Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






2. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






3. Written step-by-step actions






4. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities






5. A BCP testing type - (structured walkthrough) - a test that answers the question: Is everything need for recovery available?






6. Summary of a communication for the purpose of integrity






7. Written internalized or nationalized norms that are internal to an organization






8. Narrow scope examination of a system






9. Descrambling the encrypted message with the corresponding key






10. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.






11. A backup of data located where staff can gain access immediately






12. Weak evidence






13. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






14. Uses two or more legal systems






15. A process state - (blocked) needing input before continuing






16. One way encryption






17. Subjects will not interact with each other's objects






18. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.






19. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN






20. Object based description of a single resource and the permission each subject






21. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






22. Consume resources to a point of exhaustion - loss of availability






23. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






24. Third party processes used to organize the implementation of an architecture






25. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






26. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






27. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.






28. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal






29. Moving letters around






30. Information about data or records






31. Highest level of authority at EOC with knowledge of the business process and the resources available






32. A process state - to be executing a process on the CPU






33. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






34. A set of laws that the organization agrees to be bound by






35. A group or network of honeypots






36. The collection and summation of risk data relating to a particular asset and controls for that asset






37. For PKI - to have more than one person in charge of a sensitive function






38. A copy of transaction data - designed for querying and reporting






39. A secure connection to another network.






40. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






41. Unauthorized wireless network access device.






42. Uncheck data input which results in redirection






43. State of computer - to be running a process






44. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






45. Location to perform the business function






46. Controls for logging and alerting






47. One entity with two competing allegiances






48. A control before attack






49. A backup type - for databases at a point in time






50. Recovery alternative - short-term - high cost movable processing location