Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Something that happened






2. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.






3. An individuals conduct that violates government laws developed to protect the public






4. Planning with a goal of returning to the normal business function






5. A test conducted on one or more components of a plan under actual operating conditions.






6. Program instructions based upon the CPU's specific architecture






7. A design methodology which executes in a linear one way fashion






8. Someone who wants to cause harm






9. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?






10. Trading one for another






11. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






12. A layer 2 device that used to connect two network segments and regulate traffic.






13. Subject based description of a system or a collection of resources






14. Creation distribution update and deletion






15. The problems solving state - the opposite of supervisor mode






16. Try a list of words in passwords or encryption keys






17. OOP concept of an object's abilities - what it does






18. Line by line translation from a high level language to machine code






19. A process state - to be executing a process on the CPU






20. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions






21. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






22. Disruption of operation of an electronic device due to a competing electromagnetic field.






23. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.






24. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.






25. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys






26. Converts source code to an executable






27. Alerts personnel to the presence of a fire






28. The chance that something negative will occur






29. Total number of keys available that may be selected by the user of a cryptosystem






30. Induces a crime - tricks a person - and is illegal






31. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate






32. Indivisible - data field must contain only one value that either all transactions take place or none do






33. Of a system without prior knowledge by the tester or the tested






34. Define the way in which the organization operates.






35. Intellectual property protection for marketing efforts






36. Encryption system using a pair of mathematically related unequal keys






37. Communication of a security incident to stakeholders and data owners.






38. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.






39. System mediation of access with the focus on the context of the request






40. The guardian of asset(s) - a maintenance activity






41. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






42. Converts a high level language into machine language






43. Location where coordination and execution of BCP or DRP is directed






44. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






45. A electronic attestation of identity by a certificate authority






46. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






47. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






48. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






49. Mitigate damage by isolating compromised systems from the network.






50. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)