Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A planned or unplanned interruption in system availability.






2. Claiming another's identity at a physical level






3. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.






4. A signal suggesting a system has been or is being attacked.






5. To reduce fire






6. Hiding the fact that communication has occurred






7. People protect their domain






8. Recording the Who What When Where How of evidence






9. A covert storage channel on the file attribute






10. Written step-by-step actions






11. A risk assessment method - measurable real money cost






12. Location where coordination and execution of BCP or DRP is directed






13. Uses two or more legal systems






14. A form of data hiding which protects running threads of execution from using each other's memory






15. Potentially compromising leakage of electrical or acoustical signals.






16. A device that converts between digital and analog representation of data.






17. Mitigation of system or component loss or interruption through use of backup capability.






18. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas






19. Key






20. People who interact with assets






21. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






22. Memory management technique that allows two processes to run concurrently without interaction






23. Lower frequency noise






24. Subjects will not interact with each other's objects






25. A process state - to be executing a process on the CPU






26. Pertaining to law - no omissions






27. A design methodology which addresses risk early and often






28. The property that data meet with a priority expectation of quality and that the data can be relied upon.






29. Highest level of authority at EOC with knowledge of the business process and the resources available






30. Information about a particular data set






31. A design methodology which executes in a linear one way fashion






32. Granular decision by a system of permitting or denying access to a particular resource on the system






33. Line by line translation from a high level language to machine code






34. Converts source code to an executable






35. Small data warehouse






36. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.






37. A type of attack involving attempted insertion - deletion or altering of data.






38. An administrative unit or a group of objects and subjects controlled by one reference monitor






39. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.






40. Is secondhand and usually not admissible in court






41. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






42. Code breaking - practice of defeating the protective properties of cryptography.






43. OOP concept of a class's details to be hidden from object






44. A state where two subjects can access the same object without proper mediation






45. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






46. A type a computer memory that temporarily stores frequently used information for quick access.






47. Standard for the establishment - implementation - control - and improvement of the Information Security Management System






48. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.






49. To smooth out reductions or increases in power






50. Real-time - automatic and transparent backup of data.