Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Joining two pieces of text






2. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)






3. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






4. A choice in risk management - to implement a control that limits or lessens negative effects






5. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.






6. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management






7. Written suggestions that direct choice to a few alternatives






8. Natural occurrence in circuits that are in close proximity






9. Quantity of risk remaining after a control is applied






10. A subnetwork with storage devices servicing all servers on the attached network.






11. System directed mediation of access with labels






12. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






13. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






14. Control category- to record an adversary's actions






15. Encryption system using a pair of mathematically related unequal keys






16. Ertaining to a number system that has just two unique digits.






17. Location where coordination and execution of BCP or DRP is directed






18. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






19. A device that converts between digital and analog representation of data.






20. A mail server that improperly allows inbound SMTP connections for domains it does not serve.






21. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.






22. A backup of data located where staff can gain access readily and a localized disaster will not cause harm






23. Recovery alternative - complete duplication of services including personnel






24. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.






25. People who interact with assets






26. To reduce fire






27. A disturbance that degrades performance of electronic devices and electronic communications.






28. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.






29. Using many alphabets






30. A computer designed for the purpose of studying adversaries






31. Communication of a security incident to stakeholders and data owners.






32. Review of data






33. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






34. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






35. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






36. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials






37. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.






38. Property that data is represented in the same manner at all times






39. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.






40. Written core statements that rarely change






41. Recovery alternative which outsources a business function at a cost






42. Consume resources to a point of exhaustion - loss of availability






43. Using small special tools all tumblers of the lock are aligned - opening the door






44. To execute more than one instruction at an instant in time






45. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






46. Those who initiate the attack






47. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






48. OOP concept of an object at runtime






49. A secure connection to another network.






50. Record of system activity - which provides for monitoring and detection.