Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Eavesdropping on network communications by a third party.






2. A process state - to be executing a process on the CPU






3. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






4. A disturbance that degrades performance of electronic devices and electronic communications.






5. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






6. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






7. A temporary public file to inform others of a compromised digital certificate






8. Regular operations are stopped and where processing is moved to the alternate site.






9. A trusted issuer of digital certificates






10. A world-wide wireless technology






11. A unit of execution






12. Recovery alternative - short-term - high cost movable processing location






13. A device that provides the functions of both a bridge and a router.






14. Location to perform the business function






15. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities






16. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.






17. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.






18. Evaluation of a system without prior knowledge by the tester






19. A database backup type which records at the transaction level






20. Mathematical function that determines the cryptographic operations






21. A mathematical tool for verifying no unintentional changes have been made






22. Moving the alphabet intact a certain number spaces






23. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.






24. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






25. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.






26. Responsibility for actions






27. A BCP testing type - a test that answers the question: Can the organization replicate the business process?






28. Intermediate level - pertaining to planning






29. Two certificate authorities that trust each other






30. Natural occurrence in circuits that are in close proximity






31. RADIUS - TACACS+ - Diameter






32. Indivisible - data field must contain only one value that either all transactions take place or none do






33. One entity with two competing allegiances






34. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






35. A distributed system's transaction control that requires updates to complete or rollback






36. Momentary loss of power






37. Process of statistically testing a data set for the likelihood of relevant information.






38. Specific format of technical and physical controls that support the chosen framework and the architecture






39. A backup of data located where staff can gain access immediately






40. A design methodology which addresses risk early and often






41. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?






42. A condition in which neither party is willing to stop their activity for the other to complete






43. Reduction of voltage by the utility company for a prolonged period of time






44. To set the clearance of a subject or the classification of an object






45. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






46. Subject based description of a system or a collection of resources






47. A collection of data or information that has a name






48. People who interact with assets






49. An individuals conduct that violates government laws developed to protect the public






50. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective