Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Object reuse protection and auditing






2. Eavesdropping on network communications by a third party.






3. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals






4. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.






5. To break a business process into separate functions and assign to different people






6. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






7. A database backup type which records at the transaction level






8. Highest level of authority at EOC with knowledge of the business process and the resources available






9. Effort/time needed to overcome a protective measure






10. To move from location to location - keeping the same function






11. A software design technique for abstraction of a process






12. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.






13. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






14. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.






15. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm






16. Unsolicited advertising software






17. Asymmetric encryption of a hash of message






18. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






19. A type of attack involving attempted insertion - deletion or altering of data.






20. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






21. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.






22. Is secondhand and usually not admissible in court






23. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






24. Initial surge of current






25. Hiding the fact that communication has occurred






26. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






27. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.






28. A process state - to be executing a process on the CPU






29. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






30. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.






31. System mediation of access with the focus on the context of the request






32. Small data files written to a user's hard drive by a web server.






33. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.






34. Security policy - procedures - and compliance enforcement






35. OOP concept of a distinct copy of the class






36. Induces a crime - tricks a person - and is illegal






37. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.






38. Firewalls - encryption - and access control lists






39. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.






40. Uncheck data input which results in redirection






41. Of a system without prior knowledge by the tester or the tested






42. Information about data or records






43. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






44. Planning for the delegation of authority required when decisions must be made without the normal chain of command






45. Deals with discretionary protection






46. An image compression standard for photographs






47. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






48. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.






49. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.






50. A template for the designing the architecture