Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To start business continuity processes






2. Encryption system using shared key/private key/single key/secret key






3. Act of scrambling the cleartext message by using a key.






4. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






5. A program with an inappropriate second purpose






6. A layer 3 device that used to connect two or more network segments and regulate traffic.






7. Long term knowledge building






8. Malware that makes small random changes to many data points






9. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.






10. Alerts personnel to the presence of a fire






11. For PKI - to store another copy of a key






12. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






13. One way encryption






14. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions






15. Claiming another's identity at a physical level






16. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






17. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






18. Process whereby data is removed from active files and other data storage structures






19. Outputs within a given function are the same result






20. Can be statistical (monitor behavior) or signature based (watch for known attacks)






21. Abstract and mathematical in nature - defining all possible states - transitions and operations






22. Lower frequency noise






23. A basic level of network access control that is based upon information contained in the IP packet header.






24. Memory management technique which allows data to be moved from one memory address to another






25. A copy of transaction data - designed for querying and reporting






26. A risk assessment method - measurable real money cost






27. Review of data






28. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?






29. People who interact with assets






30. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.






31. Code making






32. An asymmetric cryptography mechanism that provides authentication.






33. Planning with a goal of returning to the normal business function






34. A passive network attack involving monitoring of traffic.






35. Define the way in which the organization operates.






36. An availability attack - to consume resources to the point of exhaustion from multiple vectors






37. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






38. A system designed to prevent unauthorized access to or from a private network.






39. Indivisible - data field must contain only one value that either all transactions take place or none do






40. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






41. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code






42. Statistical probabilities of a collision are more likely than one thinks






43. Substitution at the word or phrase level






44. Identification and notification of an unauthorized and/or undesired action






45. A database that contains the name - type - range of values - source and authorization for access for each data element






46. The level and label given to an individual for the purpose of compartmentalization






47. A computer designed for the purpose of studying adversaries






48. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination






49. Employment education done once per position or at significant change of function






50. Memory - RAM