Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A mathematical tool for verifying no unintentional changes have been made






2. The collection and summation of risk data relating to a particular asset and controls for that asset






3. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






4. Asymmetric encryption of a hash of message






5. The core of a computer that calculates






6. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.






7. The hard drive






8. Control type- that is communication based - typically written or oral






9. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.






10. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives






11. Small data files written to a user's hard drive by a web server.






12. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.






13. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






14. Provides a physical cross connect point for devices.






15. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






16. Lower frequency noise






17. A collection of information designed to reduce duplication and increase integrity






18. Effort/time needed to overcome a protective measure






19. A process state - to be executing a process on the CPU






20. Eavesdropping on network communications by a third party.






21. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.






22. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






23. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner






24. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities






25. Intellectual property protection for the expression of an idea






26. An attack involving the hijacking of a TCP session by predicting a sequence number.






27. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.






28. Momentary loss of power






29. A test conducted on one or more components of a plan under actual operating conditions.






30. Can be statistical (monitor behavior) or signature based (watch for known attacks)






31. A state where two subjects can access the same object without proper mediation






32. What is will remain - persistence






33. Recovery alternative which outsources a business function at a cost






34. An asymmetric cryptography mechanism that provides authentication.






35. A type of multitasking that allows for more even distribution of computing time among competing request






36. A device that sequentially switches multiple analog inputs to the output.






37. Two different keys decrypt the same cipher text






38. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






39. To segregate for the purposes of labeling






40. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






41. RADIUS - TACACS+ - Diameter






42. Malware that makes small random changes to many data points






43. Memory - RAM






44. Descrambling the encrypted message with the corresponding key






45. Communication of a security incident to stakeholders and data owners.






46. Abstract and mathematical in nature - defining all possible states - transitions and operations






47. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.






48. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






49. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals






50. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.