Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Object reuse protection and auditing






2. A template for the designing the architecture






3. An availability attack - to consume resources to the point of exhaustion from multiple vectors






4. A group or network of honeypots






5. The study of cryptography and cryptanalysis






6. The partial or full duplication of data from a source database to one or more destination databases.






7. A design methodology which addresses risk early and often






8. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions






9. Information about a particular data set






10. Requirement of access to data for a clearly defined purpose






11. Recovery alternative - complete duplication of services including personnel






12. The first rating that requires security labels






13. Unused storage capacity






14. Independent malware that requires user interaction to execute






15. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






16. Momentary loss of power






17. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components






18. Dedicated fast memory located on the same board as the CPU






19. An event which stops business from continuing.






20. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.






21. Weak evidence






22. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






23. To segregate for the purposes of labeling






24. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






25. Recording activities at the keyboard level






26. Act of luring an intruder and is legal.






27. Use of specialized techniques for recovery - authentication - and analysis of electronic data






28. A physical enclosure for verifying identity before entry to a facility






29. The technical and risk assesment of a system within the context of the operating environment






30. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.






31. Responsibility of a user for the actions taken by their account which requires unique identification






32. Mediation of covert channels must be addressed






33. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






34. Unauthorized wireless network access device.






35. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






36. Intellectual property management technique for identifying after distribution






37. Information about data or records






38. The event signaling an IDS to produce an alarm when no attack has taken place






39. Unsolicited advertising software






40. A risk assessment method - measurable real money cost






41. High degree of visual control






42. Firewalls - encryption - and access control lists






43. Pertaining to law - lending it self to one side of an argument






44. A Denial of Service attack that floods the target system with connection requests that are not finalized.






45. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.






46. To collect many small pieces of data






47. A collection of information designed to reduce duplication and increase integrity






48. Malware that subverts the detective controls of an operating system






49. Small data files written to a user's hard drive by a web server.






50. Pertaining to law - no omissions