Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.






2. An alert or alarm that is triggered when no actual attack has taken place






3. Intellectual property protection for an confidential and critical process






4. The first rating that requires security labels






5. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






6. Recovery alternative which includes cold site and some equipment and infrastructure is available






7. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






8. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






9. Dedicated fast memory located on the same board as the CPU






10. Data or interference that can trigger a false positive






11. A Denial of Service attack that floods the target system with connection requests that are not finalized.






12. A running key using a random key that is never used again






13. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks






14. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions






15. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.






16. Unused storage capacity






17. Record of system activity - which provides for monitoring and detection.






18. Some systems are actually run at the alternate site






19. Creation distribution update and deletion






20. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.






21. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






22. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






23. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials






24. Binary decision by a system of permitting or denying access to the entire system






25. A backup type which creates a complete copy






26. To load the first piece of software that starts a computer.






27. Statistical probabilities of a collision are more likely than one thinks






28. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






29. A choice in risk management - to implement a control that limits or lessens negative effects






30. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.






31. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing






32. One way encryption






33. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






34. Written step-by-step actions






35. Something that happened






36. Used to code/decode a digital data stream.






37. Recognition of an individual's assertion of identity.






38. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.






39. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






40. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






41. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






42. DoS - Spoofing - dictionary - brute force - wardialing






43. Total number of keys available that may be selected by the user of a cryptosystem






44. OOP concept of a taking attributes from the original or parent






45. System mediation of access with the focus on the context of the request






46. Object based description of a single resource and the permission each subject






47. A BCP testing type - a test that answers the question: Can the organization replicate the business process?






48. What is will remain - persistence






49. Forging of an IP address.






50. The hard drive