Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.






2. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services






3. A hash that has been further encrypted with a symmetric algorithm






4. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.






5. Process of statistically testing a data set for the likelihood of relevant information.






6. Induces a crime - tricks a person - and is illegal






7. Another subject cannot see an ongoing or pending update until it is complete






8. To load the first piece of software that starts a computer.






9. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.






10. A shield against leakage of electromagnetic signals.






11. A one way - directed graph which indicates confidentiality or integrity flow






12. Wrong against society






13. A electronic attestation of identity by a certificate authority






14. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






15. Forgery of the sender's email address in an email header.






16. To collect many small pieces of data






17. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys






18. An alert or alarm that is triggered when no actual attack has taken place






19. An individuals conduct that violates government laws developed to protect the public






20. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.






21. Recovery alternative which outsources a business function at a cost






22. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






23. A risk assessment method - intrinsic value






24. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.






25. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc






26. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






27. Vehicle or tool that exploits a weakness






28. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.






29. Business and technical process of applying security software updates in a regulated periodic way






30. Planning for the delegation of authority required when decisions must be made without the normal chain of command






31. An unintended communication path






32. Less granular organization of controls -






33. Mitigate damage by isolating compromised systems from the network.






34. Continuous surveillance - to provide for detection and response of any failure in preventive controls.






35. Someone who wants to cause harm






36. Real-time - automatic and transparent backup of data.






37. Subset of operating systems components dedicated to protection mechanisms






38. Malware that makes many small changes over time to a single data point or system






39. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.






40. A collection of data or information that has a name






41. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






42. OOP concept of an object at runtime






43. Part of a transaction control for a database which informs the database of the last recorded transaction






44. Code making






45. The problems solving state - the opposite of supervisor mode






46. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






47. A disturbance that degrades performance of electronic devices and electronic communications.






48. Calculation encompassing threats - vulnerabilities and assets






49. Control category- to record an adversary's actions






50. OOP concept of a taking attributes from the original or parent