Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Responsibility for actions






2. Object based description of a single resource and the permission each subject






3. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






4. Mitigation of system or component loss or interruption through use of backup capability.






5. Record history of incident






6. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






7. To set the clearance of a subject or the classification of an object






8. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






9. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






10. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






11. Tool which mediates access






12. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.






13. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






14. To smooth out reductions or increases in power






15. Small data warehouse






16. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






17. Standard for the establishment - implementation - control - and improvement of the Information Security Management System






18. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).






19. Subject based description of a system or a collection of resources






20. An availability attack - to consume resources to the point of exhaustion






21. False memory reference






22. Intellectual property protection for an invention






23. Using small special tools all tumblers of the lock are aligned - opening the door






24. A programming design concept which abstracts one set of functions from another in a serialized fashion






25. A physical enclosure for verifying identity before entry to a facility






26. Record of system activity - which provides for monitoring and detection.






27. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.






28. Provides a physical cross connect point for devices.






29. Uncheck data input which results in redirection






30. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






31. A covert storage channel on the file attribute






32. To evaluate the current situation and make basic decisions as to what to do






33. A mail server that improperly allows inbound SMTP connections for domains it does not serve.






34. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.






35. More than one processor sharing same memory - also know as parallel systems






36. Malware that subverts the detective controls of an operating system






37. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources






38. To start business continuity processes






39. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






40. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






41. Creation distribution update and deletion






42. A failure of an IDS to detect an actual attack






43. Written core statements that rarely change






44. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






45. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






46. Used to code/decode a digital data stream.






47. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.






48. A computer designed for the purpose of studying adversaries






49. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






50. A temporary public file to inform others of a compromised digital certificate