Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






2. An unintended communication path






3. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






4. Is secondhand and usually not admissible in court






5. A state for operating system tasks only






6. More than one process in the middle of executing at a time






7. Key






8. A Trojan horse with the express underlying purpose of controlling host from a distance






9. Potentially compromising leakage of electrical or acoustical signals.






10. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






11. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






12. A program with an inappropriate second purpose






13. To execute more than one instruction at an instant in time






14. A mail server that improperly allows inbound SMTP connections for domains it does not serve.






15. A design methodology which executes in a linear one way fashion






16. For PKI - decertify an entities certificate






17. Induces a crime - tricks a person - and is illegal






18. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.






19. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






20. Natural occurrence in circuits that are in close proximity






21. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






22. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






23. Intellectual property protection for an invention






24. Forging of an IP address.






25. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






26. A control before attack






27. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives






28. The technical and risk assesment of a system within the context of the operating environment






29. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.






30. A system that enforces an access control policy between two networks.






31. Continuous surveillance - to provide for detection and response of any failure in preventive controls.






32. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






33. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.






34. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






35. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






36. Code breaking - practice of defeating the protective properties of cryptography.






37. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






38. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






39. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.






40. RADIUS - TACACS+ - Diameter






41. Recognition of an individual's assertion of identity.






42. Control category - more than one control on a single asset






43. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.






44. Planning with a goal of returning to the normal business function






45. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).






46. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal






47. Control category- to give instructions or inform






48. OOP concept of a taking attributes from the original or parent






49. A group or network of honeypots






50. Intellectual property protection for marketing efforts