Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Hitting a filed down key in a lock with a hammer to open without real key






2. Potential danger to information or systems






3. Subjects will not interact with each other's objects






4. Summary of a communication for the purpose of integrity






5. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.






6. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.






7. Individuals and departments responsible for the storage and safeguarding of computerized data.






8. Unchecked data which spills into another location in memory






9. To segregate for the purposes of labeling






10. A passive network attack involving monitoring of traffic.






11. Outputs within a given function are the same result






12. Prolonged loss of commercial power






13. Hiding the fact that communication has occurred






14. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.






15. Physical description on the exterior of an object that communicates the existence of a label






16. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.






17. Forgery of the sender's email address in an email header.






18. Business and technical process of applying security software updates in a regulated periodic way






19. Intellectual property protection for marketing efforts






20. Control category- to discourage an adversary from attempting to access






21. An alert or alarm that is triggered when no actual attack has taken place






22. A process state - to be executing a process on the CPU






23. Pertaining to law - lending it self to one side of an argument






24. An encryption method that has a key as long as the message






25. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






26. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






27. Threats x Vulnerability x Asset Value = Total Risk






28. A shield against leakage of electromagnetic signals.






29. State of computer - to be running a process






30. Dedicated fast memory located on the same board as the CPU






31. Searching for wireless networks in a moving car.






32. A protocol for the efficient transmission of voice over the Internet






33. Less granular organization of controls -






34. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






35. Unauthorized wireless network access device.






36. Inference about encrypted communications






37. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






38. Methodical research of an incident with the purpose of finding the root cause






39. Eavesdropping on network communications by a third party.






40. Recording the Who What When Where How of evidence






41. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.






42. A backup of data located where staff can gain access readily and a localized disaster will not cause harm






43. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






44. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






45. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.






46. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate






47. People protect their domain






48. A failure of an IDS to detect an actual attack






49. A race condition where the security changes during the object's access






50. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services