Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Weak evidence






2. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.






3. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.






4. System of law based upon what is good for society






5. Using small special tools all tumblers of the lock are aligned - opening the door






6. A collection of information designed to reduce duplication and increase integrity






7. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.






8. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services






9. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






10. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






11. Recovery alternative - short-term - high cost movable processing location






12. Interception of a communication session by an attacker.






13. Lower frequency noise






14. Act of luring an intruder and is legal.






15. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.






16. A layer 2 device that used to connect two network segments and regulate traffic.






17. Asymmetric encryption of a hash of message






18. Indivisible - data field must contain only one value that either all transactions take place or none do






19. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






20. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.






21. Real-time - automatic and transparent backup of data.






22. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






23. OOP concept of a template that consist of attributes and behaviors






24. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.






25. Pertaining to law - high degree of veracity






26. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements






27. An alert or alarm that is triggered when no actual attack has taken place






28. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing






29. Key






30. Some systems are actually run at the alternate site






31. Used to code/decode a digital data stream.






32. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






33. Written internalized or nationalized norms that are internal to an organization






34. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






35. An image compression standard for photographs






36. The partial or full duplication of data from a source database to one or more destination databases.






37. The hard drive






38. An event which stops business from continuing.






39. Record of system activity - which provides for monitoring and detection.






40. Requirement to take time off






41. With enough computing power trying all possible combinations






42. To segregate for the purposes of labeling






43. Short period of low voltage.






44. Use of specialized techniques for recovery - authentication - and analysis of electronic data






45. Using many alphabets






46. One of the key benefits of a network is the ability to share files stored on the server among several users.






47. Act of scrambling the cleartext message by using a key.






48. A database backup type which records at the transaction level






49. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






50. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.