Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Those who initiate the attack






2. Recording the Who What When Where How of evidence






3. Guidelines within an organization that control the rules and configurations of an IDS






4. A structured group of teams ready to take control of the recovery operations if a disaster should occur.






5. Creation distribution update and deletion






6. The partial or full duplication of data from a source database to one or more destination databases.






7. Moving the alphabet intact a certain number spaces






8. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






9. One way encryption






10. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






11. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources






12. Recovery alternative which includes cold site and some equipment and infrastructure is available






13. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.






14. A unit of execution






15. Real-time data backup ( Data Mirroring)






16. A design methodology which addresses risk early and often






17. A process state - to be executing a process on the CPU






18. The connection between a wireless and wired network.






19. An availability attack - to consume resources to the point of exhaustion






20. Encryption system using shared key/private key/single key/secret key






21. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.






22. Encryption system using a pair of mathematically related unequal keys






23. A back up type - where the organization has excess capacity in another location.






24. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






25. A backup type which creates a complete copy






26. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.






27. Collection of data on business functions which determines the strategy of resiliency






28. Written step-by-step actions






29. A process state - (blocked) needing input before continuing






30. Mitigate damage by isolating compromised systems from the network.






31. The core of a computer that calculates






32. Quantity of risk remaining after a control is applied






33. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






34. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






35. A BCP testing type - a test that answers the question: Can the organization replicate the business process?






36. Methodical research of an incident with the purpose of finding the root cause






37. Someone who want to know how something works - typically by taking it apart






38. Hiding the fact that communication has occurred






39. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






40. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.






41. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






42. The chance that something negative will occur






43. Effort/time needed to overcome a protective measure






44. Statistical probabilities of a collision are more likely than one thinks






45. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






46. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions






47. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






48. Alerts personnel to the presence of a fire






49. Forgery of the sender's email address in an email header.






50. Malware that makes many small changes over time to a single data point or system