Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Written core statements that rarely change






2. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.






3. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN






4. Responsibility for actions






5. Employment education done once per position or at significant change of function






6. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






7. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.






8. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






9. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






10. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






11. To collect many small pieces of data






12. Eavesdropping on network communications by a third party.






13. Policy or stated actions






14. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.






15. A physical enclosure for verifying identity before entry to a facility






16. Induces a crime - tricks a person - and is illegal






17. An availability attack - to consume resources to the point of exhaustion from multiple vectors






18. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor






19. Eight bits.






20. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






21. Guidelines within an organization that control the rules and configurations of an IDS






22. A running key using a random key that is never used again






23. A unit of execution






24. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






25. Recording the Who What When Where How of evidence






26. Recovery alternative - complete duplication of services including personnel






27. Mediation of covert channels must be addressed






28. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






29. Pertaining to law - accepted by a court






30. A backup type which creates a complete copy






31. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?






32. Planning for the delegation of authority required when decisions must be made without the normal chain of command






33. OOP concept of a template that consist of attributes and behaviors






34. Mediation of subject and object interactions






35. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code






36. Some systems are actually run at the alternate site






37. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.






38. Mathematical function that determines the cryptographic operations






39. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






40. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






41. Subset of operating systems components dedicated to protection mechanisms






42. A back up type - where the organization has excess capacity in another location.






43. Recovery alternative which outsources a business function at a cost






44. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.






45. A process state - to be executing a process on the CPU






46. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






47. Methodical research of an incident with the purpose of finding the root cause






48. Used to code/decode a digital data stream.






49. Final purpose or result






50. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.