Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.






2. A system that enforces an access control policy between two networks.






3. A database backup type which records at the transaction level






4. Data or interference that can trigger a false positive






5. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.






6. Encryption system using a pair of mathematically related unequal keys






7. A technology that reduces the size of a file.






8. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






9. Intermediate level - pertaining to planning






10. Fault tolerance for power






11. To stop damage from spreading






12. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.






13. System of law based upon what is good for society






14. Communication of a security incident to stakeholders and data owners.






15. A layer 2 device that used to connect two or more network segments and regulate traffic.






16. Induces a crime - tricks a person - and is illegal






17. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.






18. A hash that has been further encrypted with a symmetric algorithm






19. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






20. A backup type - for databases at a point in time






21. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials






22. Recovery alternative which outsources a business function at a cost






23. Information about data or records






24. A backup type which creates a complete copy






25. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






26. Mitigate damage by isolating compromised systems from the network.






27. Consume resources to a point of exhaustion - loss of availability






28. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.






29. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






30. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.






31. Long term knowledge building






32. A subnetwork with storage devices servicing all servers on the attached network.






33. Written internalized or nationalized norms that are internal to an organization






34. Substitution at the word or phrase level






35. Control category- to discourage an adversary from attempting to access






36. Scrambled form of the message or data






37. The principles a person sets for themselves to follow






38. Threats x Vulnerability x Asset Value = Total Risk






39. Written step-by-step actions






40. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






41. A BCP testing type - a test that answers the question: Can the organization replicate the business process?






42. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






43. A programming device use in development to circumvent controls






44. Natural or human-readable form of message






45. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






46. High level - pertaining to planning






47. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.






48. Code breaking - practice of defeating the protective properties of cryptography.






49. Inappropriate data






50. Independent malware that requires user interaction to execute