Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.






2. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






3. Eight bits.






4. A type of multitasking that allows for more even distribution of computing time among competing request






5. Recognition of an individual's assertion of identity.






6. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.






7. Malware that makes many small changes over time to a single data point or system






8. Intellectual property protection for marketing efforts






9. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






10. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






11. A control before attack






12. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.






13. High level design or model with a goal of consistency - integrity - and balance






14. An availability attack - to consume resources to the point of exhaustion






15. Recovery alternative - everything needed for the business function - except people and last backup






16. Control type- that is communication based - typically written or oral






17. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






18. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






19. Weak evidence






20. Collection of data on business functions which determines the strategy of resiliency






21. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.






22. Unsolicited commercial email






23. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.






24. Encryption system using shared key/private key/single key/secret key






25. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






26. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.






27. The one person responsible for data - its classification and control setting






28. Total number of keys available that may be selected by the user of a cryptosystem






29. Pertaining to law - high degree of veracity






30. Small data warehouse






31. Fault tolerance for power






32. A secure connection to another network.






33. A subnetwork with storage devices servicing all servers on the attached network.






34. Uncheck data input which results in redirection






35. The core of a computer that calculates






36. A passive network attack involving monitoring of traffic.






37. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






38. A hash that has been further encrypted with a symmetric algorithm






39. More than one CPU on a single board






40. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






41. The guardian of asset(s) - a maintenance activity






42. A Trojan horse with the express underlying purpose of controlling host from a distance






43. OOP concept of a class's details to be hidden from object






44. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.






45. Process of statistically testing a data set for the likelihood of relevant information.






46. Program instructions based upon the CPU's specific architecture






47. Of a system without prior knowledge by the tester or the tested






48. Narrow scope examination of a system






49. Deals with discretionary protection






50. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity