Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The principles a person sets for themselves to follow






2. Recovery alternative - a building only with sufficient power - and HVAC






3. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






4. Event(s) that cause harm






5. A design methodology which executes in a linear one way fashion






6. Line noise that is superimposed on the supply circuit.






7. A type a computer memory that temporarily stores frequently used information for quick access.






8. Binary decision by a system of permitting or denying access to the entire system






9. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated






10. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.






11. Inappropriate data






12. Highest level of authority at EOC with knowledge of the business process and the resources available






13. The chance that something negative will occur






14. Evaluation of a system without prior knowledge by the tester






15. Pertaining to law - lending it self to one side of an argument






16. A hash that has been further encrypted with a symmetric algorithm






17. A state for operating system tasks only






18. Responsibility of a user for the actions taken by their account which requires unique identification






19. Just enough access to do the job






20. Encryption system using a pair of mathematically related unequal keys






21. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






22. Reduction of voltage by the utility company for a prolonged period of time






23. Firewalls - encryption - and access control lists






24. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






25. Initial surge of current






26. Recovery alternative which includes cold site and some equipment and infrastructure is available






27. A running key using a random key that is never used again






28. A covert storage channel on the file attribute






29. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.






30. Act of scrambling the cleartext message by using a key.






31. The hard drive






32. Process of statistically testing a data set for the likelihood of relevant information.






33. Pertaining to law - accepted by a court






34. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






35. Creation distribution update and deletion






36. The one person responsible for data - its classification and control setting






37. A physical enclosure for verifying identity before entry to a facility






38. Reprogrammable basic startup instructions






39. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.






40. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






41. Trading one for another






42. To evaluate the current situation and make basic decisions as to what to do






43. Review of data






44. Pertaining to law - high degree of veracity






45. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.






46. Hiding the fact that communication has occurred






47. The property that data meet with a priority expectation of quality and that the data can be relied upon.






48. A planned or unplanned interruption in system availability.






49. Subset of operating systems components dedicated to protection mechanisms






50. System mediation of access with the focus on the context of the request