Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The level and label given to an individual for the purpose of compartmentalization






2. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).






3. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance






4. Standard for the establishment - implementation - control - and improvement of the Information Security Management System






5. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.






6. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services






7. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.






8. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






9. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions






10. The property that data meet with a priority expectation of quality and that the data can be relied upon.






11. Return to a normal state






12. For PKI - to have more than one person in charge of a sensitive function






13. Outputs within a given function are the same result






14. Narrow scope examination of a system






15. Uncheck data input which results in redirection






16. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate






17. A hash that has been further encrypted with a symmetric algorithm






18. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.






19. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources






20. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due






21. Threats x Vulnerability x Asset Value = Total Risk






22. Controls deployed to avert unauthorized and/or undesired actions.






23. A backup type - for databases at a point in time






24. Deals with discretionary protection






25. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






26. Written internalized or nationalized norms that are internal to an organization






27. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.






28. A legal enforceable agreement between: two people - two organizations - a person and an organization.






29. Autonomous malware that requires a flaw in a service






30. The connection between a wireless and wired network.






31. An attack involving the hijacking of a TCP session by predicting a sequence number.






32. Program instructions based upon the CPU's specific architecture






33. Recovery alternative - complete duplication of services including personnel






34. Location to perform the business function






35. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






36. Object based description of a system or a collection of resources






37. A backup of data located where staff can gain access immediately






38. Part of a transaction control for a database which informs the database of the last recorded transaction






39. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.






40. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






41. Alerts personnel to the presence of a fire






42. A template for the designing the architecture






43. An availability attack - to consume resources to the point of exhaustion from multiple vectors






44. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






45. Asymmetric encryption of a hash of message






46. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?






47. An administrative unit or a group of objects and subjects controlled by one reference monitor






48. Control category - more than one control on a single asset






49. With enough computing power trying all possible combinations






50. Wrong against society