Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs






2. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.






3. Written core statements that rarely change






4. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due






5. Calculation encompassing threats - vulnerabilities and assets






6. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions






7. Firewalls - encryption - and access control lists






8. A distributed system's transaction control that requires updates to complete or rollback






9. To set the clearance of a subject or the classification of an object






10. Malware that makes small random changes to many data points






11. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






12. Real-time - automatic and transparent backup of data.






13. A documented battle plan for coordinating response to incidents.






14. Another subject cannot see an ongoing or pending update until it is complete






15. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






16. A group or network of honeypots






17. Summary of a communication for the purpose of integrity






18. A process state - to be either be unable to run waiting for an external event or terminated






19. To assert or claim credentialing to an authentication system






20. Organized group of compromised computers






21. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.






22. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






23. Descrambling the encrypted message with the corresponding key






24. Information that - if made public or even shared around the organization - could seriously impede the organization's operations






25. Indivisible - data field must contain only one value that either all transactions take place or none do






26. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."






27. The technical and risk assesment of a system within the context of the operating environment






28. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.






29. The connection between a wireless and wired network.






30. Uncheck data input which results in redirection






31. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.






32. Recovery alternative which outsources a business function at a cost






33. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






34. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






35. An administrative unit or a group of objects and subjects controlled by one reference monitor






36. A telephone exchange for a specific office or business.






37. Pertaining to law - high degree of veracity






38. Weak evidence






39. A device that converts between digital and analog representation of data.






40. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner






41. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






42. Location to perform the business function






43. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.






44. Pertaining to law - verified as real






45. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.






46. Unauthorized access of network devices.






47. A technology that reduces the size of a file.






48. Requirement of access to data for a clearly defined purpose






49. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.






50. A system designed to prevent unauthorized access to or from a private network.