Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Can be statistical (monitor behavior) or signature based (watch for known attacks)






2. A type a computer memory that temporarily stores frequently used information for quick access.






3. Control category- to restore to a previous state by removing the adversary and or the results of their actions






4. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.






5. Eavesdropping on network communications by a third party.






6. Calculation encompassing threats - vulnerabilities and assets






7. More than one CPU on a single board






8. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.






9. Eavesdropping on network communications by a third party.






10. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.






11. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






12. Deals with discretionary protection






13. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






14. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






15. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials






16. Disruption of operation of an electronic device due to a competing electromagnetic field.






17. Vehicle stopping object






18. Communicate to stakeholders






19. Unsolicited commercial email






20. Requirement of access to data for a clearly defined purpose






21. A passive network attack involving monitoring of traffic.






22. Transaction controls for a database - a return to a previous state






23. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






24. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.






25. Asymmetric encryption of a hash of message






26. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






27. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






28. Intellectual property protection for an confidential and critical process






29. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






30. More than one processor sharing same memory - also know as parallel systems






31. What is will remain - persistence






32. Mitigate damage by isolating compromised systems from the network.






33. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






34. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys






35. A backup type which creates a complete copy






36. Evaluation of a system without prior knowledge by the tester






37. A one way - directed graph which indicates confidentiality or integrity flow






38. A test conducted on one or more components of a plan under actual operating conditions.






39. More than one process in the middle of executing at a time






40. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






41. Weakness or flaw in an asset






42. Reduces causes of fire






43. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






44. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






45. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.






46. Intermediate level - pertaining to planning






47. Guidelines within an organization that control the rules and configurations of an IDS






48. Someone who wants to cause harm






49. One entity with two competing allegiances






50. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests