Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To stop damage from spreading






2. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components






3. Written core statements that rarely change






4. Converts source code to an executable






5. Information about data or records






6. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






7. The collection and summation of risk data relating to a particular asset and controls for that asset






8. Security policy - procedures - and compliance enforcement






9. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






10. Data or interference that can trigger a false positive






11. An unintended communication path






12. Memory management technique that allows two processes to run concurrently without interaction






13. Subjects will not interact with each other's objects






14. A unit of execution






15. A backup of data located where staff can gain access immediately






16. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.






17. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






18. Regular operations are stopped and where processing is moved to the alternate site.






19. A group or network of honeypots






20. Control category- to restore to a previous state by removing the adversary and or the results of their actions






21. Creation distribution update and deletion






22. A program with an inappropriate second purpose






23. Object based description of a single resource and the permission each subject






24. Program that inappropriately collects private data or activity






25. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.






26. Eavesdropping on network communications by a third party.






27. Total number of keys available that may be selected by the user of a cryptosystem






28. Highest level of authority at EOC with knowledge of the business process and the resources available






29. Eight bits.






30. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.






31. Actions measured against either a policy or what a reasonable person would do






32. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






33. Unchecked data which spills into another location in memory






34. A disturbance that degrades performance of electronic devices and electronic communications.






35. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.






36. A layer 3 device that used to connect two or more network segments and regulate traffic.






37. Momentary loss of power






38. Responsibility for actions






39. A database backup type which records at the transaction level






40. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






41. Those who initiate the attack






42. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.






43. To reduce sudden rises in current






44. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






45. Recovery alternative - everything needed for the business function - except people and last backup






46. Maintenance procedures outline the process for the review and update of business continuity plans.






47. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






48. A legal enforceable agreement between: two people - two organizations - a person and an organization.






49. A protocol for the efficient transmission of voice over the Internet






50. Unused storage capacity