Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Weakness or flaw in an asset






2. Outputs within a given function are the same result






3. A design methodology which executes in a linear one way fashion






4. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






5. Intellectual property protection for marketing efforts






6. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs






7. Object reuse protection and auditing






8. Malware that subverts the detective controls of an operating system






9. OOP concept of a template that consist of attributes and behaviors






10. Vehicle stopping object






11. Eavesdropping on network communications by a third party.






12. Sphere of influence






13. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






14. The partial or full duplication of data from a source database to one or more destination databases.






15. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?






16. Recovery alternative - everything needed for the business function - except people and last backup






17. Security policy - procedures - and compliance enforcement






18. The chance that something negative will occur






19. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.






20. Trading one for another






21. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.






22. The guardian of asset(s) - a maintenance activity






23. Maximum tolerance for loss of certain business function - basis of strategy






24. The one person responsible for data - its classification and control setting






25. A device that provides the functions of both a bridge and a router.






26. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






27. Disruption of operation of an electronic device due to a competing electromagnetic field.






28. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.






29. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






30. Potentially compromising leakage of electrical or acoustical signals.






31. A backup of data located where staff can gain access immediately






32. Regular operations are stopped and where processing is moved to the alternate site.






33. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






34. Responsibility of a user for the actions taken by their account which requires unique identification






35. A control before attack






36. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.






37. Controls for termination of attempt to access object






38. Object based description of a system or a collection of resources






39. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.






40. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.






41. Moving the alphabet intact a certain number spaces






42. Forgery of the sender's email address in an email header.






43. Third party processes used to organize the implementation of an architecture






44. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things






45. A hash that has been further encrypted with a symmetric algorithm






46. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






47. Power surge






48. Object based description of a single resource and the permission each subject






49. Induces a crime - tricks a person - and is illegal






50. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.