Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A technology that reduces the size of a file.






2. The guardian of asset(s) - a maintenance activity






3. With enough computing power trying all possible combinations






4. A subnetwork with storage devices servicing all servers on the attached network.






5. To jump to a conclusion






6. Mediation of subject and object interactions






7. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner






8. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






9. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.






10. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






11. Lower frequency noise






12. A device that converts between digital and analog representation of data.






13. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






14. An availability attack - to consume resources to the point of exhaustion from multiple vectors






15. Methodical research of an incident with the purpose of finding the root cause






16. To create a copy of data as a precaution against the loss or damage of the original data.






17. The first rating that requires security labels






18. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)






19. Unsolicited commercial email






20. To collect many small pieces of data






21. To stop damage from spreading






22. Highest level of authority at EOC with knowledge of the business process and the resources available






23. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






24. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.






25. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials






26. Most granular organization of controls






27. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






28. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.






29. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services






30. Control category- to record an adversary's actions






31. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.






32. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






33. A choice in risk management - to implement a control that limits or lessens negative effects






34. Provides a physical cross connect point for devices.






35. A back up type - where the organization has excess capacity in another location.






36. Real-time - automatic and transparent backup of data.






37. A process state - to be executing a process on the CPU






38. Trading one for another






39. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.






40. Reduction of voltage by the utility company for a prolonged period of time






41. A set of laws that the organization agrees to be bound by






42. The collection and summation of risk data relating to a particular asset and controls for that asset






43. Substitution at the word or phrase level






44. RADIUS - TACACS+ - Diameter






45. Unused storage capacity






46. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






47. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.






48. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."






49. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm






50. Some systems are actually run at the alternate site