Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To load the first piece of software that starts a computer.






2. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.






3. Scrambled form of the message or data






4. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






5. Initial surge of current






6. To execute more than one instruction at an instant in time






7. Object based description of a single resource and the permission each subject






8. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management






9. A layer 3 device that used to connect two or more network segments and regulate traffic.






10. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.






11. Owner directed mediation of access






12. Specific format of technical and physical controls that support the chosen framework and the architecture






13. With enough computing power trying all possible combinations






14. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services






15. A Denial of Service attack that floods the target system with connection requests that are not finalized.






16. A secure connection to another network.






17. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






18. A distributed system's transaction control that requires updates to complete or rollback






19. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






20. Intellectual property protection for marketing efforts






21. Hitting a filed down key in a lock with a hammer to open without real key






22. Interception of a communication session by an attacker.






23. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






24. A test conducted on one or more components of a plan under actual operating conditions.






25. Claiming another's identity at a physical level






26. The guardian of asset(s) - a maintenance activity






27. Substitution at the word or phrase level






28. A layer 2 device that used to connect two or more network segments and regulate traffic.






29. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities






30. False memory reference






31. To reduce fire






32. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?






33. People who interact with assets






34. An asymmetric cryptography mechanism that provides authentication.






35. Responsibility of a user for the actions taken by their account which requires unique identification






36. Third party processes used to organize the implementation of an architecture






37. Security policy - procedures - and compliance enforcement






38. Two different keys decrypt the same cipher text






39. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.






40. Unsolicited advertising software






41. Recording the Who What When Where How of evidence






42. Uncheck data input which results in redirection






43. An availability attack - to consume resources to the point of exhaustion from multiple vectors






44. OOP concept of an object at runtime






45. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.






46. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.






47. OOP concept of a taking attributes from the original or parent






48. A layer 2 device that used to connect two network segments and regulate traffic.






49. Information that - if made public or even shared around the organization - could seriously impede the organization's operations






50. Measures followed to restore critical functions following a security incident.