Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A programming design concept which abstracts one set of functions from another in a serialized fashion






2. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






3. Moving the alphabet intact a certain number spaces






4. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






5. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






6. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.






7. Mitigation of system or component loss or interruption through use of backup capability.






8. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






9. A form of data hiding which protects running threads of execution from using each other's memory






10. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






11. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated






12. Actions measured against either a policy or what a reasonable person would do






13. Maximum tolerance for loss of certain business function - basis of strategy






14. Independent malware that requires user interaction to execute






15. Is secondhand and usually not admissible in court






16. Of a system without prior knowledge by the tester or the tested






17. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor






18. Provides a physical cross connect point for devices.






19. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






20. Process of statistically testing a data set for the likelihood of relevant information.






21. A distributed system's transaction control that requires updates to complete or rollback






22. Two certificate authorities that trust each other






23. To assert or claim credentialing to an authentication system






24. The technical and risk assesment of a system within the context of the operating environment






25. A hash that has been further encrypted with a symmetric algorithm






26. Real-time - automatic and transparent backup of data.






27. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc






28. The study of cryptography and cryptanalysis






29. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






30. Recovery alternative which outsources a business function at a cost






31. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?






32. Third party processes used to organize the implementation of an architecture






33. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.






34. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






35. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things






36. A trusted issuer of digital certificates






37. A choice in risk management - to convince another to assume risk - typically by payment






38. Encryption system using a pair of mathematically related unequal keys






39. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.






40. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.






41. An unintended communication path






42. Control category- to record an adversary's actions






43. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.






44. Mitigate damage by isolating compromised systems from the network.






45. Control category - more than one control on a single asset






46. Location where coordination and execution of BCP or DRP is directed






47. Statistical probabilities of a collision are more likely than one thinks






48. A planned or unplanned interruption in system availability.






49. Object reuse protection and auditing






50. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware