Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Real-time data backup ( Data Mirroring)






2. A backup type which creates a complete copy






3. A test conducted on one or more components of a plan under actual operating conditions.






4. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc






5. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.






6. Program that inappropriately collects private data or activity






7. Renders the record inaccessible to the database management system






8. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






9. To smooth out reductions or increases in power






10. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.






11. Hitting a filed down key in a lock with a hammer to open without real key






12. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






13. To jump to a conclusion






14. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks






15. Requirement of access to data for a clearly defined purpose






16. Reduces causes of fire






17. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






18. System of law based upon precedence - with major divisions of criminal - tort - and administrative






19. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






20. A group or network of honeypots






21. Natural or human-readable form of message






22. Mathematical function that determines the cryptographic operations






23. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.






24. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






25. Outputs within a given function are the same result






26. What is will remain - persistence






27. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






28. A process state - (blocked) needing input before continuing






29. Abstract and mathematical in nature - defining all possible states - transitions and operations






30. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






31. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.






32. Power surge






33. Written suggestions that direct choice to a few alternatives






34. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.






35. Review of data






36. A record that must be preserved and available for retrieval if needed.






37. Recovery alternative - complete duplication of services including personnel






38. Eavesdropping on network communications by a third party.






39. High level design or model with a goal of consistency - integrity - and balance






40. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.






41. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






42. Effort/time needed to overcome a protective measure






43. Unauthorized wireless network access device.






44. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.






45. A control before attack






46. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






47. Momentary loss of power






48. Pertaining to law - no omissions






49. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






50. Physical description on the exterior of an object that communicates the existence of a label