Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






2. OOP concept of a class's details to be hidden from object






3. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.






4. Short period of low voltage.






5. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






6. Low level - pertaining to planning






7. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.






8. Descrambling the encrypted message with the corresponding key






9. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






10. Intellectual property protection for the expression of an idea






11. Planning with a goal of returning to the normal business function






12. Review of data






13. Intermediate level - pertaining to planning






14. A layer 2 device that used to connect two network segments and regulate traffic.






15. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.






16. Binary decision by a system of permitting or denying access to the entire system






17. Business and technical process of applying security software updates in a regulated periodic way






18. A type of attack involving attempted insertion - deletion or altering of data.






19. DoS - Spoofing - dictionary - brute force - wardialing






20. Part of a transaction control for a database which informs the database of the last recorded transaction






21. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing






22. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






23. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective






24. Someone who wants to cause harm






25. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.






26. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks






27. Standard for the establishment - implementation - control - and improvement of the Information Security Management System






28. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN






29. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive






30. Security policy - procedures - and compliance enforcement






31. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






32. Object based description of a single resource and the permission each subject






33. One of the key benefits of a network is the ability to share files stored on the server among several users.






34. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






35. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






36. False memory reference






37. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.






38. What is will remain - persistence






39. Mathematical function that determines the cryptographic operations






40. Autonomous malware that requires a flaw in a service






41. Responsibility for actions






42. Some systems are actually run at the alternate site






43. Two certificate authorities that trust each other






44. A unit of execution






45. System directed mediation of access with labels






46. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






47. The hard drive






48. The property that data meet with a priority expectation of quality and that the data can be relied upon.






49. The collection and summation of risk data relating to a particular asset and controls for that asset






50. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.