Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).






2. A database that contains the name - type - range of values - source and authorization for access for each data element






3. Amount of time for restoring a business process or function to normal operations without major loss






4. Control category- to record an adversary's actions






5. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






6. A temporary public file to inform others of a compromised digital certificate






7. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






8. Planning for the delegation of authority required when decisions must be made without the normal chain of command






9. A race condition where the security changes during the object's access






10. Something that happened






11. For PKI - to store another copy of a key






12. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






13. OOP concept of an object's abilities - what it does






14. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.






15. Threats x Vulnerability x Asset Value = Total Risk






16. Pertaining to law - verified as real






17. Maintenance procedures outline the process for the review and update of business continuity plans.






18. Total number of keys available that may be selected by the user of a cryptosystem






19. To jump to a conclusion






20. A basic level of network access control that is based upon information contained in the IP packet header.






21. A technology that reduces the size of a file.






22. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






23. An asymmetric cryptography mechanism that provides authentication.






24. More than one processor sharing same memory - also know as parallel systems






25. Evaluation of a system without prior knowledge by the tester






26. A subnetwork with storage devices servicing all servers on the attached network.






27. A collection of information designed to reduce duplication and increase integrity






28. A set of laws that the organization agrees to be bound by






29. Pertaining to law - accepted by a court






30. Uncleared buffers or media






31. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






32. To smooth out reductions or increases in power






33. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.






34. Act of luring an intruder and is legal.






35. Someone who wants to cause harm






36. The first rating that requires security labels






37. A condition in which neither party is willing to stop their activity for the other to complete






38. A physical enclosure for verifying identity before entry to a facility






39. Deals with discretionary protection






40. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.






41. Guidelines within an organization that control the rules and configurations of an IDS






42. Memory management technique that allows two processes to run concurrently without interaction






43. Recovery alternative which outsources a business function at a cost






44. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






45. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






46. Pertaining to law - high degree of veracity






47. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






48. Planning with a goal of returning to the normal business function






49. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code






50. Code breaking - practice of defeating the protective properties of cryptography.