Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The level and label given to an individual for the purpose of compartmentalization






2. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys






3. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.






4. Recovery alternative - complete duplication of services including personnel






5. The event signaling an IDS to produce an alarm when no attack has taken place






6. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






7. Converts a high level language into machine language






8. Malware that makes small random changes to many data points






9. A planned or unplanned interruption in system availability.






10. The principles a person sets for themselves to follow






11. Periodic - automatic and transparent backup of data in bulk.






12. A set of laws that the organization agrees to be bound by






13. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.






14. Trading one for another






15. Converts source code to an executable






16. Lower frequency noise






17. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.






18. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






19. Intermediate level - pertaining to planning






20. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






21. System directed mediation of access with labels






22. The one person responsible for data - its classification and control setting






23. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






24. Short period of low voltage.






25. Granular decision by a system of permitting or denying access to a particular resource on the system






26. A choice in risk management - to convince another to assume risk - typically by payment






27. Recovery alternative - a building only with sufficient power - and HVAC






28. Control category- to restore to a previous state by removing the adversary and or the results of their actions






29. Memory management technique which allows subjects to use the same resource






30. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.






31. Potentially compromising leakage of electrical or acoustical signals.






32. Object based description of a single resource and the permission each subject






33. Unchecked data which spills into another location in memory






34. Scrambled form of the message or data






35. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






36. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.






37. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.






38. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






39. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






40. Actions measured against either a policy or what a reasonable person would do






41. Pertaining to law - verified as real






42. Program that inappropriately collects private data or activity






43. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






44. More than one processor sharing same memory - also know as parallel systems






45. Recovery alternative which includes cold site and some equipment and infrastructure is available






46. Induces a crime - tricks a person - and is illegal






47. The problems solving state - the opposite of supervisor mode






48. The first rating that requires security labels






49. Memory management technique which allows data to be moved from one memory address to another






50. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.