Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Evaluation of a system without prior knowledge by the tester






2. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities






3. An administrative unit or a group of objects and subjects controlled by one reference monitor






4. Weak evidence






5. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.






6. Most granular organization of controls






7. Measures followed to restore critical functions following a security incident.






8. Unauthorized access of network devices.






9. Information about a particular data set






10. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.






11. Small data warehouse






12. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






13. A program with an inappropriate second purpose






14. Program instructions based upon the CPU's specific architecture






15. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






16. Pertaining to law - verified as real






17. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






18. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)






19. To assert or claim credentialing to an authentication system






20. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things






21. Something that happened






22. Written core statements that rarely change






23. A description of a database






24. Total number of keys available that may be selected by the user of a cryptosystem






25. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






26. OOP concept of an object at runtime






27. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






28. To reduce fire






29. A design methodology which executes in a linear one way fashion






30. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?






31. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor






32. More than one process in the middle of executing at a time






33. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






34. Individuals and departments responsible for the storage and safeguarding of computerized data.






35. Control category- to restore to a previous state by removing the adversary and or the results of their actions






36. High level - pertaining to planning






37. Pertaining to law - lending it self to one side of an argument






38. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources






39. Is secondhand and usually not admissible in court






40. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






41. The principles a person sets for themselves to follow






42. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.






43. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.






44. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.






45. A state for operating system tasks only






46. A layer 2 device that used to connect two network segments and regulate traffic.






47. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






48. Indivisible - data field must contain only one value that either all transactions take place or none do






49. The study of cryptography and cryptanalysis






50. Recovery alternative which outsources a business function at a cost