Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Inappropriate data






2. Final purpose or result






3. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate






4. Weakness or flaw in an asset






5. High level design or model with a goal of consistency - integrity - and balance






6. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.






7. Subject based description of a system or a collection of resources






8. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






9. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






10. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.






11. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.






12. Weak evidence






13. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys






14. Recording the Who What When Where How of evidence






15. Maintenance procedures outline the process for the review and update of business continuity plans.






16. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.






17. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






18. Trading one for another






19. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?






20. A race condition where the security changes during the object's access






21. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities






22. An administrative unit or a group of objects and subjects controlled by one reference monitor






23. To know more than one job






24. To reduce sudden rises in current






25. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






26. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






27. Independent malware that requires user interaction to execute






28. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.






29. Record history of incident






30. To break a business process into separate functions and assign to different people






31. Converts source code to an executable






32. Try a list of words in passwords or encryption keys






33. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.






34. A collection of data or information that has a name






35. Two different keys decrypt the same cipher text






36. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






37. Evaluation of a system without prior knowledge by the tester






38. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.






39. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






40. Subset of operating systems components dedicated to protection mechanisms






41. Another subject cannot see an ongoing or pending update until it is complete






42. Object based description of a single resource and the permission each subject






43. Code breaking - practice of defeating the protective properties of cryptography.






44. Continuous surveillance - to provide for detection and response of any failure in preventive controls.






45. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions






46. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






47. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






48. Unused storage capacity






49. Mitigate damage by isolating compromised systems from the network.






50. System directed mediation of access with labels