Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Less granular organization of controls -






2. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






3. Abstract and mathematical in nature - defining all possible states - transitions and operations






4. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






5. A computer designed for the purpose of studying adversaries






6. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.






7. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing






8. Lower frequency noise






9. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.






10. A device that sequentially switches multiple analog inputs to the output.






11. Property that data is represented in the same manner at all times






12. Sudden rise in voltage in the power supply.






13. An individuals conduct that violates government laws developed to protect the public






14. Code making






15. A hash that has been further encrypted with a symmetric algorithm






16. Final purpose or result






17. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






18. Controls deployed to avert unauthorized and/or undesired actions.






19. A choice in risk management - to convince another to assume risk - typically by payment






20. An attack that breaks up malicious code into fragments - in an attempt to elude detection.






21. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).






22. Intellectual property protection for an confidential and critical process






23. A one way - directed graph which indicates confidentiality or integrity flow






24. Most granular organization of controls






25. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.






26. Moving letters around






27. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.






28. A control after attack






29. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.






30. To start business continuity processes






31. Memory - RAM






32. Mitigate damage by isolating compromised systems from the network.






33. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






34. A trusted issuer of digital certificates






35. A back up type - where the organization has excess capacity in another location.






36. To load the first piece of software that starts a computer.






37. Converts source code to an executable






38. Information about a particular data set






39. Written suggestions that direct choice to a few alternatives






40. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






41. Record of system activity - which provides for monitoring and detection.






42. Renders the file inaccessible to the operating system - available to reuse for data storage.






43. Specific format of technical and physical controls that support the chosen framework and the architecture






44. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






45. Hiding the fact that communication has occurred






46. Reduction of voltage by the utility company for a prolonged period of time






47. A description of a database






48. The study of cryptography and cryptanalysis






49. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?






50. OOP concept of an object at runtime