Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?






2. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.






3. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






4. Malware that makes small random changes to many data points






5. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






6. Object reuse protection and auditing






7. The problems solving state - the opposite of supervisor mode






8. Recognition of an individual's assertion of identity.






9. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






10. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






11. Mathematical function that determines the cryptographic operations






12. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.






13. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






14. An alert or alarm that is triggered when no actual attack has taken place






15. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.






16. Memory - RAM






17. A description of a database






18. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






19. A backup of data located where staff can gain access readily and a localized disaster will not cause harm






20. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






21. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm






22. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.






23. Forgery of the sender's email address in an email header.






24. Potentially compromising leakage of electrical or acoustical signals.






25. A test conducted on one or more components of a plan under actual operating conditions.






26. Security policy - procedures - and compliance enforcement






27. Intellectual property management technique for identifying after distribution






28. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.






29. Malware that subverts the detective controls of an operating system






30. Methodical research of an incident with the purpose of finding the root cause






31. A passive network attack involving monitoring of traffic.






32. Consume resources to a point of exhaustion - loss of availability






33. Data or interference that can trigger a false positive






34. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






35. OOP concept of a template that consist of attributes and behaviors






36. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.






37. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






38. Program that inappropriately collects private data or activity






39. A program that waits for a condition or time to occur that executes an inappropriate activity






40. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






41. OOP concept of a taking attributes from the original or parent






42. To reduce fire






43. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






44. Disruption of operation of an electronic device due to a competing electromagnetic field.






45. A basic level of network access control that is based upon information contained in the IP packet header.






46. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks






47. Key






48. Just enough access to do the job






49. More than one process in the middle of executing at a time






50. Employment education done once per position or at significant change of function







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests