Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A passive network attack involving monitoring of traffic.






2. A software design technique for abstraction of a process






3. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components






4. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






5. System mediation of access with the focus on the context of the request






6. Return to a normal state






7. A distributed system's transaction control that requires updates to complete or rollback






8. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.






9. An availability attack - to consume resources to the point of exhaustion from multiple vectors






10. Consume resources to a point of exhaustion - loss of availability






11. Lower frequency noise






12. A layer 2 device that used to connect two network segments and regulate traffic.






13. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective






14. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements






15. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.






16. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due






17. An attack that breaks up malicious code into fragments - in an attempt to elude detection.






18. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






19. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






20. An availability attack - to consume resources to the point of exhaustion






21. Unsolicited commercial email






22. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."






23. A system that enforces an access control policy between two networks.






24. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






25. An event which stops business from continuing.






26. Renders the file inaccessible to the operating system - available to reuse for data storage.






27. A control after attack






28. Low level - pertaining to planning






29. Those who initiate the attack






30. State of computer - to be running a process






31. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.






32. Periodic - automatic and transparent backup of data in bulk.






33. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.






34. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.






35. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






36. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data






37. High level - pertaining to planning






38. A race condition where the security changes during the object's access






39. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






40. Mathematical function that determines the cryptographic operations






41. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






42. Object reuse protection and auditing






43. Using small special tools all tumblers of the lock are aligned - opening the door






44. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






45. A technology that reduces the size of a file.






46. With enough computing power trying all possible combinations






47. Event(s) that cause harm






48. To execute more than one instruction at an instant in time






49. Object based description of a system or a collection of resources






50. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.