Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Short period of low voltage.






2. The first rating that requires security labels






3. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources






4. An encryption method that has a key as long as the message






5. Mediation of covert channels must be addressed






6. All of the protection mechanism in a computer system






7. Intellectual property protection for the expression of an idea






8. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.






9. Try a list of words in passwords or encryption keys






10. An unintended communication path






11. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






12. Mathematical function that determines the cryptographic operations






13. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm






14. Control category - more than one control on a single asset






15. A temporary public file to inform others of a compromised digital certificate






16. Induces a crime - tricks a person - and is illegal






17. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.






18. A collection of data or information that has a name






19. The level and label given to an individual for the purpose of compartmentalization






20. For PKI - decertify an entities certificate






21. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.






22. An individuals conduct that violates government laws developed to protect the public






23. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective






24. A template for the designing the architecture






25. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






26. Recovery alternative - a building only with sufficient power - and HVAC






27. Record history of incident






28. Sudden rise in voltage in the power supply.






29. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






30. A failure of an IDS to detect an actual attack






31. Long term knowledge building






32. A control after attack






33. Those who initiate the attack






34. High level design or model with a goal of consistency - integrity - and balance






35. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






36. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.






37. Line by line translation from a high level language to machine code






38. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






39. Guidelines within an organization that control the rules and configurations of an IDS






40. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






41. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






42. A backup type which creates a complete copy






43. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.






44. Potentially retrievable data residue that remains following intended erasure of data.






45. Representatives from each functional area or department get together and walk through the plan from beginning to end.






46. A structured group of teams ready to take control of the recovery operations if a disaster should occur.






47. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






48. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.






49. Control category- to restore to a previous state by removing the adversary and or the results of their actions






50. Communicate to stakeholders