Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. OOP concept of a distinct copy of the class






2. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






3. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






4. An availability attack - to consume resources to the point of exhaustion






5. Object based description of a single resource and the permission each subject






6. System of law based upon what is good for society






7. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






8. A process state - (blocked) needing input before continuing






9. Intellectual property management technique for identifying after distribution






10. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






11. Mathematical function that determines the cryptographic operations






12. Business and technical process of applying security software updates in a regulated periodic way






13. High degree of visual control






14. Another subject cannot see an ongoing or pending update until it is complete






15. Forging of an IP address.






16. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






17. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials






18. The managerial approval to operate a system based upon knowledge of risk to operate






19. For PKI - decertify an entities certificate






20. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






21. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.






22. A structured group of teams ready to take control of the recovery operations if a disaster should occur.






23. Recovery alternative which outsources a business function at a cost






24. Reduction of voltage by the utility company for a prolonged period of time






25. RADIUS - TACACS+ - Diameter






26. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






27. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






28. Recording the Who What When Where How of evidence






29. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.






30. Trading one for another






31. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code






32. Collection of data on business functions which determines the strategy of resiliency






33. To evaluate the current situation and make basic decisions as to what to do






34. Provides a physical cross connect point for devices.






35. Potentially retrievable data residue that remains following intended erasure of data.






36. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.






37. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






38. A copy of transaction data - designed for querying and reporting






39. Intellectual property protection for an confidential and critical process






40. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys






41. Planning for the delegation of authority required when decisions must be made without the normal chain of command






42. A covert storage channel on the file attribute






43. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.






44. A collection of data or information that has a name






45. An event which stops business from continuing.






46. A design methodology which addresses risk early and often






47. Creation distribution update and deletion






48. Line noise that is superimposed on the supply circuit.






49. Eight bits.






50. Controls deployed to avert unauthorized and/or undesired actions.