Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Recording activities at the keyboard level






2. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






3. Impossibility of denying authenticity and identity






4. An individuals conduct that violates government laws developed to protect the public






5. Actions measured against either a policy or what a reasonable person would do






6. A computer designed for the purpose of studying adversaries






7. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






8. A design methodology which addresses risk early and often






9. Recovery alternative - everything needed for the business function - except people and last backup






10. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






11. More than one process in the middle of executing at a time






12. Intellectual property protection for an invention






13. Reduction of voltage by the utility company for a prolonged period of time






14. Recording the Who What When Where How of evidence






15. The principles a person sets for themselves to follow






16. Small data warehouse






17. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.






18. Threats x Vulnerability x Asset Value = Total Risk






19. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






20. The property that data meet with a priority expectation of quality and that the data can be relied upon.






21. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.






22. Requirement to take time off






23. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements






24. People protect their domain






25. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.






26. Program that inappropriately collects private data or activity






27. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)






28. Less granular organization of controls -






29. Ertaining to a number system that has just two unique digits.






30. A mail server that improperly allows inbound SMTP connections for domains it does not serve.






31. Define the way in which the organization operates.






32. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.






33. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






34. OOP concept of a class's details to be hidden from object






35. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.






36. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys






37. Policy or stated actions






38. Intellectual property protection for the expression of an idea






39. A process state - to be either be unable to run waiting for an external event or terminated






40. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






41. A system that enforces an access control policy between two networks.






42. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






43. Renders the record inaccessible to the database management system






44. The core of a computer that calculates






45. The event signaling an IDS to produce an alarm when no attack has taken place






46. Location where coordination and execution of BCP or DRP is directed






47. To create a copy of data as a precaution against the loss or damage of the original data.






48. Wrong against society






49. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.






50. Natural or human-readable form of message