Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A database that contains the name - type - range of values - source and authorization for access for each data element






2. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






3. A race condition where the security changes during the object's access






4. Malware that makes small random changes to many data points






5. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.






6. Responsibility for actions






7. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






8. Information that - if made public or even shared around the organization - could seriously impede the organization's operations






9. Transaction controls for a database - a return to a previous state






10. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






11. Communicate to stakeholders






12. A control after attack






13. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






14. Asymmetric encryption of a hash of message






15. An administrative unit or a group of objects and subjects controlled by one reference monitor






16. Recovery alternative - short-term - high cost movable processing location






17. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






18. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






19. Potential danger to information or systems






20. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.






21. Line noise that is superimposed on the supply circuit.






22. Using small special tools all tumblers of the lock are aligned - opening the door






23. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






24. Pertaining to law - no omissions






25. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.






26. Can be statistical (monitor behavior) or signature based (watch for known attacks)






27. A physical enclosure for verifying identity before entry to a facility






28. A planned or unplanned interruption in system availability.






29. Recording activities at the keyboard level






30. A process state - to be executing a process on the CPU






31. Calculation encompassing threats - vulnerabilities and assets






32. The study of cryptography and cryptanalysis






33. A device that sequentially switches multiple analog inputs to the output.






34. Lower frequency noise






35. Creation distribution update and deletion






36. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.






37. Another subject cannot see an ongoing or pending update until it is complete






38. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






39. Outputs within a given function are the same result






40. To execute more than one instruction at an instant in time






41. Vehicle stopping object






42. Quantity of risk remaining after a control is applied






43. A Denial of Service attack that floods the target system with connection requests that are not finalized.






44. The property that data meet with a priority expectation of quality and that the data can be relied upon.






45. A basic level of network access control that is based upon information contained in the IP packet header.






46. A trusted issuer of digital certificates






47. Used to code/decode a digital data stream.






48. An alert or alarm that is triggered when no actual attack has taken place






49. A backup type which creates a complete copy






50. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.