Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.






2. Program that inappropriately collects private data or activity






3. Data or interference that can trigger a false positive






4. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks






5. Malware that subverts the detective controls of an operating system






6. To segregate for the purposes of labeling






7. Inference about encrypted communications






8. Induces a crime - tricks a person - and is illegal






9. Inappropriate data






10. One entity with two competing allegiances






11. Abstract and mathematical in nature - defining all possible states - transitions and operations






12. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






13. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






14. A template for the designing the architecture






15. Hardware or software that is part of a larger system






16. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.






17. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






18. Using many alphabets






19. Ertaining to a number system that has just two unique digits.






20. A mathematical tool for verifying no unintentional changes have been made






21. Process of statistically testing a data set for the likelihood of relevant information.






22. Hitting a filed down key in a lock with a hammer to open without real key






23. Recognition of an individual's assertion of identity.






24. A state for operating system tasks only






25. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






26. Low level - pertaining to planning






27. Recording the Who What When Where How of evidence






28. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






29. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.






30. Intellectual property management technique for identifying after distribution






31. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






32. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive






33. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






34. Converts source code to an executable






35. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.






36. Reprogrammable basic startup instructions






37. A type of attack involving attempted insertion - deletion or altering of data.






38. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.






39. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






40. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






41. Regular operations are stopped and where processing is moved to the alternate site.






42. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






43. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






44. Small data warehouse






45. High degree of visual control






46. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.






47. The hard drive






48. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.






49. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.






50. The property that data meet with a priority expectation of quality and that the data can be relied upon.