Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.






2. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






3. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






4. System mediation of access with the focus on the context of the request






5. A template for the designing the architecture






6. Using small special tools all tumblers of the lock are aligned - opening the door






7. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






8. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






9. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination






10. Most granular organization of controls






11. A state where two subjects can access the same object without proper mediation






12. Final purpose or result






13. To segregate for the purposes of labeling






14. Requirement to take time off






15. Control category- to discourage an adversary from attempting to access






16. Statistical probabilities of a collision are more likely than one thinks






17. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






18. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






19. To set the clearance of a subject or the classification of an object






20. One way encryption






21. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.






22. Data or interference that can trigger a false positive






23. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.






24. A copy of transaction data - designed for querying and reporting






25. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






26. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.






27. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






28. Narrow scope examination of a system






29. Substitution at the word or phrase level






30. A group or network of honeypots






31. Binary decision by a system of permitting or denying access to the entire system






32. Forgery of the sender's email address in an email header.






33. Weak evidence






34. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






35. A database that contains the name - type - range of values - source and authorization for access for each data element






36. Vehicle or tool that exploits a weakness






37. The problems solving state - the opposite of supervisor mode






38. RADIUS - TACACS+ - Diameter






39. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.






40. Malware that makes small random changes to many data points






41. The partial or full duplication of data from a source database to one or more destination databases.






42. An event which stops business from continuing.






43. What is will remain - persistence






44. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.






45. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm






46. A process state - to be either be unable to run waiting for an external event or terminated






47. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions






48. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.






49. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






50. Transaction controls for a database - a return to a previous state