. With enough computing power trying all possible combinations






21. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






22. Evidence must be: admissible - authentic - complete - accurate - and convincing






23. Using many alphabets






24. Code breaking - practice of defeating the protective properties of cryptography.






25. Subject based description of a system or a collection of resources






26. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.






27. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives






28. Act of luring an intruder and is legal.






29. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.






30. Requirement of access to data for a clearly defined purpose






31. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.






32. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






33. A risk assessment method - measurable real money cost






34. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






35. Control category- to give instructions or inform






36. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.






37. Scrambled form of the message or data






38. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






39. Abstract and mathematical in nature - defining all possible states - transitions and operations






40. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.






41. Forgery of the sender's email address in an email header.






42. Encryption system using shared key/private key/single key/secret key






43. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor






44. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.






45. A type of multitasking that allows for more even distribution of computing time among competing request






46. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






47. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






48. Less granular organization of controls -






49. Unauthorized access of network devices.






50. Quantity of risk remaining after a control is applied