Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. For PKI - to have more than one person in charge of a sensitive function






2. Malware that makes many small changes over time to a single data point or system






3. Converts source code to an executable






4. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






5. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






6. Part of a transaction control for a database which informs the database of the last recorded transaction






7. Trading one for another






8. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code






9. One way encryption






10. Try a list of words in passwords or encryption keys






11. Business and technical process of applying security software updates in a regulated periodic way






12. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






13. Subset of operating systems components dedicated to protection mechanisms






14. Recovery alternative - short-term - high cost movable processing location






15. Record history of incident






16. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






17. Most granular organization of controls






18. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements






19. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.






20. A group or network of honeypots






21. To evaluate the current situation and make basic decisions as to what to do






22. Location where coordination and execution of BCP or DRP is directed






23. Object based description of a system or a collection of resources






24. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.






25. Act of scrambling the cleartext message by using a key.






26. Those who initiate the attack






27. Unsolicited advertising software






28. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






29. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.






30. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






31. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






32. Controls for termination of attempt to access object






33. Just enough access to do the job






34. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






35. Independent malware that requires user interaction to execute






36. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






37. With enough computing power trying all possible combinations






38. Asymmetric encryption of a hash of message






39. Planning with a goal of returning to the normal business function






40. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.






41. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






42. Hitting a filed down key in a lock with a hammer to open without real key






43. Security policy - procedures - and compliance enforcement






44. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)






45. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.






46. The property that data meet with a priority expectation of quality and that the data can be relied upon.






47. The chance that something negative will occur






48. Sudden rise in voltage in the power supply.






49. Reprogrammable basic startup instructions






50. Small data warehouse