Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Communication of a security incident to stakeholders and data owners.






2. A physical enclosure for verifying identity before entry to a facility






3. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor






4. Renders the file inaccessible to the operating system - available to reuse for data storage.






5. One way encryption






6. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






7. Key






8. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.






9. Dedicated fast memory located on the same board as the CPU






10. Recording the Who What When Where How of evidence






11. Code making






12. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






13. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.






14. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.






15. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.






16. Total number of keys available that may be selected by the user of a cryptosystem






17. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






18. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.






19. A unit of execution






20. An individuals conduct that violates government laws developed to protect the public






21. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?






22. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions






23. Responsibility of a user for the actions taken by their account which requires unique identification






24. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.






25. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






26. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






27. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."






28. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






29. A description of a database






30. A device that sequentially switches multiple analog inputs to the output.






31. Unauthorized wireless network access device.






32. The managerial approval to operate a system based upon knowledge of risk to operate






33. Pertaining to law - high degree of veracity






34. Organized group of compromised computers






35. Can be statistical (monitor behavior) or signature based (watch for known attacks)






36. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






37. A record that must be preserved and available for retrieval if needed.






38. Vehicle stopping object






39. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc






40. Unsolicited advertising software






41. A process state - to be either be unable to run waiting for an external event or terminated






42. Try a list of words in passwords or encryption keys






43. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






44. Quantity of risk remaining after a control is applied






45. To move from location to location - keeping the same function






46. Two different keys decrypt the same cipher text






47. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.






48. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






49. The first rating that requires security labels






50. Creation distribution update and deletion