Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






2. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions






3. To reduce fire






4. An alert or alarm that is triggered when no actual attack has taken place






5. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.






6. A disturbance that degrades performance of electronic devices and electronic communications.






7. To reduce sudden rises in current






8. Just enough access to do the job






9. A process state - (blocked) needing input before continuing






10. Someone who want to know how something works - typically by taking it apart






11. Quantity of risk remaining after a control is applied






12. Claiming another's identity at a physical level






13. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate






14. Searching for wireless networks in a moving car.






15. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






16. Encryption system using shared key/private key/single key/secret key






17. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN






18. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.






19. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management






20. A computer designed for the purpose of studying adversaries






21. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due






22. A mobilized resource purchased or contracted for the purpose of business recovery.






23. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.






24. Descrambling the encrypted message with the corresponding key






25. Regular operations are stopped and where processing is moved to the alternate site.






26. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things






27. Recovery alternative - short-term - high cost movable processing location






28. Forgery of the sender's email address in an email header.






29. A design methodology which addresses risk early and often






30. Natural occurrence in circuits that are in close proximity






31. A collection of information designed to reduce duplication and increase integrity






32. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






33. Reduction of voltage by the utility company for a prolonged period of time






34. Record history of incident






35. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination






36. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






37. Objects or programming that looks the different but act same






38. Written core statements that rarely change






39. DoS - Spoofing - dictionary - brute force - wardialing






40. Property that data is represented in the same manner at all times






41. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.






42. A layer 3 device that used to connect two or more network segments and regulate traffic.






43. Wrong against society






44. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






45. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.






46. The connection between a wireless and wired network.






47. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.






48. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






49. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.






50. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner