Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions






2. Responsibility of a user for the actions taken by their account which requires unique identification






3. Summary of a communication for the purpose of integrity






4. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.






5. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.






6. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






7. A device that provides the functions of both a bridge and a router.






8. Vehicle stopping object






9. Recording activities at the keyboard level






10. Line noise that is superimposed on the supply circuit.






11. Ertaining to a number system that has just two unique digits.






12. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective






13. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






14. Recovery alternative which outsources a business function at a cost






15. Program instructions based upon the CPU's specific architecture






16. Those who initiate the attack






17. A unit of execution






18. Granular decision by a system of permitting or denying access to a particular resource on the system






19. Deals with discretionary protection






20. To stop damage from spreading






21. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






22. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






23. Malware that subverts the detective controls of an operating system






24. A programming device use in development to circumvent controls






25. With enough computing power trying all possible combinations






26. DoS - Spoofing - dictionary - brute force - wardialing






27. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






28. Abstract and mathematical in nature - defining all possible states - transitions and operations






29. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






30. Weak evidence






31. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






32. OOP concept of a class's details to be hidden from object






33. The study of cryptography and cryptanalysis






34. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.






35. The core logic engine of an operating system which almost never changes






36. An unintended communication path






37. Recovery alternative - complete duplication of services including personnel






38. A mathematical tool for verifying no unintentional changes have been made






39. Can be statistical (monitor behavior) or signature based (watch for known attacks)






40. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






41. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






42. Employment education done once per position or at significant change of function






43. A set of laws that the organization agrees to be bound by






44. Power surge






45. An image compression standard for photographs






46. A shield against leakage of electromagnetic signals.






47. Planning for the delegation of authority required when decisions must be made without the normal chain of command






48. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.






49. Natural or human-readable form of message






50. Pertaining to law - no omissions