Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






2. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data






3. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






4. Collection of data on business functions which determines the strategy of resiliency






5. A failure of an IDS to detect an actual attack






6. Malware that subverts the detective controls of an operating system






7. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions






8. A state for operating system tasks only






9. Periodic - automatic and transparent backup of data in bulk.






10. Code making






11. Moving letters around






12. An availability attack - to consume resources to the point of exhaustion






13. Short period of low voltage.






14. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






15. Controls deployed to avert unauthorized and/or undesired actions.






16. Policy or stated actions






17. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.






18. Code breaking - practice of defeating the protective properties of cryptography.






19. A one way - directed graph which indicates confidentiality or integrity flow






20. OOP concept of a class's details to be hidden from object






21. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.






22. Security policy - procedures - and compliance enforcement






23. Wrong against society






24. Unauthorized access of network devices.






25. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.






26. Calculation encompassing threats - vulnerabilities and assets






27. Binary decision by a system of permitting or denying access to the entire system






28. Maximum tolerance for loss of certain business function - basis of strategy






29. Subject based description of a system or a collection of resources






30. The hard drive






31. Transaction controls for a database - a return to a previous state






32. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.






33. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






34. Use of specialized techniques for recovery - authentication - and analysis of electronic data






35. Record of system activity - which provides for monitoring and detection.






36. Creation distribution update and deletion






37. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.






38. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






39. Recovery alternative which includes cold site and some equipment and infrastructure is available






40. A race condition where the security changes during the object's access






41. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






42. High level design or model with a goal of consistency - integrity - and balance






43. The first rating that requires security labels






44. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due






45. Mitigation of system or component loss or interruption through use of backup capability.






46. Searching for wireless networks in a moving car.






47. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.






48. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.






49. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






50. Controls for logging and alerting