Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Consume resources to a point of exhaustion - loss of availability






2. Weakness or flaw in an asset






3. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor






4. Two certificate authorities that trust each other






5. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.






6. Just enough access to do the job






7. To know more than one job






8. A BCP testing type - (structured walkthrough) - a test that answers the question: Is everything need for recovery available?






9. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






10. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal






11. Hitting a filed down key in a lock with a hammer to open without real key






12. A physical enclosure for verifying identity before entry to a facility






13. Location where coordination and execution of BCP or DRP is directed






14. To evaluate the current situation and make basic decisions as to what to do






15. The principles a person sets for themselves to follow






16. Statistical probabilities of a collision are more likely than one thinks






17. Quantity of risk remaining after a control is applied






18. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components






19. A program with an inappropriate second purpose






20. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






21. Employment education done once per position or at significant change of function






22. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






23. A process state - to be either be unable to run waiting for an external event or terminated






24. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.






25. Record history of incident






26. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.






27. A choice in risk management - to convince another to assume risk - typically by payment






28. Unused storage capacity






29. Of a system without prior knowledge by the tester or the tested






30. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






31. The first rating that requires security labels






32. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






33. Planning for the delegation of authority required when decisions must be made without the normal chain of command






34. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due






35. Intellectual property protection for the expression of an idea






36. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






37. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






38. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






39. One entity with two competing allegiances






40. Wrong against society






41. For PKI - to store another copy of a key






42. Written internalized or nationalized norms that are internal to an organization






43. Object based description of a system or a collection of resources






44. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






45. A copy of transaction data - designed for querying and reporting






46. A protocol for the efficient transmission of voice over the Internet






47. Act of luring an intruder and is legal.






48. Scrambled form of the message or data






49. High level - pertaining to planning






50. To break a business process into separate functions and assign to different people