Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






2. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






3. Substitution at the word or phrase level






4. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






5. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements






6. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






7. Momentary loss of power






8. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.






9. Power surge






10. Written internalized or nationalized norms that are internal to an organization






11. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.






12. Malware that subverts the detective controls of an operating system






13. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






14. Weak evidence






15. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination






16. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






17. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.






18. Alerts personnel to the presence of a fire






19. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






20. Granular decision by a system of permitting or denying access to a particular resource on the system






21. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






22. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities






23. Indivisible - data field must contain only one value that either all transactions take place or none do






24. Key






25. To segregate for the purposes of labeling






26. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






27. Induces a crime - tricks a person - and is illegal






28. An asymmetric cryptography mechanism that provides authentication.






29. OOP concept of a distinct copy of the class






30. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.






31. Joining two pieces of text






32. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






33. Can be statistical (monitor behavior) or signature based (watch for known attacks)






34. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






35. Business and technical process of applying security software updates in a regulated periodic way






36. Control category- to record an adversary's actions






37. To move from location to location - keeping the same function






38. Disruption of operation of an electronic device due to a competing electromagnetic field.






39. Try a list of words in passwords or encryption keys






40. Requirement of access to data for a clearly defined purpose






41. Real-time - automatic and transparent backup of data.






42. Vehicle or tool that exploits a weakness






43. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






44. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






45. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






46. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






47. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






48. The one person responsible for data - its classification and control setting






49. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






50. Standard for the establishment - implementation - control - and improvement of the Information Security Management System