Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






2. A state for operating system tasks only






3. Independent malware that requires user interaction to execute






4. An alert or alarm that is triggered when no actual attack has taken place






5. Wrong against society






6. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






7. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






8. Encryption system using shared key/private key/single key/secret key






9. A template for the designing the architecture






10. The connection between a wireless and wired network.






11. A type of multitasking that allows for more even distribution of computing time among competing request






12. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.






13. Most granular organization of controls






14. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






15. Responsibility of a user for the actions taken by their account which requires unique identification






16. Scrambled form of the message or data






17. Object based description of a single resource and the permission each subject






18. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components






19. RADIUS - TACACS+ - Diameter






20. Actions measured against either a policy or what a reasonable person would do






21. A mobilized resource purchased or contracted for the purpose of business recovery.






22. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






23. A covert storage channel on the file attribute






24. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






25. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






26. The study of cryptography and cryptanalysis






27. Control category- to discourage an adversary from attempting to access






28. Hitting a filed down key in a lock with a hammer to open without real key






29. Potentially compromising leakage of electrical or acoustical signals.






30. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






31. Requirement of access to data for a clearly defined purpose






32. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.






33. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.






34. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






35. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.






36. A record that must be preserved and available for retrieval if needed.






37. OOP concept of a template that consist of attributes and behaviors






38. Controls deployed to avert unauthorized and/or undesired actions.






39. To create a copy of data as a precaution against the loss or damage of the original data.






40. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm






41. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






42. OOP concept of a distinct copy of the class






43. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






44. Responsibility for actions






45. The guardian of asset(s) - a maintenance activity






46. Property that data is represented in the same manner at all times






47. All of the protection mechanism in a computer system






48. A control before attack






49. Hiding the fact that communication has occurred






50. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.