Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Real-time data backup ( Data Mirroring)






2. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.






3. Recognition of an individual's assertion of identity.






4. Object based description of a system or a collection of resources






5. What is will remain - persistence






6. An alert or alarm that is triggered when no actual attack has taken place






7. Intermediate level - pertaining to planning






8. Moving letters around






9. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






10. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.






11. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.






12. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals






13. A layer 2 device that used to connect two or more network segments and regulate traffic.






14. A structured group of teams ready to take control of the recovery operations if a disaster should occur.






15. Outputs within a given function are the same result






16. A software design technique for abstraction of a process






17. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN






18. Evidence must be: admissible - authentic - complete - accurate - and convincing






19. Highest level of authority at EOC with knowledge of the business process and the resources available






20. Object reuse protection and auditing






21. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






22. Someone who want to know how something works - typically by taking it apart






23. A system that enforces an access control policy between two networks.






24. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






25. Unauthorized access of network devices.






26. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas






27. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






28. Employment education done once per position or at significant change of function






29. Planning with a goal of returning to the normal business function






30. Recovery alternative - short-term - high cost movable processing location






31. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






32. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






33. A documented battle plan for coordinating response to incidents.






34. Prolonged loss of commercial power






35. Part of a transaction control for a database which informs the database of the last recorded transaction






36. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






37. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






38. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






39. A backup of data located where staff can gain access immediately






40. A telephone exchange for a specific office or business.






41. Written suggestions that direct choice to a few alternatives






42. A race condition where the security changes during the object's access






43. High level design or model with a goal of consistency - integrity - and balance






44. Uncheck data input which results in redirection






45. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






46. Recording the Who What When Where How of evidence






47. Total number of keys available that may be selected by the user of a cryptosystem






48. Mitigate damage by isolating compromised systems from the network.






49. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.






50. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities