Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A device that sequentially switches multiple analog inputs to the output.






2. A electronic attestation of identity by a certificate authority






3. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






4. A process state - (blocked) needing input before continuing






5. Potentially compromising leakage of electrical or acoustical signals.






6. Firewalls - encryption - and access control lists






7. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate






8. Information about a particular data set






9. For PKI - to have more than one person in charge of a sensitive function






10. An image compression standard for photographs






11. Try a list of words in passwords or encryption keys






12. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements






13. Planning with a goal of returning to the normal business function






14. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys






15. Malware that makes small random changes to many data points






16. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.






17. The first rating that requires security labels






18. Descrambling the encrypted message with the corresponding key






19. Process whereby data is removed from active files and other data storage structures






20. Business and technical process of applying security software updates in a regulated periodic way






21. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






22. Initial surge of current






23. Moving letters around






24. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas






25. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






26. Forgery of the sender's email address in an email header.






27. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






28. The technical and risk assesment of a system within the context of the operating environment






29. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






30. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






31. Requirement to take time off






32. Information that - if made public or even shared around the organization - could seriously impede the organization's operations






33. Tool which mediates access






34. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.






35. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.






36. An attack involving the hijacking of a TCP session by predicting a sequence number.






37. Is secondhand and usually not admissible in court






38. Program instructions based upon the CPU's specific architecture






39. A form of data hiding which protects running threads of execution from using each other's memory






40. A device that provides the functions of both a bridge and a router.






41. RADIUS - TACACS+ - Diameter






42. Employment education done once per position or at significant change of function






43. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc






44. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.






45. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






46. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






47. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.






48. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






49. A passive network attack involving monitoring of traffic.






50. Organized group of compromised computers