Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Recording activities at the keyboard level






2. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.






3. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs






4. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective






5. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






6. Event(s) that cause harm






7. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.






8. To execute more than one instruction at an instant in time






9. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.






10. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






11. A program with an inappropriate second purpose






12. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination






13. Guidelines within an organization that control the rules and configurations of an IDS






14. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.






15. Total number of keys available that may be selected by the user of a cryptosystem






16. Pertaining to law - lending it self to one side of an argument






17. A type of attack involving attempted insertion - deletion or altering of data.






18. Specific format of technical and physical controls that support the chosen framework and the architecture






19. The core logic engine of an operating system which almost never changes






20. Subset of operating systems components dedicated to protection mechanisms






21. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






22. A type a computer memory that temporarily stores frequently used information for quick access.






23. Recording the Who What When Where How of evidence






24. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.






25. A layer 2 device that used to connect two network segments and regulate traffic.






26. The collection and summation of risk data relating to a particular asset and controls for that asset






27. A subnetwork with storage devices servicing all servers on the attached network.






28. Communicate to stakeholders






29. Encryption system using a pair of mathematically related unequal keys






30. To evaluate the current situation and make basic decisions as to what to do






31. Hardware or software that is part of a larger system






32. Effort/time needed to overcome a protective measure






33. Transaction controls for a database - a return to a previous state






34. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






35. The principles a person sets for themselves to follow






36. A technology that reduces the size of a file.






37. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner






38. Someone who wants to cause harm






39. Some systems are actually run at the alternate site






40. Line noise that is superimposed on the supply circuit.






41. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.






42. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






43. Weakness or flaw in an asset






44. Induces a crime - tricks a person - and is illegal






45. Code breaking - practice of defeating the protective properties of cryptography.






46. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.






47. Just enough access to do the job






48. System of law based upon what is good for society






49. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?






50. Fault tolerance for power