Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A control after attack






2. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






3. Hitting a filed down key in a lock with a hammer to open without real key






4. The managerial approval to operate a system based upon knowledge of risk to operate






5. One of the key benefits of a network is the ability to share files stored on the server among several users.






6. Information that - if made public or even shared around the organization - could seriously impede the organization's operations






7. One entity with two competing allegiances






8. Maintenance procedures outline the process for the review and update of business continuity plans.






9. A shield against leakage of electromagnetic signals.






10. The core of a computer that calculates






11. Natural occurrence in circuits that are in close proximity






12. Hiding the fact that communication has occurred






13. Recording the Who What When Where How of evidence






14. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






15. Potential danger to information or systems






16. Recovery alternative which includes cold site and some equipment and infrastructure is available






17. The chance that something negative will occur






18. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






19. To smooth out reductions or increases in power






20. The hard drive






21. The connection between a wireless and wired network.






22. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






23. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






24. A description of a database






25. A state for operating system tasks only






26. Converts source code to an executable






27. Maximum tolerance for loss of certain business function - basis of strategy






28. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.






29. A database backup type which records at the transaction level






30. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






31. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






32. Unauthorized wireless network access device.






33. Business and technical process of applying security software updates in a regulated periodic way






34. System directed mediation of access with labels






35. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.






36. The partial or full duplication of data from a source database to one or more destination databases.






37. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."






38. A passive network attack involving monitoring of traffic.






39. Weakness or flaw in an asset






40. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






41. Standard for the establishment - implementation - control - and improvement of the Information Security Management System






42. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






43. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.






44. A software design technique for abstraction of a process






45. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






46. To break a business process into separate functions and assign to different people






47. A backup type which creates a complete copy






48. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






49. A physical enclosure for verifying identity before entry to a facility






50. Small data warehouse