Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Controls for termination of attempt to access object






2. A mobilized resource purchased or contracted for the purpose of business recovery.






3. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination






4. Provides a physical cross connect point for devices.






5. Just enough access to do the job






6. Induces a crime - tricks a person - and is illegal






7. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






8. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






9. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






10. Planning with a goal of returning to the normal business function






11. A process state - to be either be unable to run waiting for an external event or terminated






12. Fault tolerance for power






13. A covert storage channel on the file attribute






14. Trading one for another






15. Try a list of words in passwords or encryption keys






16. Part of a transaction control for a database which informs the database of the last recorded transaction






17. Potential danger to information or systems






18. Outputs within a given function are the same result






19. Malware that subverts the detective controls of an operating system






20. Pertaining to law - accepted by a court






21. Quantity of risk remaining after a control is applied






22. Responsibility of a user for the actions taken by their account which requires unique identification






23. Using many alphabets






24. Requirement of access to data for a clearly defined purpose






25. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






26. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.






27. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.






28. A test conducted on one or more components of a plan under actual operating conditions.






29. A risk assessment method - measurable real money cost






30. The chance that something negative will occur






31. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






32. Individuals and departments responsible for the storage and safeguarding of computerized data.






33. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






34. Standard for the establishment - implementation - control - and improvement of the Information Security Management System






35. Independent malware that requires user interaction to execute






36. Code breaking - practice of defeating the protective properties of cryptography.






37. Malware that makes many small changes over time to a single data point or system






38. Joining two pieces of text






39. Moving letters around






40. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






41. A type of multitasking that allows for more even distribution of computing time among competing request






42. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.






43. Most granular organization of controls






44. Narrow scope examination of a system






45. OOP concept of a taking attributes from the original or parent






46. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.






47. A subnetwork with storage devices servicing all servers on the attached network.






48. Use of specialized techniques for recovery - authentication - and analysis of electronic data






49. One way encryption






50. Short period of low voltage.