Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.






2. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc






3. Intellectual property protection for marketing efforts






4. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.






5. The core logic engine of an operating system which almost never changes






6. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






7. Pertaining to law - accepted by a court






8. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






9. Responsibility for actions






10. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






11. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.






12. System mediation of access with the focus on the context of the request






13. Asymmetric encryption of a hash of message






14. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.






15. A control after attack






16. Unauthorized access of network devices.






17. Statistical probabilities of a collision are more likely than one thinks






18. Written step-by-step actions






19. A state for operating system tasks only






20. Hardware or software that is part of a larger system






21. A trusted issuer of digital certificates






22. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.






23. To create a copy of data as a precaution against the loss or damage of the original data.






24. Hitting a filed down key in a lock with a hammer to open without real key






25. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.






26. To reduce fire






27. Recording activities at the keyboard level






28. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.






29. Unused storage capacity






30. Outputs within a given function are the same result






31. Amount of time for restoring a business process or function to normal operations without major loss






32. Data or interference that can trigger a false positive






33. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






34. Hiding the fact that communication has occurred






35. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor






36. Measures followed to restore critical functions following a security incident.






37. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






38. Objects or programming that looks the different but act same






39. RADIUS - TACACS+ - Diameter






40. Natural or human-readable form of message






41. Continuous surveillance - to provide for detection and response of any failure in preventive controls.






42. A system designed to prevent unauthorized access to or from a private network.






43. System directed mediation of access with labels






44. Standard for the establishment - implementation - control - and improvement of the Information Security Management System






45. A basic level of network access control that is based upon information contained in the IP packet header.






46. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.






47. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.






48. Unauthorized wireless network access device.






49. Object reuse protection and auditing






50. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).