Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Just enough access to do the job






2. Responsibility for actions






3. An image compression standard for photographs






4. An encryption method that has a key as long as the message






5. Summary of a communication for the purpose of integrity






6. A secure connection to another network.






7. Natural or human-readable form of message






8. Disruption of operation of an electronic device due to a competing electromagnetic field.






9. A distributed system's transaction control that requires updates to complete or rollback






10. Mathematical function that determines the cryptographic operations






11. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.






12. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions






13. Written suggestions that direct choice to a few alternatives






14. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






15. Policy or stated actions






16. A process state - to be either be unable to run waiting for an external event or terminated






17. Written internalized or nationalized norms that are internal to an organization






18. Business and technical process of applying security software updates in a regulated periodic way






19. Continuous surveillance - to provide for detection and response of any failure in preventive controls.






20. Natural occurrence in circuits that are in close proximity






21. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.






22. Eavesdropping on network communications by a third party.






23. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.






24. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.






25. To reduce fire






26. Searching for wireless networks in a moving car.






27. Small data files written to a user's hard drive by a web server.






28. System directed mediation of access with labels






29. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.






30. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.






31. Information about a particular data set






32. A Trojan horse with the express underlying purpose of controlling host from a distance






33. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN






34. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






35. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






36. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals






37. Act of luring an intruder and is legal.






38. To reduce sudden rises in current






39. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






40. Program instructions based upon the CPU's specific architecture






41. Intellectual property protection for the expression of an idea






42. Inappropriate data






43. Code breaking - practice of defeating the protective properties of cryptography.






44. Renders the record inaccessible to the database management system






45. Mitigate damage by isolating compromised systems from the network.






46. Recovery alternative - a building only with sufficient power - and HVAC






47. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






48. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.






49. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






50. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)