Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






2. Inference about encrypted communications






3. Tool which mediates access






4. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.






5. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






6. People protect their domain






7. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.






8. Mitigation of system or component loss or interruption through use of backup capability.






9. Intellectual property protection for an confidential and critical process






10. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






11. A physical enclosure for verifying identity before entry to a facility






12. Transaction controls for a database - a return to a previous state






13. OOP concept of an object's abilities - what it does






14. Highest level of authority at EOC with knowledge of the business process and the resources available






15. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






16. High degree of visual control






17. Some systems are actually run at the alternate site






18. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.






19. Record history of incident






20. Low level - pertaining to planning






21. Something that happened






22. A state for operating system tasks only






23. Short period of low voltage.






24. A Trojan horse with the express underlying purpose of controlling host from a distance






25. Communicate to stakeholders






26. Business and technical process of applying security software updates in a regulated periodic way






27. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






28. To segregate for the purposes of labeling






29. A electronic attestation of identity by a certificate authority






30. Identification and notification of an unauthorized and/or undesired action






31. Control category- to restore to a previous state by removing the adversary and or the results of their actions






32. The property that data meet with a priority expectation of quality and that the data can be relied upon.






33. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.






34. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components






35. Communication of a security incident to stakeholders and data owners.






36. Control category- to give instructions or inform






37. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






38. Information about data or records






39. Weakness or flaw in an asset






40. A backup type - for databases at a point in time






41. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






42. Hiding the fact that communication has occurred






43. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.






44. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.






45. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






46. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






47. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.






48. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.






49. Unused storage capacity






50. To reduce fire