Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The connection between a wireless and wired network.






2. For PKI - to have more than one person in charge of a sensitive function






3. Property that data is represented in the same manner at all times






4. Try a list of words in passwords or encryption keys






5. Physical description on the exterior of an object that communicates the existence of a label






6. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






7. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






8. Recognition of an individual's assertion of identity.






9. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions






10. Summary of a communication for the purpose of integrity






11. Maintenance procedures outline the process for the review and update of business continuity plans.






12. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions






13. The level and label given to an individual for the purpose of compartmentalization






14. The collection and summation of risk data relating to a particular asset and controls for that asset






15. Real-time data backup ( Data Mirroring)






16. Potentially compromising leakage of electrical or acoustical signals.






17. Memory management technique which allows subjects to use the same resource






18. Controls for logging and alerting






19. A database that contains the name - type - range of values - source and authorization for access for each data element






20. An encryption method that has a key as long as the message






21. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






22. A device that sequentially switches multiple analog inputs to the output.






23. A shield against leakage of electromagnetic signals.






24. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources






25. Quantity of risk remaining after a control is applied






26. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."






27. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.






28. Memory management technique which allows data to be moved from one memory address to another






29. Outputs within a given function are the same result






30. Evidence must be: admissible - authentic - complete - accurate - and convincing






31. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions






32. Return to a normal state






33. Written core statements that rarely change






34. Controls for termination of attempt to access object






35. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






36. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






37. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services






38. Of a system without prior knowledge by the tester or the tested






39. System of law based upon what is good for society






40. To evaluate the current situation and make basic decisions as to what to do






41. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






42. The technical and risk assesment of a system within the context of the operating environment






43. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance






44. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due






45. Pertaining to law - verified as real






46. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






47. Independent malware that requires user interaction to execute






48. Something that happened






49. A legal enforceable agreement between: two people - two organizations - a person and an organization.






50. Record history of incident