Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Guidelines within an organization that control the rules and configurations of an IDS






2. Responsibility for actions






3. System of law based upon what is good for society






4. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






5. Encryption system using shared key/private key/single key/secret key






6. Evidence must be: admissible - authentic - complete - accurate - and convincing






7. A group or network of honeypots






8. Hitting a filed down key in a lock with a hammer to open without real key






9. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






10. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.






11. Owner directed mediation of access






12. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.






13. Potential danger to information or systems






14. Of a system without prior knowledge by the tester or the tested






15. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






16. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.






17. High level design or model with a goal of consistency - integrity - and balance






18. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management






19. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN






20. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






21. Ertaining to a number system that has just two unique digits.






22. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






23. Third party processes used to organize the implementation of an architecture






24. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






25. A program with an inappropriate second purpose






26. A physical enclosure for verifying identity before entry to a facility






27. A system that enforces an access control policy between two networks.






28. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.






29. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.






30. Granular decision by a system of permitting or denying access to a particular resource on the system






31. Collection of data on business functions which determines the strategy of resiliency






32. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.






33. A choice in risk management - to convince another to assume risk - typically by payment






34. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






35. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






36. To know more than one job






37. An image compression standard for photographs






38. One entity with two competing allegiances






39. The connection between a wireless and wired network.






40. High degree of visual control






41. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.






42. A disturbance that degrades performance of electronic devices and electronic communications.






43. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






44. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.






45. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






46. A mobilized resource purchased or contracted for the purpose of business recovery.






47. A BCP testing type - (structured walkthrough) - a test that answers the question: Is everything need for recovery available?






48. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate






49. A device that converts between digital and analog representation of data.






50. Forging of an IP address.






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests