Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities






2. Malware that makes many small changes over time to a single data point or system






3. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.






4. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.






5. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.






6. Communication of a security incident to stakeholders and data owners.






7. An encryption method that has a key as long as the message






8. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm






9. An event which stops business from continuing.






10. To jump to a conclusion






11. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.






12. Employment education done once per position or at significant change of function






13. Mediation of covert channels must be addressed






14. Control category - more than one control on a single asset






15. Maximum tolerance for loss of certain business function - basis of strategy






16. Mitigate damage by isolating compromised systems from the network.






17. RADIUS - TACACS+ - Diameter






18. Granular decision by a system of permitting or denying access to a particular resource on the system






19. Just enough access to do the job






20. Written step-by-step actions






21. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.






22. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated






23. A software design technique for abstraction of a process






24. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.






25. Record history of incident






26. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






27. Mediation of subject and object interactions






28. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






29. To segregate for the purposes of labeling






30. Hiding the fact that communication has occurred






31. Provides a physical cross connect point for devices.






32. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






33. Control category- to record an adversary's actions






34. Short period of low voltage.






35. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.






36. A database backup type which records at the transaction level






37. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






38. Mitigation of system or component loss or interruption through use of backup capability.






39. A Denial of Service attack that floods the target system with connection requests that are not finalized.






40. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.






41. Record of system activity - which provides for monitoring and detection.






42. A telephone exchange for a specific office or business.






43. A passive network attack involving monitoring of traffic.






44. Unsolicited advertising software






45. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






46. Business and technical process of applying security software updates in a regulated periodic way






47. One entity with two competing allegiances






48. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






49. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






50. Act of luring an intruder and is legal.