Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A Denial of Service attack that floods the target system with connection requests that are not finalized.






2. A basic level of network access control that is based upon information contained in the IP packet header.






3. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.






4. A legal enforceable agreement between: two people - two organizations - a person and an organization.






5. An attack that breaks up malicious code into fragments - in an attempt to elude detection.






6. Define the way in which the organization operates.






7. Event(s) that cause harm






8. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.






9. A layer 2 device that used to connect two or more network segments and regulate traffic.






10. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






11. Sphere of influence






12. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.






13. The core logic engine of an operating system which almost never changes






14. A distributed system's transaction control that requires updates to complete or rollback






15. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.






16. High degree of visual control






17. Return to a normal state






18. Requirement to take time off






19. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






20. A backup type - for databases at a point in time






21. Momentary loss of power






22. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated






23. To jump to a conclusion






24. Long term knowledge building






25. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






26. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






27. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.






28. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing






29. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






30. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






31. Moving the alphabet intact a certain number spaces






32. Prolonged loss of commercial power






33. Autonomous malware that requires a flaw in a service






34. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






35. A template for the designing the architecture






36. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






37. To know more than one job






38. A unit of execution






39. Regular operations are stopped and where processing is moved to the alternate site.






40. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






41. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).






42. All of the protection mechanism in a computer system






43. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






44. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.






45. A process state - to be either be unable to run waiting for an external event or terminated






46. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






47. A documented battle plan for coordinating response to incidents.






48. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






49. Intellectual property protection for an confidential and critical process






50. Can be statistical (monitor behavior) or signature based (watch for known attacks)