Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.






2. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."






3. A electronic attestation of identity by a certificate authority






4. OOP concept of a class's details to be hidden from object






5. Methodical research of an incident with the purpose of finding the root cause






6. Memory management technique which allows data to be moved from one memory address to another






7. The hard drive






8. Searching for wireless networks in a moving car.






9. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.






10. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.






11. To reduce fire






12. Intellectual property management technique for identifying after distribution






13. Unauthorized access of network devices.






14. A layer 2 device that used to connect two or more network segments and regulate traffic.






15. High level design or model with a goal of consistency - integrity - and balance






16. Subset of operating systems components dedicated to protection mechanisms






17. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






18. Record history of incident






19. An attack that breaks up malicious code into fragments - in an attempt to elude detection.






20. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas






21. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.






22. Communicate to stakeholders






23. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks






24. A layer 3 device that used to connect two or more network segments and regulate traffic.






25. Potential danger to information or systems






26. Try a list of words in passwords or encryption keys






27. A programming design concept which abstracts one set of functions from another in a serialized fashion






28. A copy of transaction data - designed for querying and reporting






29. A description of a database






30. A type a computer memory that temporarily stores frequently used information for quick access.






31. A type of attack involving attempted insertion - deletion or altering of data.






32. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities






33. A device that sequentially switches multiple analog inputs to the output.






34. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal






35. Firewalls - encryption - and access control lists






36. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.






37. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.






38. Standard for the establishment - implementation - control - and improvement of the Information Security Management System






39. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.






40. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)






41. Control type- that is communication based - typically written or oral






42. A device that converts between digital and analog representation of data.






43. Potentially retrievable data residue that remains following intended erasure of data.






44. Unsolicited commercial email






45. Converts source code to an executable






46. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






47. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






48. Measures followed to restore critical functions following a security incident.






49. A state where two subjects can access the same object without proper mediation






50. The study of cryptography and cryptanalysis