Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Process of statistically testing a data set for the likelihood of relevant information.






2. Forging of an IP address.






3. The level and label given to an individual for the purpose of compartmentalization






4. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






5. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.






6. Object based description of a system or a collection of resources






7. Vehicle stopping object






8. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components






9. A design methodology which executes in a linear one way fashion






10. People who interact with assets






11. Potentially retrievable data residue that remains following intended erasure of data.






12. A shield against leakage of electromagnetic signals.






13. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.






14. Asymmetric encryption of a hash of message






15. Lower frequency noise






16. An attack involving the hijacking of a TCP session by predicting a sequence number.






17. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.






18. Potential danger to information or systems






19. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.






20. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






21. Converts source code to an executable






22. Induces a crime - tricks a person - and is illegal






23. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






24. High degree of visual control






25. An alert or alarm that is triggered when no actual attack has taken place






26. Sphere of influence






27. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






28. A copy of transaction data - designed for querying and reporting






29. Line by line translation from a high level language to machine code






30. Pertaining to law - high degree of veracity






31. Autonomous malware that requires a flaw in a service






32. Trading one for another






33. To break a business process into separate functions and assign to different people






34. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN






35. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






36. Recording the Who What When Where How of evidence






37. Used to code/decode a digital data stream.






38. One way encryption






39. Periodic - automatic and transparent backup of data in bulk.






40. DoS - Spoofing - dictionary - brute force - wardialing






41. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.






42. High level design or model with a goal of consistency - integrity - and balance






43. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






44. Information that - if made public or even shared around the organization - could seriously impede the organization's operations






45. Short period of low voltage.






46. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance






47. An event which stops business from continuing.






48. Review of data






49. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






50. Can be statistical (monitor behavior) or signature based (watch for known attacks)