Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To assert or claim credentialing to an authentication system






2. Renders the file inaccessible to the operating system - available to reuse for data storage.






3. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc






4. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."






5. Responsibility of a user for the actions taken by their account which requires unique identification






6. Review of data






7. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys






8. A type of attack involving attempted insertion - deletion or altering of data.






9. A process state - to be executing a process on the CPU






10. To know more than one job






11. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.






12. A backup type - for databases at a point in time






13. Code breaking - practice of defeating the protective properties of cryptography.






14. Quantity of risk remaining after a control is applied






15. Try a list of words in passwords or encryption keys






16. Descrambling the encrypted message with the corresponding key






17. Forgery of the sender's email address in an email header.






18. A Trojan horse with the express underlying purpose of controlling host from a distance






19. A state for operating system tasks only






20. A electronic attestation of identity by a certificate authority






21. The problems solving state - the opposite of supervisor mode






22. Business and technical process of applying security software updates in a regulated periodic way






23. Memory management technique which allows data to be moved from one memory address to another






24. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.






25. A covert storage channel on the file attribute






26. A process state - to be either be unable to run waiting for an external event or terminated






27. A BCP testing type - a test that answers the question: Can the organization replicate the business process?






28. Eavesdropping on network communications by a third party.






29. DoS - Spoofing - dictionary - brute force - wardialing






30. Reduces causes of fire






31. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing






32. Control category- to restore to a previous state by removing the adversary and or the results of their actions






33. Policy or stated actions






34. Regular operations are stopped and where processing is moved to the alternate site.






35. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






36. The property that data meet with a priority expectation of quality and that the data can be relied upon.






37. A mathematical tool for verifying no unintentional changes have been made






38. Abstract and mathematical in nature - defining all possible states - transitions and operations






39. Record of system activity - which provides for monitoring and detection.






40. Requirement to take time off






41. OOP concept of an object's abilities - what it does






42. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






43. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






44. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.






45. A telephone exchange for a specific office or business.






46. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN






47. Pertaining to law - high degree of veracity






48. Memory management technique which allows subjects to use the same resource






49. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives






50. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.