Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Recording the Who What When Where How of evidence






2. Unsolicited advertising software






3. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.






4. The level and label given to an individual for the purpose of compartmentalization






5. Maximum tolerance for loss of certain business function - basis of strategy






6. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.






7. Hiding the fact that communication has occurred






8. Evaluation of a system without prior knowledge by the tester






9. A mathematical tool for verifying no unintentional changes have been made






10. Joining two pieces of text






11. Highest level of authority at EOC with knowledge of the business process and the resources available






12. An asymmetric cryptography mechanism that provides authentication.






13. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






14. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






15. Lower frequency noise






16. Subject based description of a system or a collection of resources






17. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






18. Written internalized or nationalized norms that are internal to an organization






19. A temporary public file to inform others of a compromised digital certificate






20. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.






21. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.






22. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






23. Uncheck data input which results in redirection






24. More than one process in the middle of executing at a time






25. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.






26. A design methodology which addresses risk early and often






27. A device that converts between digital and analog representation of data.






28. Used to code/decode a digital data stream.






29. Reprogrammable basic startup instructions






30. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities






31. Recovery alternative which outsources a business function at a cost






32. System of law based upon what is good for society






33. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.






34. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






35. A legal enforceable agreement between: two people - two organizations - a person and an organization.






36. One entity with two competing allegiances






37. Amount of time for restoring a business process or function to normal operations without major loss






38. Encryption system using shared key/private key/single key/secret key






39. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






40. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.






41. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






42. For PKI - to have more than one person in charge of a sensitive function






43. May be responsible for overall recovery of an organization or unit(s).






44. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






45. To move from location to location - keeping the same function






46. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






47. More than one processor sharing same memory - also know as parallel systems






48. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






49. Pertaining to law - no omissions






50. Evidence must be: admissible - authentic - complete - accurate - and convincing