Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Hitting a filed down key in a lock with a hammer to open without real key






2. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






3. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






4. Threats x Vulnerability x Asset Value = Total Risk






5. Location where coordination and execution of BCP or DRP is directed






6. An encryption method that has a key as long as the message






7. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






8. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






9. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.






10. A software design technique for abstraction of a process






11. A passive network attack involving monitoring of traffic.






12. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






13. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.






14. High frequency noise






15. For PKI - to store another copy of a key






16. An image compression standard for photographs






17. Unsolicited advertising software






18. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






19. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.






20. Specific format of technical and physical controls that support the chosen framework and the architecture






21. Someone who want to know how something works - typically by taking it apart






22. Effort/time needed to overcome a protective measure






23. Event(s) that cause harm






24. Process of statistically testing a data set for the likelihood of relevant information.






25. Converts a high level language into machine language






26. A type of multitasking that allows for more even distribution of computing time among competing request






27. The technical and risk assesment of a system within the context of the operating environment






28. A planned or unplanned interruption in system availability.






29. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






30. OOP concept of a class's details to be hidden from object






31. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.






32. High degree of visual control






33. Recovery alternative - a building only with sufficient power - and HVAC






34. Intellectual property protection for the expression of an idea






35. OOP concept of a distinct copy of the class






36. Used to code/decode a digital data stream.






37. A design methodology which addresses risk early and often






38. A programming device use in development to circumvent controls






39. Memory - RAM






40. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






41. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due






42. Provides a physical cross connect point for devices.






43. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.






44. The first rating that requires security labels






45. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






46. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






47. To jump to a conclusion






48. Recovery alternative - short-term - high cost movable processing location






49. People who interact with assets






50. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.