Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






2. Another subject cannot see an ongoing or pending update until it is complete






3. Something that happened






4. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






5. Use of specialized techniques for recovery - authentication - and analysis of electronic data






6. One entity with two competing allegiances






7. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.






8. Written step-by-step actions






9. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






10. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






11. A shield against leakage of electromagnetic signals.






12. Induces a crime - tricks a person - and is illegal






13. Regular operations are stopped and where processing is moved to the alternate site.






14. Hitting a filed down key in a lock with a hammer to open without real key






15. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






16. A legal enforceable agreement between: two people - two organizations - a person and an organization.






17. An availability attack - to consume resources to the point of exhaustion from multiple vectors






18. An alert or alarm that is triggered when no actual attack has taken place






19. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?






20. The hard drive






21. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.






22. A process state - to be either be unable to run waiting for an external event or terminated






23. A electronic attestation of identity by a certificate authority






24. A device that converts between digital and analog representation of data.






25. Tool which mediates access






26. Scrambled form of the message or data






27. Weak evidence






28. Moving letters around






29. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






30. A collection of data or information that has a name






31. To load the first piece of software that starts a computer.






32. Pertaining to law - accepted by a court






33. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






34. Responsibility of a user for the actions taken by their account which requires unique identification






35. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






36. System of law based upon precedence - with major divisions of criminal - tort - and administrative






37. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






38. Statistical probabilities of a collision are more likely than one thinks






39. Information about a particular data set






40. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.






41. A group or network of honeypots






42. A hash that has been further encrypted with a symmetric algorithm






43. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.






44. Information that - if made public or even shared around the organization - could seriously impede the organization's operations






45. More than one CPU on a single board






46. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






47. Requirement to take time off






48. To move from location to location - keeping the same function






49. A type of multitasking that allows for more even distribution of computing time among competing request






50. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).