Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To jump to a conclusion






2. OOP concept of a taking attributes from the original or parent






3. Reduction of voltage by the utility company for a prolonged period of time






4. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions






5. Key






6. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






7. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.






8. Asymmetric encryption of a hash of message






9. OOP concept of an object at runtime






10. Employment education done once per position or at significant change of function






11. Act of luring an intruder and is legal.






12. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.






13. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.






14. A running key using a random key that is never used again






15. A choice in risk management - to implement a control that limits or lessens negative effects






16. The problems solving state - the opposite of supervisor mode






17. Actions measured against either a policy or what a reasonable person would do






18. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






19. A state for operating system tasks only






20. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






21. To reduce sudden rises in current






22. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.






23. Total number of keys available that may be selected by the user of a cryptosystem






24. OOP concept of a distinct copy of the class






25. Recovery alternative which outsources a business function at a cost






26. A secure connection to another network.






27. Subject based description of a system or a collection of resources






28. A state where two subjects can access the same object without proper mediation






29. Forgery of the sender's email address in an email header.






30. A race condition where the security changes during the object's access






31. A process state - to be either be unable to run waiting for an external event or terminated






32. A type of multitasking that allows for more even distribution of computing time among competing request






33. An attack involving the hijacking of a TCP session by predicting a sequence number.






34. Hitting a filed down key in a lock with a hammer to open without real key






35. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






36. Controls deployed to avert unauthorized and/or undesired actions.






37. Consume resources to a point of exhaustion - loss of availability






38. Sphere of influence






39. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.






40. Binary decision by a system of permitting or denying access to the entire system






41. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






42. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.






43. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






44. Data or interference that can trigger a false positive






45. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






46. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






47. Quantity of risk remaining after a control is applied






48. A signal suggesting a system has been or is being attacked.






49. OOP concept of a template that consist of attributes and behaviors






50. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)