Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Measures followed to restore critical functions following a security incident.






2. Highest level of authority at EOC with knowledge of the business process and the resources available






3. Scrambled form of the message or data






4. Control type- that is communication based - typically written or oral






5. Effort/time needed to overcome a protective measure






6. An attack that breaks up malicious code into fragments - in an attempt to elude detection.






7. High frequency noise






8. OOP concept of a template that consist of attributes and behaviors






9. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.






10. Low level - pertaining to planning






11. Define the way in which the organization operates.






12. Event(s) that cause harm






13. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.






14. Consume resources to a point of exhaustion - loss of availability






15. Object reuse protection and auditing






16. A choice in risk management - to convince another to assume risk - typically by payment






17. A control before attack






18. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.






19. Object based description of a system or a collection of resources






20. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






21. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas






22. Long term knowledge building






23. To evaluate the current situation and make basic decisions as to what to do






24. A template for the designing the architecture






25. Initial surge of current






26. Act of luring an intruder and is legal.






27. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






28. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.






29. A mail server that improperly allows inbound SMTP connections for domains it does not serve.






30. Just enough access to do the job






31. Trading one for another






32. OOP concept of a taking attributes from the original or parent






33. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.






34. Try a list of words in passwords or encryption keys






35. To reduce fire






36. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.






37. Data or interference that can trigger a false positive






38. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.






39. Lower frequency noise






40. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






41. A form of data hiding which protects running threads of execution from using each other's memory






42. Potential danger to information or systems






43. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






44. More than one CPU on a single board






45. Policy or stated actions






46. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.






47. An image compression standard for photographs






48. Written internalized or nationalized norms that are internal to an organization






49. Real-time - automatic and transparent backup of data.






50. To start business continuity processes