Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Written step-by-step actions






2. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






3. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






4. Eight bits.






5. Less granular organization of controls -






6. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks






7. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.






8. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.






9. Scrambled form of the message or data






10. Planning with a goal of returning to the normal business function






11. A disturbance that degrades performance of electronic devices and electronic communications.






12. Natural occurrence in circuits that are in close proximity






13. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






14. A backup of data located where staff can gain access readily and a localized disaster will not cause harm






15. A form of data hiding which protects running threads of execution from using each other's memory






16. Descrambling the encrypted message with the corresponding key






17. Something that happened






18. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






19. A record that must be preserved and available for retrieval if needed.






20. Just enough access to do the job






21. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






22. May be responsible for overall recovery of an organization or unit(s).






23. Responsibility for actions






24. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor






25. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)






26. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.






27. A type a computer memory that temporarily stores frequently used information for quick access.






28. System of law based upon what is good for society






29. Power surge






30. Mitigation of system or component loss or interruption through use of backup capability.






31. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






32. Continuous surveillance - to provide for detection and response of any failure in preventive controls.






33. Recovery alternative - everything needed for the business function - except people and last backup






34. The collection and summation of risk data relating to a particular asset and controls for that asset






35. Mediation of subject and object interactions






36. A mail server that improperly allows inbound SMTP connections for domains it does not serve.






37. Intellectual property protection for marketing efforts






38. Part of a transaction control for a database which informs the database of the last recorded transaction






39. Of a system without prior knowledge by the tester or the tested






40. Granular decision by a system of permitting or denying access to a particular resource on the system






41. Creation distribution update and deletion






42. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






43. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing






44. A Denial of Service attack that floods the target system with connection requests that are not finalized.






45. A backup type - for databases at a point in time






46. A condition in which neither party is willing to stop their activity for the other to complete






47. Control category - more than one control on a single asset






48. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






49. Code breaking - practice of defeating the protective properties of cryptography.






50. A back up type - where the organization has excess capacity in another location.