Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Controls for termination of attempt to access object






2. Mitigate damage by isolating compromised systems from the network.






3. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






4. Pertaining to law - verified as real






5. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






6. Regular operations are stopped and where processing is moved to the alternate site.






7. Vehicle or tool that exploits a weakness






8. Consume resources to a point of exhaustion - loss of availability






9. Natural occurrence in circuits that are in close proximity






10. Final purpose or result






11. Potentially compromising leakage of electrical or acoustical signals.






12. Written suggestions that direct choice to a few alternatives






13. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






14. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.






15. A process state - to be executing a process on the CPU






16. A mathematical tool for verifying no unintentional changes have been made






17. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.






18. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






19. A trusted issuer of digital certificates






20. A software design technique for abstraction of a process






21. A record that must be preserved and available for retrieval if needed.






22. Eavesdropping on network communications by a third party.






23. Reduction of voltage by the utility company for a prolonged period of time






24. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






25. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






26. Summary of a communication for the purpose of integrity






27. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






28. Scrambled form of the message or data






29. Statistical probabilities of a collision are more likely than one thinks






30. An alert or alarm that is triggered when no actual attack has taken place






31. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






32. Intellectual property protection for an invention






33. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






34. Owner directed mediation of access






35. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things






36. The first rating that requires security labels






37. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due






38. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






39. A type of multitasking that allows for more even distribution of computing time among competing request






40. Return to a normal state






41. One way encryption






42. Initial surge of current






43. A documented battle plan for coordinating response to incidents.






44. A disturbance that degrades performance of electronic devices and electronic communications.






45. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive






46. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






47. One of the key benefits of a network is the ability to share files stored on the server among several users.






48. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






49. A BCP testing type - a test that answers the question: Can the organization replicate the business process?






50. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective