Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Encryption system using a pair of mathematically related unequal keys






2. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.






3. To create a copy of data as a precaution against the loss or damage of the original data.






4. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






5. Controls for termination of attempt to access object






6. A planned or unplanned interruption in system availability.






7. A back up type - where the organization has excess capacity in another location.






8. Uncheck data input which results in redirection






9. False memory reference






10. All of the protection mechanism in a computer system






11. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.






12. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






13. A state for operating system tasks only






14. A documented battle plan for coordinating response to incidents.






15. Moving letters around






16. Recovery alternative which outsources a business function at a cost






17. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






18. Act of scrambling the cleartext message by using a key.






19. A shield against leakage of electromagnetic signals.






20. A process state - to be executing a process on the CPU






21. Malware that subverts the detective controls of an operating system






22. A protocol for the efficient transmission of voice over the Internet






23. Vehicle stopping object






24. Using small special tools all tumblers of the lock are aligned - opening the door






25. Two different keys decrypt the same cipher text






26. Is secondhand and usually not admissible in court






27. OOP concept of an object at runtime






28. Periodic - automatic and transparent backup of data in bulk.






29. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






30. A type of multitasking that allows for more even distribution of computing time among competing request






31. To know more than one job






32. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






33. Data or interference that can trigger a false positive






34. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.






35. Final purpose or result






36. Provides a physical cross connect point for devices.






37. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






38. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






39. Sphere of influence






40. A state where two subjects can access the same object without proper mediation






41. Individuals and departments responsible for the storage and safeguarding of computerized data.






42. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






43. Summary of a communication for the purpose of integrity






44. Lower frequency noise






45. The technical and risk assesment of a system within the context of the operating environment






46. People protect their domain






47. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






48. Unchecked data which spills into another location in memory






49. Recovery alternative - short-term - high cost movable processing location






50. Information about data or records