Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A programming design concept which abstracts one set of functions from another in a serialized fashion






2. To reduce fire






3. Program that inappropriately collects private data or activity






4. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks






5. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






6. Recovery alternative - everything needed for the business function - except people and last backup






7. Someone who wants to cause harm






8. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components






9. A world-wide wireless technology






10. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data






11. To create a copy of data as a precaution against the loss or damage of the original data.






12. Location to perform the business function






13. Measures followed to restore critical functions following a security incident.






14. Just enough access to do the job






15. Process whereby data is removed from active files and other data storage structures






16. The partial or full duplication of data from a source database to one or more destination databases.






17. Alerts personnel to the presence of a fire






18. Code breaking - practice of defeating the protective properties of cryptography.






19. A Denial of Service attack that floods the target system with connection requests that are not finalized.






20. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.






21. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






22. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.






23. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.






24. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc






25. Uncleared buffers or media






26. Independent malware that requires user interaction to execute






27. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals






28. Some systems are actually run at the alternate site






29. Methodical research of an incident with the purpose of finding the root cause






30. Unchecked data which spills into another location in memory






31. A collection of information designed to reduce duplication and increase integrity






32. Planning for the delegation of authority required when decisions must be made without the normal chain of command






33. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."






34. Review of data






35. Quantity of risk remaining after a control is applied






36. High level design or model with a goal of consistency - integrity - and balance






37. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives






38. A programming device use in development to circumvent controls






39. Eavesdropping on network communications by a third party.






40. A test conducted on one or more components of a plan under actual operating conditions.






41. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources






42. A passive network attack involving monitoring of traffic.






43. Scrambled form of the message or data






44. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials






45. Abstract and mathematical in nature - defining all possible states - transitions and operations






46. Substitution at the word or phrase level






47. Recovery alternative - complete duplication of services including personnel






48. Maintenance procedures outline the process for the review and update of business continuity plans.






49. Amount of time for restoring a business process or function to normal operations without major loss






50. A planned or unplanned interruption in system availability.