Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Collection of data on business functions which determines the strategy of resiliency






2. A control before attack






3. Communicate to stakeholders






4. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.






5. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






6. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.






7. Of a system without prior knowledge by the tester or the tested






8. Continuous surveillance - to provide for detection and response of any failure in preventive controls.






9. Intellectual property protection for an confidential and critical process






10. More than one process in the middle of executing at a time






11. Pertaining to law - accepted by a court






12. Vehicle stopping object






13. Binary decision by a system of permitting or denying access to the entire system






14. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.






15. May be responsible for overall recovery of an organization or unit(s).






16. Two different keys decrypt the same cipher text






17. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






18. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions






19. Part of a transaction control for a database which informs the database of the last recorded transaction






20. Line noise that is superimposed on the supply circuit.






21. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






22. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






23. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).






24. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.






25. OOP concept of a class's details to be hidden from object






26. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






27. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective






28. A telephone exchange for a specific office or business.






29. Recognition of an individual's assertion of identity.






30. High degree of visual control






31. To start business continuity processes






32. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






33. Claiming another's identity at a physical level






34. A choice in risk management - to convince another to assume risk - typically by payment






35. Mathematical function that determines the cryptographic operations






36. Outputs within a given function are the same result






37. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






38. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.






39. Power surge






40. Pertaining to law - lending it self to one side of an argument






41. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






42. A structured group of teams ready to take control of the recovery operations if a disaster should occur.






43. Controls for logging and alerting






44. Communication of a security incident to stakeholders and data owners.






45. Potential danger to information or systems






46. Evidence must be: admissible - authentic - complete - accurate - and convincing






47. Malware that makes many small changes over time to a single data point or system






48. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






49. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






50. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management