Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A one way - directed graph which indicates confidentiality or integrity flow






2. Asymmetric encryption of a hash of message






3. Requirement to take time off






4. An encryption method that has a key as long as the message






5. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys






6. Responsibility of a user for the actions taken by their account which requires unique identification






7. May be responsible for overall recovery of an organization or unit(s).






8. Security policy - procedures - and compliance enforcement






9. A legal enforceable agreement between: two people - two organizations - a person and an organization.






10. A documented battle plan for coordinating response to incidents.






11. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






12. A backup type - for databases at a point in time






13. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.






14. A software design technique for abstraction of a process






15. To execute more than one instruction at an instant in time






16. Recognition of an individual's assertion of identity.






17. Momentary loss of power






18. Recovery alternative - everything needed for the business function - except people and last backup






19. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






20. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






21. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






22. Memory management technique that allows two processes to run concurrently without interaction






23. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.






24. To reduce fire






25. OOP concept of a distinct copy of the class






26. Control type- that is communication based - typically written or oral






27. Wrong against society






28. Third party processes used to organize the implementation of an architecture






29. Summary of a communication for the purpose of integrity






30. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.






31. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






32. Renders the file inaccessible to the operating system - available to reuse for data storage.






33. Unchecked data which spills into another location in memory






34. Mitigate damage by isolating compromised systems from the network.






35. A back up type - where the organization has excess capacity in another location.






36. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.






37. Small data warehouse






38. For PKI - decertify an entities certificate






39. To start business continuity processes






40. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.






41. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.






42. A system designed to prevent unauthorized access to or from a private network.






43. Renders the record inaccessible to the database management system






44. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






45. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things






46. Malware that makes many small changes over time to a single data point or system






47. Most granular organization of controls






48. Quantity of risk remaining after a control is applied






49. A record that must be preserved and available for retrieval if needed.






50. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.