Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An alert or alarm that is triggered when no actual attack has taken place






2. Program that inappropriately collects private data or activity






3. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.






4. Communicate to stakeholders






5. Regular operations are stopped and where processing is moved to the alternate site.






6. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






7. Third party processes used to organize the implementation of an architecture






8. Recovery alternative which includes cold site and some equipment and infrastructure is available






9. Natural or human-readable form of message






10. Control type- that is communication based - typically written or oral






11. Mediation of covert channels must be addressed






12. Information about data or records






13. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management






14. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive






15. Controls deployed to avert unauthorized and/or undesired actions.






16. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






17. Scrambled form of the message or data






18. Something that happened






19. A layer 3 device that used to connect two or more network segments and regulate traffic.






20. Potential danger to information or systems






21. Intellectual property protection for an invention






22. Return to a normal state






23. Two certificate authorities that trust each other






24. To create a copy of data as a precaution against the loss or damage of the original data.






25. Subject based description of a system or a collection of resources






26. Specific format of technical and physical controls that support the chosen framework and the architecture






27. A collection of information designed to reduce duplication and increase integrity






28. Control category- to record an adversary's actions






29. A race condition where the security changes during the object's access






30. Recovery alternative - everything needed for the business function - except people and last backup






31. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






32. Recovery alternative - complete duplication of services including personnel






33. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






34. Power surge






35. System mediation of access with the focus on the context of the request






36. A design methodology which executes in a linear one way fashion






37. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.






38. Substitution at the word or phrase level






39. Define the way in which the organization operates.






40. Intellectual property protection for an confidential and critical process






41. Location to perform the business function






42. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.






43. Low level - pertaining to planning






44. Just enough access to do the job






45. Individuals and departments responsible for the storage and safeguarding of computerized data.






46. Review of data






47. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.






48. Impossibility of denying authenticity and identity






49. Uncleared buffers or media






50. To know more than one job