Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Recovery alternative which includes cold site and some equipment and infrastructure is available






2. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






3. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






4. Policy or stated actions






5. A failure of an IDS to detect an actual attack






6. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






7. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






8. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc






9. Controls for termination of attempt to access object






10. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






11. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."






12. Evidence must be: admissible - authentic - complete - accurate - and convincing






13. Using small special tools all tumblers of the lock are aligned - opening the door






14. Inappropriate data






15. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






16. Weak evidence






17. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






18. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






19. Malware that makes many small changes over time to a single data point or system






20. A protocol for the efficient transmission of voice over the Internet






21. A test conducted on one or more components of a plan under actual operating conditions.






22. More than one process in the middle of executing at a time






23. Short period of low voltage.






24. A technology that reduces the size of a file.






25. Tool which mediates access






26. An administrative unit or a group of objects and subjects controlled by one reference monitor






27. The study of cryptography and cryptanalysis






28. A system that enforces an access control policy between two networks.






29. High degree of visual control






30. A running key using a random key that is never used again






31. To create a copy of data as a precaution against the loss or damage of the original data.






32. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






33. The one person responsible for data - its classification and control setting






34. Data or interference that can trigger a false positive






35. Program that inappropriately collects private data or activity






36. To break a business process into separate functions and assign to different people






37. Quantity of risk remaining after a control is applied






38. Information about a particular data set






39. To execute more than one instruction at an instant in time






40. High level design or model with a goal of consistency - integrity - and balance






41. A program with an inappropriate second purpose






42. The event signaling an IDS to produce an alarm when no attack has taken place






43. Unsolicited commercial email






44. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.






45. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






46. Statistical probabilities of a collision are more likely than one thinks






47. Location to perform the business function






48. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






49. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






50. Substitution at the word or phrase level