Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. High frequency noise






2. Impossibility of denying authenticity and identity






3. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






4. Renders the file inaccessible to the operating system - available to reuse for data storage.






5. Short period of low voltage.






6. Inappropriate data






7. Two certificate authorities that trust each other






8. Intellectual property protection for the expression of an idea






9. RADIUS - TACACS+ - Diameter






10. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






11. Mitigation of system or component loss or interruption through use of backup capability.






12. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






13. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.






14. Firewalls - encryption - and access control lists






15. The managerial approval to operate a system based upon knowledge of risk to operate






16. A system that enforces an access control policy between two networks.






17. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.






18. A failure of an IDS to detect an actual attack






19. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






20. A collection of information designed to reduce duplication and increase integrity






21. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.






22. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.






23. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






24. Real-time data backup ( Data Mirroring)






25. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.






26. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.






27. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code






28. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.






29. Evaluation of a system without prior knowledge by the tester






30. Highest level of authority at EOC with knowledge of the business process and the resources available






31. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.






32. Creation distribution update and deletion






33. Maintenance procedures outline the process for the review and update of business continuity plans.






34. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?






35. Independent malware that requires user interaction to execute






36. All of the protection mechanism in a computer system






37. State of computer - to be running a process






38. Line by line translation from a high level language to machine code






39. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.






40. Memory management technique that allows two processes to run concurrently without interaction






41. A structured group of teams ready to take control of the recovery operations if a disaster should occur.






42. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.






43. Recording activities at the keyboard level






44. Event(s) that cause harm






45. Code breaking - practice of defeating the protective properties of cryptography.






46. Potentially compromising leakage of electrical or acoustical signals.






47. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






48. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






49. A documented battle plan for coordinating response to incidents.






50. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.