Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.






2. More than one process in the middle of executing at a time






3. Sphere of influence






4. Recovery alternative - complete duplication of services including personnel






5. Those who initiate the attack






6. To reduce fire






7. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.






8. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






9. Subjects will not interact with each other's objects






10. One entity with two competing allegiances






11. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






12. To segregate for the purposes of labeling






13. A physical enclosure for verifying identity before entry to a facility






14. Weakness or flaw in an asset






15. Control category- to restore to a previous state by removing the adversary and or the results of their actions






16. A control after attack






17. A subnetwork with storage devices servicing all servers on the attached network.






18. A set of laws that the organization agrees to be bound by






19. Recovery alternative which includes cold site and some equipment and infrastructure is available






20. A type of attack involving attempted insertion - deletion or altering of data.






21. High degree of visual control






22. Vehicle or tool that exploits a weakness






23. Process of statistically testing a data set for the likelihood of relevant information.






24. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.






25. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.






26. A distributed system's transaction control that requires updates to complete or rollback






27. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated






28. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






29. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.






30. Mathematical function that determines the cryptographic operations






31. A protocol for the efficient transmission of voice over the Internet






32. A BCP testing type - a test that answers the question: Can the organization replicate the business process?






33. A hash that has been further encrypted with a symmetric algorithm






34. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.






35. State of computer - to be running a process






36. An asymmetric cryptography mechanism that provides authentication.






37. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination






38. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






39. An attack that breaks up malicious code into fragments - in an attempt to elude detection.






40. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.






41. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities






42. Inappropriate data






43. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials






44. Joining two pieces of text






45. A mobilized resource purchased or contracted for the purpose of business recovery.






46. Total number of keys available that may be selected by the user of a cryptosystem






47. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.






48. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






49. Impossibility of denying authenticity and identity






50. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.