Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.






2. Unsolicited advertising software






3. An attack that breaks up malicious code into fragments - in an attempt to elude detection.






4. Effort/time needed to overcome a protective measure






5. Pertaining to law - accepted by a court






6. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






7. What is will remain - persistence






8. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






9. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.






10. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






11. Some systems are actually run at the alternate site






12. A set of laws that the organization agrees to be bound by






13. Short period of low voltage.






14. Encryption system using shared key/private key/single key/secret key






15. Weakness or flaw in an asset






16. Memory management technique which allows subjects to use the same resource






17. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






18. Identification and notification of an unauthorized and/or undesired action






19. Unauthorized wireless network access device.






20. Disruption of operation of an electronic device due to a competing electromagnetic field.






21. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






22. For PKI - to have more than one person in charge of a sensitive function






23. An availability attack - to consume resources to the point of exhaustion






24. OOP concept of a template that consist of attributes and behaviors






25. Used to code/decode a digital data stream.






26. Information that - if made public or even shared around the organization - could seriously impede the organization's operations






27. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.






28. Outputs within a given function are the same result






29. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






30. Of a system without prior knowledge by the tester or the tested






31. A backup type - for databases at a point in time






32. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.






33. Renders the record inaccessible to the database management system






34. To evaluate the current situation and make basic decisions as to what to do






35. Objects or programming that looks the different but act same






36. A BCP testing type - a test that answers the question: Can the organization replicate the business process?






37. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






38. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.






39. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.






40. A device that converts between digital and analog representation of data.






41. Creation distribution update and deletion






42. Wrong against society






43. A computer designed for the purpose of studying adversaries






44. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






45. An asymmetric cryptography mechanism that provides authentication.






46. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?






47. Inappropriate data






48. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






49. Encryption system using a pair of mathematically related unequal keys






50. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services