Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security policy - procedures - and compliance enforcement






2. Maximum tolerance for loss of certain business function - basis of strategy






3. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






4. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.






5. Those who initiate the attack






6. Define the way in which the organization operates.






7. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.






8. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor






9. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






10. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






11. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN






12. The managerial approval to operate a system based upon knowledge of risk to operate






13. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.






14. Eavesdropping on network communications by a third party.






15. Recording the Who What When Where How of evidence






16. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






17. Uncheck data input which results in redirection






18. Narrow scope examination of a system






19. Mitigate damage by isolating compromised systems from the network.






20. Memory management technique which allows subjects to use the same resource






21. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






22. A distributed system's transaction control that requires updates to complete or rollback






23. Uses two or more legal systems






24. State of computer - to be running a process






25. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.






26. A backup type - for databases at a point in time






27. Third party processes used to organize the implementation of an architecture






28. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






29. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






30. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities






31. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.






32. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






33. Organized group of compromised computers






34. OOP concept of a taking attributes from the original or parent






35. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.






36. To stop damage from spreading






37. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials






38. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?






39. Short period of low voltage.






40. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






41. Code making






42. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






43. Indivisible - data field must contain only one value that either all transactions take place or none do






44. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)






45. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






46. OOP concept of a distinct copy of the class






47. People protect their domain






48. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated






49. A programming design concept which abstracts one set of functions from another in a serialized fashion






50. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests