Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used to code/decode a digital data stream.






2. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources






3. Pertaining to law - accepted by a court






4. Claiming another's identity at a physical level






5. The study of cryptography and cryptanalysis






6. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






7. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing






8. OOP concept of a distinct copy of the class






9. A test conducted on one or more components of a plan under actual operating conditions.






10. Control category- to give instructions or inform






11. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).






12. A unit of execution






13. An availability attack - to consume resources to the point of exhaustion from multiple vectors






14. Something that happened






15. To know more than one job






16. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.






17. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.






18. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






19. Evidence must be: admissible - authentic - complete - accurate - and convincing






20. Total number of keys available that may be selected by the user of a cryptosystem






21. Code breaking - practice of defeating the protective properties of cryptography.






22. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






23. Forgery of the sender's email address in an email header.






24. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.






25. A legal enforceable agreement between: two people - two organizations - a person and an organization.






26. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.






27. A system designed to prevent unauthorized access to or from a private network.






28. Reprogrammable basic startup instructions






29. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.






30. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.






31. Disruption of operation of an electronic device due to a competing electromagnetic field.






32. Using many alphabets






33. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






34. Recovery alternative - short-term - high cost movable processing location






35. Pertaining to law - verified as real






36. Information about a particular data set






37. Communicate to stakeholders






38. Interception of a communication session by an attacker.






39. Independent malware that requires user interaction to execute






40. Small data warehouse






41. An availability attack - to consume resources to the point of exhaustion






42. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.






43. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






44. OOP concept of a taking attributes from the original or parent






45. Weak evidence






46. Controls deployed to avert unauthorized and/or undesired actions.






47. Recovery alternative - everything needed for the business function - except people and last backup






48. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






49. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.






50. A back up type - where the organization has excess capacity in another location.