Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To evaluate the current situation and make basic decisions as to what to do






2. To execute more than one instruction at an instant in time






3. What is will remain - persistence






4. Line by line translation from a high level language to machine code






5. To load the first piece of software that starts a computer.






6. A one way - directed graph which indicates confidentiality or integrity flow






7. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






8. An alert or alarm that is triggered when no actual attack has taken place






9. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN






10. Amount of time for restoring a business process or function to normal operations without major loss






11. A test conducted on one or more components of a plan under actual operating conditions.






12. Something that happened






13. All of the protection mechanism in a computer system






14. A set of laws that the organization agrees to be bound by






15. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.






16. A type of attack involving attempted insertion - deletion or altering of data.






17. A control before attack






18. Abstract and mathematical in nature - defining all possible states - transitions and operations






19. Converts source code to an executable






20. To create a copy of data as a precaution against the loss or damage of the original data.






21. Program that inappropriately collects private data or activity






22. Joining two pieces of text






23. Controls for termination of attempt to access object






24. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






25. A copy of transaction data - designed for querying and reporting






26. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.






27. Act of scrambling the cleartext message by using a key.






28. Scrambled form of the message or data






29. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.






30. Maintenance procedures outline the process for the review and update of business continuity plans.






31. Vehicle stopping object






32. A secure connection to another network.






33. Descrambling the encrypted message with the corresponding key






34. People who interact with assets






35. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






36. A risk assessment method - intrinsic value






37. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






38. Object based description of a single resource and the permission each subject






39. Individuals and departments responsible for the storage and safeguarding of computerized data.






40. To reduce sudden rises in current






41. Maximum tolerance for loss of certain business function - basis of strategy






42. Substitution at the word or phrase level






43. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






44. System directed mediation of access with labels






45. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






46. Used to code/decode a digital data stream.






47. A layer 2 device that used to connect two or more network segments and regulate traffic.






48. Wrong against society






49. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.






50. Short period of low voltage.