Test your basic knowledge |

CISSP Certified Information Systems Security Professional

  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.

2. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.

3. Eight bits.

4. A type of multitasking that allows for more even distribution of computing time among competing request

5. Recognition of an individual's assertion of identity.

6. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.

7. Malware that makes many small changes over time to a single data point or system

8. Intellectual property protection for marketing efforts

9. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)

10. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid

11. A control before attack

12. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.

13. High level design or model with a goal of consistency - integrity - and balance

14. An availability attack - to consume resources to the point of exhaustion

15. Recovery alternative - everything needed for the business function - except people and last backup

16. Control type- that is communication based - typically written or oral

17. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.

18. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.

19. Weak evidence

20. Collection of data on business functions which determines the strategy of resiliency

21. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.

22. Unsolicited commercial email

23. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.

24. Encryption system using shared key/private key/single key/secret key

25. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.

26. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.

27. The one person responsible for data - its classification and control setting

28. Total number of keys available that may be selected by the user of a cryptosystem

29. Pertaining to law - high degree of veracity

30. Small data warehouse

31. Fault tolerance for power

32. A secure connection to another network.

33. A subnetwork with storage devices servicing all servers on the attached network.

34. Uncheck data input which results in redirection

35. The core of a computer that calculates

36. A passive network attack involving monitoring of traffic.

37. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).

38. A hash that has been further encrypted with a symmetric algorithm

39. More than one CPU on a single board

40. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing

41. The guardian of asset(s) - a maintenance activity

42. A Trojan horse with the express underlying purpose of controlling host from a distance

43. OOP concept of a class's details to be hidden from object

44. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.

45. Process of statistically testing a data set for the likelihood of relevant information.

46. Program instructions based upon the CPU's specific architecture

47. Of a system without prior knowledge by the tester or the tested

48. Narrow scope examination of a system

49. Deals with discretionary protection

50. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity