Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






2. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






3. System directed mediation of access with labels






4. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






5. Final purpose or result






6. Hitting a filed down key in a lock with a hammer to open without real key






7. Code making






8. Malware that makes small random changes to many data points






9. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.






10. A disturbance that degrades performance of electronic devices and electronic communications.






11. Induces a crime - tricks a person - and is illegal






12. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm






13. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.






14. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






15. Hardware or software that is part of a larger system






16. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.






17. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.






18. Maintenance procedures outline the process for the review and update of business continuity plans.






19. Wrong against society






20. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






21. Momentary loss of power






22. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






23. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






24. More than one CPU on a single board






25. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






26. Consume resources to a point of exhaustion - loss of availability






27. Two different keys decrypt the same cipher text






28. Alerts personnel to the presence of a fire






29. DoS - Spoofing - dictionary - brute force - wardialing






30. An availability attack - to consume resources to the point of exhaustion from multiple vectors






31. Record history of incident






32. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.






33. Converts a high level language into machine language






34. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






35. A mail server that improperly allows inbound SMTP connections for domains it does not serve.






36. Interception of a communication session by an attacker.






37. A race condition where the security changes during the object's access






38. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






39. Recovery alternative - everything needed for the business function - except people and last backup






40. For PKI - to store another copy of a key






41. A telephone exchange for a specific office or business.






42. Control category - more than one control on a single asset






43. A distributed system's transaction control that requires updates to complete or rollback






44. A world-wide wireless technology






45. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






46. To collect many small pieces of data






47. Object based description of a system or a collection of resources






48. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






49. One of the key benefits of a network is the ability to share files stored on the server among several users.






50. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur