Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.






2. OOP concept of an object at runtime






3. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs






4. A one way - directed graph which indicates confidentiality or integrity flow






5. Binary decision by a system of permitting or denying access to the entire system






6. A choice in risk management - to implement a control that limits or lessens negative effects






7. Statistical probabilities of a collision are more likely than one thinks






8. Mediation of subject and object interactions






9. A shield against leakage of electromagnetic signals.






10. To move from location to location - keeping the same function






11. Actions measured against either a policy or what a reasonable person would do






12. Dedicated fast memory located on the same board as the CPU






13. Hitting a filed down key in a lock with a hammer to open without real key






14. Controls for logging and alerting






15. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner






16. Sphere of influence






17. Act of scrambling the cleartext message by using a key.






18. Forging of an IP address.






19. Responsibility of a user for the actions taken by their account which requires unique identification






20. Prolonged loss of commercial power






21. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code






22. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data






23. One of the key benefits of a network is the ability to share files stored on the server among several users.






24. Natural occurrence in circuits that are in close proximity






25. Uncleared buffers or media






26. A group or network of honeypots






27. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






28. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.






29. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.






30. An attack involving the hijacking of a TCP session by predicting a sequence number.






31. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN






32. Use of specialized techniques for recovery - authentication - and analysis of electronic data






33. Maximum tolerance for loss of certain business function - basis of strategy






34. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.






35. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






36. Unsolicited advertising software






37. Return to a normal state






38. Line by line translation from a high level language to machine code






39. An image compression standard for photographs






40. People protect their domain






41. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management






42. An asymmetric cryptography mechanism that provides authentication.






43. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






44. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






45. OOP concept of a distinct copy of the class






46. A backup of data located where staff can gain access immediately






47. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.






48. A secure connection to another network.






49. A mail server that improperly allows inbound SMTP connections for domains it does not serve.






50. A mathematical tool for verifying no unintentional changes have been made