Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. System of law based upon what is good for society






2. A process state - (blocked) needing input before continuing






3. To stop damage from spreading






4. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






5. Narrow scope examination of a system






6. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.






7. A mail server that improperly allows inbound SMTP connections for domains it does not serve.






8. A control before attack






9. Reduces causes of fire






10. Control category- to record an adversary's actions






11. Joining two pieces of text






12. Used to code/decode a digital data stream.






13. With enough computing power trying all possible combinations






14. Subjects will not interact with each other's objects






15. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?






16. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives






17. A secure connection to another network.






18. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.






19. Firewalls - encryption - and access control lists






20. Memory - RAM






21. Mitigate damage by isolating compromised systems from the network.






22. Controls for logging and alerting






23. Written core statements that rarely change






24. Less granular organization of controls -






25. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






26. System mediation of access with the focus on the context of the request






27. Induces a crime - tricks a person - and is illegal






28. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






29. Independent malware that requires user interaction to execute






30. A program that waits for a condition or time to occur that executes an inappropriate activity






31. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.






32. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.






33. Pertaining to law - lending it self to one side of an argument






34. The event signaling an IDS to produce an alarm when no attack has taken place






35. A running key using a random key that is never used again






36. A disturbance that degrades performance of electronic devices and electronic communications.






37. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data






38. Control category- to restore to a previous state by removing the adversary and or the results of their actions






39. Location where coordination and execution of BCP or DRP is directed






40. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services






41. A shield against leakage of electromagnetic signals.






42. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.






43. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






44. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.






45. Requirement to take time off






46. A electronic attestation of identity by a certificate authority






47. A control after attack






48. Descrambling the encrypted message with the corresponding key






49. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.






50. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements