Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."






2. Pertaining to law - lending it self to one side of an argument






3. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination






4. A choice in risk management - to convince another to assume risk - typically by payment






5. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






6. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






7. A process state - (blocked) needing input before continuing






8. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.






9. Converts source code to an executable






10. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.






11. OOP concept of a template that consist of attributes and behaviors






12. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements






13. Something that happened






14. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.






15. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives






16. Renders the file inaccessible to the operating system - available to reuse for data storage.






17. Potential danger to information or systems






18. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






19. A electronic attestation of identity by a certificate authority






20. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






21. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.






22. Malware that makes small random changes to many data points






23. A device that provides the functions of both a bridge and a router.






24. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.






25. A passive network attack involving monitoring of traffic.






26. Used to code/decode a digital data stream.






27. For PKI - to have more than one person in charge of a sensitive function






28. A telephone exchange for a specific office or business.






29. Pertaining to law - verified as real






30. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






31. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






32. Autonomous malware that requires a flaw in a service






33. Moving letters around






34. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






35. The collection and summation of risk data relating to a particular asset and controls for that asset






36. Two different keys decrypt the same cipher text






37. People protect their domain






38. Evidence must be: admissible - authentic - complete - accurate - and convincing






39. The study of cryptography and cryptanalysis






40. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.






41. A design methodology which addresses risk early and often






42. Standard for the establishment - implementation - control - and improvement of the Information Security Management System






43. A control before attack






44. Collection of data on business functions which determines the strategy of resiliency






45. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner






46. A software design technique for abstraction of a process






47. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.






48. Pertaining to law - no omissions






49. The chance that something negative will occur






50. System mediation of access with the focus on the context of the request