CISSP STUDY GUIDE QUESTIONS
WITH COMPLETE ANSWERS||a
\."Bad" Blocks/Clusters/sectors - Answer-Good disk blocks marked as bad
\.4GL - Answer-Fourth-generation programming language designed to increase
programmers efficiency by automating the creation of computer programming code
\.4GL / Fourth-generation programming language - Answer-Designed to increase
programmer's efficiency by automating the creation of computer programming code
\.802.11 - Answer-Wireless networking standard
\.802.11-1997 - Answer-The original mode of 802.11 operated at 2mbs using the 2.4
GHz frequency
\.802.11a - Answer-802.11 mode that operates at 54 mbps using the 5 GHz frequency
\.802.11b - Answer-802.11 mode that operates at 11 mbps using the 2.4 GHz frequency
\.802.11g - Answer-802.11 mode that operates at 54 mbps using the 2.4 GHz frequency
\.802.11i - Answer-The first 802.11 wireless security standard that provides reasonable
security
\.802.11n - Answer-802.11 mode that uses both 2.4 and 5 GHz frequencies and allows
speeds of 144 mbps and beyond
\.802.1X - Answer-Port-based Network Access Control layer 2 authentication
\.ABM - Answer-Asynchronous Mode HDLC combined mode where nodes may act as
primary or secondary, initiating transmission without receiving permission
\.Abstraction - Answer-Hides unnecessary details from the user
\.Acceptance Testing - Answer-Testing to ensure the software meets the customers
operational requirements
\.Access - Answer-A subject's ability to view, modify, or communicate with an object.
Access enables the flow of information between the subject and the object.
,\.Access aggregation - Answer-The collective entitlements granted by multiple systems
to one user. Can lead to authorization creep
\.Access Control - Answer-Mechanisms, controls, and methods of limiting access to
resources to authorized subjects only.
\.Access Control list (ACL) - Answer-A list of subjects that are authorized to access a
particular object. Typically, the types of access are read, write, execute, append,
modify, delete, and create.
\.Access Control Lists/ACL - Answer-Access Control List
\.Access Control Matrix - Answer-Table defining what access permissions exist between
specific subjects and objects
\.Access Control Mechanism - Answer-Administrative, physical, or technical control that
is designed to detect and prevent unauthorized access to a resource or environment.
\.Account Lockout - Answer-Disables an account after a set number of failed logins,
sometimes during a specific time period
\.Accountability - Answer-A security principle indicating that individuals must be
identifiable and must be held responsible for their actions.
\.Accountability - Answer-Holds individuals accountable for their actions
\.Accountability Principle - Answer-OECD Privacy Guideline principle which states
individuals should have the right to challenge the content of any personal data being
held, and have a process for updating their personal data if found to be inaccurate or
incomplete
\.Accreditation - Answer-The data owners acceptance of the risk represented by a
system
\.Accredited - Answer-A computer system or network that has received official
authorization and approval to process sensitive data in a specific operational
environment. There must be a security evaluation of the system's hardware, software,
configurations, and controls by technical personnel.
\.ACK - Answer-TCP flag, acknowledge received data
\.Act honorably, justly, responsibly, and legally - Answer-Second canon of the (ISC)2
Code of ethics
\.Active RFID - Answer-Powered RFID tags that can operate via larger distances
,\.Active-active Cluster - Answer-Involves multiple systems all of which are online and
actively processing traffic or data
\.Active-passive Cluster - Answer-Involves devices or systems that are already in place,
configured, powered on and ready to begin processing network traffic should a failure
occur on the primary system
\.ActiveX controls - Answer-The functional equivalent of Java applets. They use digital
certificates instead of a sandbox to provide security
\.Ad hoc mode - Answer-802.11 peer-to-peer mode with no central AP
\.Add-on Security - Answer-Security protection mechanisms that are hardware or
software retrofitted to a system to increase that system's protection level.
\.Address Space Layout Randomization/ASLR - Answer-Address Space Layout
Randomization, seeks to decrease the likelihood of successful exploitation by making
memory address employed by the system less predictable
\.Administrative Controls - Answer-Implemented by creating and following organizational
policy, procedures, or regulation. Also called directive controls
\.Administrative Controls - Answer-Security mechanisms that are management's
responsibility and referred to as "soft" controls. These controls include the development
and publication of policies, standards, procedures, and guidelines; the screening of
personnel; security-awareness training; the monitoring of system activity; and change
control procedures.
\.Administrative Law - Answer-Law enacted by government agencies, aka regulatory
law
\.ADSL - Answer-Asymmetric Digital Subscriber Line, DSL featuring faster download
speeds than upload
\.Advance and protect the profession - Answer-Fourth canon of the (ISC)2 Code of
Ethics
\.Advanced Encryption Standard/AES - Answer-Advanced Encryption Standard, a block
cipher using 128 bit, 192 bit, or 256 bit keys to encrypt 128-bit blocks of data
\.Agents of law enforcement - Answer-Private citizens carrying out actions on the behalf
of law enforcement
\.Aggregation - Answer-Mathematical attack where a user is able to use lower-level
access to learn restricted information
, \.Aggregation - Answer-The act of combining information from separate sources of a
lower classification level that results in the creation of information of a higher
classification level, which the subject does not have the necessary rights to access.
\.Agile Software Development - Answer-Flexible software development model that
evolved as a reaction to rigid software development models such as the Waterfall Model
\.AH/Authentication Header - Answer-Authentication Header, Ipsec protocol that
provides authentication and integrity for each packet of network data
\.AIC triad - Answer-The three security principles: availability, intregrity, and
confidentiality.
\.ALE/Annualized Loss Expectancy - Answer-The cost of loss due to a risk over a year
\.All pairs testing - Answer-Form of combinatorial software testing that tests unique pairs
of inputs otherwise known as (Pairwise testing)
\.Allocated Space - Answer-Portions of disk partition that are marked as actively
containing data
\.ALU/Arithmetic Logic Unit - Answer-CPU Component that performs mathematical
calculations
\.Analog - Answer-Communications that sends a continuous wave of information
\.ANN/Artificial Neural Networks - Answer-Simulate neural networks found in humans
and animals
\.Annualized loss expectancy (ALE) - Answer-A dollar amount that estiamtes the loss
potenial from a risk in a span of a year. Single Loss Expectancy (SLE) x annualized rate
of occurrence (ARO) = ALE
\.Annualized Rate of Occurrence (ARO) - Answer-The value that represents the
estimated possibility of a specific threat taking place within a one-year timeframe.
\.Antimalware - Answer-Software whose principal functions include the identification and
mitigation of malware; also known as antivirus, although this term could be specific to
only one type of malware.
\.Antivirus Software - Answer-Software designed to prevent and detect malware
infections
\.API/Application Programmers Interface - Answer-Allows an application to
communicate with another application, or an operating system, database, network, etc.
WITH COMPLETE ANSWERS||a
\."Bad" Blocks/Clusters/sectors - Answer-Good disk blocks marked as bad
\.4GL - Answer-Fourth-generation programming language designed to increase
programmers efficiency by automating the creation of computer programming code
\.4GL / Fourth-generation programming language - Answer-Designed to increase
programmer's efficiency by automating the creation of computer programming code
\.802.11 - Answer-Wireless networking standard
\.802.11-1997 - Answer-The original mode of 802.11 operated at 2mbs using the 2.4
GHz frequency
\.802.11a - Answer-802.11 mode that operates at 54 mbps using the 5 GHz frequency
\.802.11b - Answer-802.11 mode that operates at 11 mbps using the 2.4 GHz frequency
\.802.11g - Answer-802.11 mode that operates at 54 mbps using the 2.4 GHz frequency
\.802.11i - Answer-The first 802.11 wireless security standard that provides reasonable
security
\.802.11n - Answer-802.11 mode that uses both 2.4 and 5 GHz frequencies and allows
speeds of 144 mbps and beyond
\.802.1X - Answer-Port-based Network Access Control layer 2 authentication
\.ABM - Answer-Asynchronous Mode HDLC combined mode where nodes may act as
primary or secondary, initiating transmission without receiving permission
\.Abstraction - Answer-Hides unnecessary details from the user
\.Acceptance Testing - Answer-Testing to ensure the software meets the customers
operational requirements
\.Access - Answer-A subject's ability to view, modify, or communicate with an object.
Access enables the flow of information between the subject and the object.
,\.Access aggregation - Answer-The collective entitlements granted by multiple systems
to one user. Can lead to authorization creep
\.Access Control - Answer-Mechanisms, controls, and methods of limiting access to
resources to authorized subjects only.
\.Access Control list (ACL) - Answer-A list of subjects that are authorized to access a
particular object. Typically, the types of access are read, write, execute, append,
modify, delete, and create.
\.Access Control Lists/ACL - Answer-Access Control List
\.Access Control Matrix - Answer-Table defining what access permissions exist between
specific subjects and objects
\.Access Control Mechanism - Answer-Administrative, physical, or technical control that
is designed to detect and prevent unauthorized access to a resource or environment.
\.Account Lockout - Answer-Disables an account after a set number of failed logins,
sometimes during a specific time period
\.Accountability - Answer-A security principle indicating that individuals must be
identifiable and must be held responsible for their actions.
\.Accountability - Answer-Holds individuals accountable for their actions
\.Accountability Principle - Answer-OECD Privacy Guideline principle which states
individuals should have the right to challenge the content of any personal data being
held, and have a process for updating their personal data if found to be inaccurate or
incomplete
\.Accreditation - Answer-The data owners acceptance of the risk represented by a
system
\.Accredited - Answer-A computer system or network that has received official
authorization and approval to process sensitive data in a specific operational
environment. There must be a security evaluation of the system's hardware, software,
configurations, and controls by technical personnel.
\.ACK - Answer-TCP flag, acknowledge received data
\.Act honorably, justly, responsibly, and legally - Answer-Second canon of the (ISC)2
Code of ethics
\.Active RFID - Answer-Powered RFID tags that can operate via larger distances
,\.Active-active Cluster - Answer-Involves multiple systems all of which are online and
actively processing traffic or data
\.Active-passive Cluster - Answer-Involves devices or systems that are already in place,
configured, powered on and ready to begin processing network traffic should a failure
occur on the primary system
\.ActiveX controls - Answer-The functional equivalent of Java applets. They use digital
certificates instead of a sandbox to provide security
\.Ad hoc mode - Answer-802.11 peer-to-peer mode with no central AP
\.Add-on Security - Answer-Security protection mechanisms that are hardware or
software retrofitted to a system to increase that system's protection level.
\.Address Space Layout Randomization/ASLR - Answer-Address Space Layout
Randomization, seeks to decrease the likelihood of successful exploitation by making
memory address employed by the system less predictable
\.Administrative Controls - Answer-Implemented by creating and following organizational
policy, procedures, or regulation. Also called directive controls
\.Administrative Controls - Answer-Security mechanisms that are management's
responsibility and referred to as "soft" controls. These controls include the development
and publication of policies, standards, procedures, and guidelines; the screening of
personnel; security-awareness training; the monitoring of system activity; and change
control procedures.
\.Administrative Law - Answer-Law enacted by government agencies, aka regulatory
law
\.ADSL - Answer-Asymmetric Digital Subscriber Line, DSL featuring faster download
speeds than upload
\.Advance and protect the profession - Answer-Fourth canon of the (ISC)2 Code of
Ethics
\.Advanced Encryption Standard/AES - Answer-Advanced Encryption Standard, a block
cipher using 128 bit, 192 bit, or 256 bit keys to encrypt 128-bit blocks of data
\.Agents of law enforcement - Answer-Private citizens carrying out actions on the behalf
of law enforcement
\.Aggregation - Answer-Mathematical attack where a user is able to use lower-level
access to learn restricted information
, \.Aggregation - Answer-The act of combining information from separate sources of a
lower classification level that results in the creation of information of a higher
classification level, which the subject does not have the necessary rights to access.
\.Agile Software Development - Answer-Flexible software development model that
evolved as a reaction to rigid software development models such as the Waterfall Model
\.AH/Authentication Header - Answer-Authentication Header, Ipsec protocol that
provides authentication and integrity for each packet of network data
\.AIC triad - Answer-The three security principles: availability, intregrity, and
confidentiality.
\.ALE/Annualized Loss Expectancy - Answer-The cost of loss due to a risk over a year
\.All pairs testing - Answer-Form of combinatorial software testing that tests unique pairs
of inputs otherwise known as (Pairwise testing)
\.Allocated Space - Answer-Portions of disk partition that are marked as actively
containing data
\.ALU/Arithmetic Logic Unit - Answer-CPU Component that performs mathematical
calculations
\.Analog - Answer-Communications that sends a continuous wave of information
\.ANN/Artificial Neural Networks - Answer-Simulate neural networks found in humans
and animals
\.Annualized loss expectancy (ALE) - Answer-A dollar amount that estiamtes the loss
potenial from a risk in a span of a year. Single Loss Expectancy (SLE) x annualized rate
of occurrence (ARO) = ALE
\.Annualized Rate of Occurrence (ARO) - Answer-The value that represents the
estimated possibility of a specific threat taking place within a one-year timeframe.
\.Antimalware - Answer-Software whose principal functions include the identification and
mitigation of malware; also known as antivirus, although this term could be specific to
only one type of malware.
\.Antivirus Software - Answer-Software designed to prevent and detect malware
infections
\.API/Application Programmers Interface - Answer-Allows an application to
communicate with another application, or an operating system, database, network, etc.
