Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






2. Pertaining to law - no omissions






3. A telephone exchange for a specific office or business.






4. A program that waits for a condition or time to occur that executes an inappropriate activity






5. High level - pertaining to planning






6. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






7. Object reuse protection and auditing






8. Identification and notification of an unauthorized and/or undesired action






9. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






10. A control before attack






11. A database that contains the name - type - range of values - source and authorization for access for each data element






12. High degree of visual control






13. To move from location to location - keeping the same function






14. Narrow scope examination of a system






15. A secure connection to another network.






16. Controls deployed to avert unauthorized and/or undesired actions.






17. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






18. An individuals conduct that violates government laws developed to protect the public






19. A technology that reduces the size of a file.






20. Recording the Who What When Where How of evidence






21. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."






22. A device that provides the functions of both a bridge and a router.






23. Inappropriate data






24. Policy or stated actions






25. Control category- to record an adversary's actions






26. Pertaining to law - high degree of veracity






27. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.






28. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.






29. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






30. Descrambling the encrypted message with the corresponding key






31. Mediation of subject and object interactions






32. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm






33. A disturbance that degrades performance of electronic devices and electronic communications.






34. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things






35. Control category- to restore to a previous state by removing the adversary and or the results of their actions






36. Event(s) that cause harm






37. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






38. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.






39. Control type- that is communication based - typically written or oral






40. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.






41. A program with an inappropriate second purpose






42. Is secondhand and usually not admissible in court






43. Autonomous malware that requires a flaw in a service






44. Statistical probabilities of a collision are more likely than one thinks






45. Actions measured against either a policy or what a reasonable person would do






46. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services






47. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.






48. Joining two pieces of text






49. Objects or programming that looks the different but act same






50. Continuous surveillance - to provide for detection and response of any failure in preventive controls.