Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To segregate for the purposes of labeling






2. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






3. An image compression standard for photographs






4. Tool which mediates access






5. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






6. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal






7. To jump to a conclusion






8. A risk assessment method - measurable real money cost






9. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).






10. Creation distribution update and deletion






11. Just enough access to do the job






12. Subject based description of a system or a collection of resources






13. Unsolicited commercial email






14. A covert storage channel on the file attribute






15. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






16. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements






17. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive






18. Reduces causes of fire






19. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






20. A planned or unplanned interruption in system availability.






21. Wrong against society






22. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






23. A Trojan horse with the express underlying purpose of controlling host from a distance






24. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.






25. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






26. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






27. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.






28. A type of attack involving attempted insertion - deletion or altering of data.






29. System of law based upon what is good for society






30. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






31. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






32. A software design technique for abstraction of a process






33. Lower frequency noise






34. Measures followed to restore critical functions following a security incident.






35. Guidelines within an organization that control the rules and configurations of an IDS






36. An encryption method that has a key as long as the message






37. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals






38. Controls for termination of attempt to access object






39. Low level - pertaining to planning






40. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management






41. Those who initiate the attack






42. Written step-by-step actions






43. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.






44. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.






45. Malware that subverts the detective controls of an operating system






46. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






47. Mediation of subject and object interactions






48. Business and technical process of applying security software updates in a regulated periodic way






49. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






50. Actions measured against either a policy or what a reasonable person would do