Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack involving the hijacking of a TCP session by predicting a sequence number.






2. Used to code/decode a digital data stream.






3. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.






4. Written suggestions that direct choice to a few alternatives






5. A system designed to prevent unauthorized access to or from a private network.






6. A Denial of Service attack that floods the target system with connection requests that are not finalized.






7. The one person responsible for data - its classification and control setting






8. To segregate for the purposes of labeling






9. Forgery of the sender's email address in an email header.






10. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






11. Use of specialized techniques for recovery - authentication - and analysis of electronic data






12. A type of attack involving attempted insertion - deletion or altering of data.






13. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






14. To move from location to location - keeping the same function






15. For PKI - to have more than one person in charge of a sensitive function






16. Periodic - automatic and transparent backup of data in bulk.






17. Weakness or flaw in an asset






18. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data






19. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions






20. Less granular organization of controls -






21. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






22. Unused storage capacity






23. A collection of information designed to reduce duplication and increase integrity






24. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






25. A design methodology which addresses risk early and often






26. To evaluate the current situation and make basic decisions as to what to do






27. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.






28. Inference about encrypted communications






29. Outputs within a given function are the same result






30. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






31. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.






32. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






33. All of the protection mechanism in a computer system






34. One of the key benefits of a network is the ability to share files stored on the server among several users.






35. Weak evidence






36. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal






37. A collection of data or information that has a name






38. Eight bits.






39. A control after attack






40. A backup type - for databases at a point in time






41. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.






42. Hitting a filed down key in a lock with a hammer to open without real key






43. A subnetwork with storage devices servicing all servers on the attached network.






44. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.






45. Recovery alternative - everything needed for the business function - except people and last backup






46. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated






47. Abstract and mathematical in nature - defining all possible states - transitions and operations






48. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






49. Statistical probabilities of a collision are more likely than one thinks






50. Indivisible - data field must contain only one value that either all transactions take place or none do