Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Recording activities at the keyboard level






2. Recovery alternative - a building only with sufficient power - and HVAC






3. High level design or model with a goal of consistency - integrity - and balance






4. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things






5. Intermediate level - pertaining to planning






6. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






7. DoS - Spoofing - dictionary - brute force - wardialing






8. With enough computing power trying all possible combinations






9. Two certificate authorities that trust each other






10. A BCP testing type - (structured walkthrough) - a test that answers the question: Is everything need for recovery available?






11. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.






12. A database that contains the name - type - range of values - source and authorization for access for each data element






13. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






14. System directed mediation of access with labels






15. To reduce sudden rises in current






16. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






17. More than one processor sharing same memory - also know as parallel systems






18. More than one process in the middle of executing at a time






19. A template for the designing the architecture






20. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






21. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






22. Is secondhand and usually not admissible in court






23. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities






24. Communication of a security incident to stakeholders and data owners.






25. Amount of time for restoring a business process or function to normal operations without major loss






26. A Trojan horse with the express underlying purpose of controlling host from a distance






27. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






28. A state where two subjects can access the same object without proper mediation






29. Control type- that is communication based - typically written or oral






30. A description of a database






31. A group or network of honeypots






32. A backup type which creates a complete copy






33. Potentially compromising leakage of electrical or acoustical signals.






34. Actions measured against either a policy or what a reasonable person would do






35. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys






36. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






37. A type of attack involving attempted insertion - deletion or altering of data.






38. Event(s) that cause harm






39. Long term knowledge building






40. Recovery alternative - short-term - high cost movable processing location






41. Asymmetric encryption of a hash of message






42. People protect their domain






43. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.






44. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






45. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions






46. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






47. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.






48. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






49. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.






50. Prolonged loss of commercial power