Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN






2. Controls deployed to avert unauthorized and/or undesired actions.






3. An administrative unit or a group of objects and subjects controlled by one reference monitor






4. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






5. Recognition of an individual's assertion of identity.






6. Of a system without prior knowledge by the tester or the tested






7. A Trojan horse with the express underlying purpose of controlling host from a distance






8. To reduce sudden rises in current






9. Hitting a filed down key in a lock with a hammer to open without real key






10. Short period of low voltage.






11. Forgery of the sender's email address in an email header.






12. Unauthorized wireless network access device.






13. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?






14. To load the first piece of software that starts a computer.






15. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.






16. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner






17. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






18. Eavesdropping on network communications by a third party.






19. Subset of operating systems components dedicated to protection mechanisms






20. To jump to a conclusion






21. Less granular organization of controls -






22. Uses two or more legal systems






23. Regular operations are stopped and where processing is moved to the alternate site.






24. The collection and summation of risk data relating to a particular asset and controls for that asset






25. Mediation of covert channels must be addressed






26. A program that waits for a condition or time to occur that executes an inappropriate activity






27. A BCP testing type - a test that answers the question: Can the organization replicate the business process?






28. People protect their domain






29. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






30. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






31. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.






32. An individuals conduct that violates government laws developed to protect the public






33. Data or interference that can trigger a false positive






34. To smooth out reductions or increases in power






35. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives






36. Intellectual property protection for the expression of an idea






37. Sphere of influence






38. A condition in which neither party is willing to stop their activity for the other to complete






39. Effort/time needed to overcome a protective measure






40. Actions measured against either a policy or what a reasonable person would do






41. OOP concept of an object's abilities - what it does






42. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






43. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






44. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.






45. A one way - directed graph which indicates confidentiality or integrity flow






46. Pertaining to law - no omissions






47. To start business continuity processes






48. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive






49. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






50. An event which stops business from continuing.