Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.






2. Maintenance procedures outline the process for the review and update of business continuity plans.






3. Some systems are actually run at the alternate site






4. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






5. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






6. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






7. An attack involving the hijacking of a TCP session by predicting a sequence number.






8. Control type- that is communication based - typically written or oral






9. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






10. Responsibility for actions






11. A subnetwork with storage devices servicing all servers on the attached network.






12. RADIUS - TACACS+ - Diameter






13. A covert storage channel on the file attribute






14. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






15. Those who initiate the attack






16. A telephone exchange for a specific office or business.






17. Small data files written to a user's hard drive by a web server.






18. Malware that makes small random changes to many data points






19. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






20. Using small special tools all tumblers of the lock are aligned - opening the door






21. Written suggestions that direct choice to a few alternatives






22. Unsolicited commercial email






23. Key






24. Lower frequency noise






25. A control before attack






26. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components






27. Indivisible - data field must contain only one value that either all transactions take place or none do






28. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.






29. Threats x Vulnerability x Asset Value = Total Risk






30. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.






31. Subset of operating systems components dedicated to protection mechanisms






32. Is secondhand and usually not admissible in court






33. The partial or full duplication of data from a source database to one or more destination databases.






34. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






35. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






36. Mediation of covert channels must be addressed






37. Amount of time for restoring a business process or function to normal operations without major loss






38. A process state - to be executing a process on the CPU






39. A passive network attack involving monitoring of traffic.






40. A choice in risk management - to implement a control that limits or lessens negative effects






41. Regular operations are stopped and where processing is moved to the alternate site.






42. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.






43. Memory management technique that allows two processes to run concurrently without interaction






44. A type of multitasking that allows for more even distribution of computing time among competing request






45. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






46. A control after attack






47. Of a system without prior knowledge by the tester or the tested






48. Independent malware that requires user interaction to execute






49. For PKI - decertify an entities certificate






50. Vehicle or tool that exploits a weakness