Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The core of a computer that calculates






2. Location where coordination and execution of BCP or DRP is directed






3. A legal enforceable agreement between: two people - two organizations - a person and an organization.






4. Collection of data on business functions which determines the strategy of resiliency






5. For PKI - to store another copy of a key






6. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






7. Encryption system using shared key/private key/single key/secret key






8. Controls deployed to avert unauthorized and/or undesired actions.






9. Low level - pertaining to planning






10. Data or interference that can trigger a false positive






11. Methodical research of an incident with the purpose of finding the root cause






12. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






13. A choice in risk management - to implement a control that limits or lessens negative effects






14. A system designed to prevent unauthorized access to or from a private network.






15. Written internalized or nationalized norms that are internal to an organization






16. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.






17. Real-time data backup ( Data Mirroring)






18. Planning for the delegation of authority required when decisions must be made without the normal chain of command






19. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






20. A design methodology which addresses risk early and often






21. The hard drive






22. The collection and summation of risk data relating to a particular asset and controls for that asset






23. Requirement to take time off






24. A distributed system's transaction control that requires updates to complete or rollback






25. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






26. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.






27. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






28. Firewalls - encryption - and access control lists






29. Reprogrammable basic startup instructions






30. Organized group of compromised computers






31. A test conducted on one or more components of a plan under actual operating conditions.






32. Fault tolerance for power






33. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






34. Potentially retrievable data residue that remains following intended erasure of data.






35. A programming device use in development to circumvent controls






36. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things






37. A design methodology which executes in a linear one way fashion






38. A mobilized resource purchased or contracted for the purpose of business recovery.






39. Prolonged loss of commercial power






40. Eavesdropping on network communications by a third party.






41. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor






42. Weak evidence






43. Uses two or more legal systems






44. Pertaining to law - verified as real






45. A passive network attack involving monitoring of traffic.






46. A secure connection to another network.






47. OOP concept of a distinct copy of the class






48. Employment education done once per position or at significant change of function






49. Recovery alternative - a building only with sufficient power - and HVAC






50. A programming design concept which abstracts one set of functions from another in a serialized fashion