Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Responsibility of a user for the actions taken by their account which requires unique identification






2. System directed mediation of access with labels






3. Control category- to give instructions or inform






4. Eavesdropping on network communications by a third party.






5. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.






6. The chance that something negative will occur






7. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






8. A record that must be preserved and available for retrieval if needed.






9. Recording activities at the keyboard level






10. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






11. Written suggestions that direct choice to a few alternatives






12. Unauthorized wireless network access device.






13. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.






14. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






15. The technical and risk assesment of a system within the context of the operating environment






16. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.






17. Effort/time needed to overcome a protective measure






18. Methodical research of an incident with the purpose of finding the root cause






19. Process of statistically testing a data set for the likelihood of relevant information.






20. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.






21. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






22. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






23. Record history of incident






24. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






25. Encryption system using shared key/private key/single key/secret key






26. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.






27. For PKI - to store another copy of a key






28. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.






29. Initial surge of current






30. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






31. People who interact with assets






32. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective






33. A trusted issuer of digital certificates






34. A set of laws that the organization agrees to be bound by






35. Quantity of risk remaining after a control is applied






36. Intellectual property protection for an invention






37. A BCP testing type - (structured walkthrough) - a test that answers the question: Is everything need for recovery available?






38. Organized group of compromised computers






39. Object reuse protection and auditing






40. A signal suggesting a system has been or is being attacked.






41. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






42. OOP concept of a template that consist of attributes and behaviors






43. Malware that makes many small changes over time to a single data point or system






44. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.






45. A device that provides the functions of both a bridge and a router.






46. A disturbance that degrades performance of electronic devices and electronic communications.






47. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due






48. Low level - pertaining to planning






49. A database that contains the name - type - range of values - source and authorization for access for each data element






50. A distributed system's transaction control that requires updates to complete or rollback