Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A basic level of network access control that is based upon information contained in the IP packet header.






2. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive






3. What is will remain - persistence






4. Induces a crime - tricks a person - and is illegal






5. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






6. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.






7. The hard drive






8. Record history of incident






9. One of the key benefits of a network is the ability to share files stored on the server among several users.






10. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.






11. Property that data is represented in the same manner at all times






12. Provides a physical cross connect point for devices.






13. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






14. Unused storage capacity






15. Interception of a communication session by an attacker.






16. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






17. Substitution at the word or phrase level






18. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.






19. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






20. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






21. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.






22. To segregate for the purposes of labeling






23. Maximum tolerance for loss of certain business function - basis of strategy






24. A world-wide wireless technology






25. A documented battle plan for coordinating response to incidents.






26. Ertaining to a number system that has just two unique digits.






27. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






28. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






29. False memory reference






30. Requirement to take time off






31. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate






32. Measures followed to restore critical functions following a security incident.






33. Intellectual property protection for the expression of an idea






34. Long term knowledge building






35. Malware that makes many small changes over time to a single data point or system






36. A trusted issuer of digital certificates






37. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






38. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






39. A Trojan horse with the express underlying purpose of controlling host from a distance






40. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.






41. Requirement of access to data for a clearly defined purpose






42. Consume resources to a point of exhaustion - loss of availability






43. A mathematical tool for verifying no unintentional changes have been made






44. An attack involving the hijacking of a TCP session by predicting a sequence number.






45. A condition in which neither party is willing to stop their activity for the other to complete






46. An individuals conduct that violates government laws developed to protect the public






47. Communication of a security incident to stakeholders and data owners.






48. Pertaining to law - high degree of veracity






49. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.






50. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm