Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Recording activities at the keyboard level






2. Collection of data on business functions which determines the strategy of resiliency






3. Dedicated fast memory located on the same board as the CPU






4. A device that provides the functions of both a bridge and a router.






5. Recovery alternative - complete duplication of services including personnel






6. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






7. A BCP testing type - a test that answers the question: Can the organization replicate the business process?






8. Renders the record inaccessible to the database management system






9. For PKI - to store another copy of a key






10. Business and technical process of applying security software updates in a regulated periodic way






11. Natural occurrence in circuits that are in close proximity






12. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






13. Scrambled form of the message or data






14. Short period of low voltage.






15. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.






16. A hash that has been further encrypted with a symmetric algorithm






17. Use of specialized techniques for recovery - authentication - and analysis of electronic data






18. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner






19. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






20. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities






21. Indivisible - data field must contain only one value that either all transactions take place or none do






22. Lower frequency noise






23. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.






24. A back up type - where the organization has excess capacity in another location.






25. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas






26. Line noise that is superimposed on the supply circuit.






27. Wrong against society






28. Prolonged loss of commercial power






29. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






30. Transaction controls for a database - a return to a previous state






31. DoS - Spoofing - dictionary - brute force - wardialing






32. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.






33. Using small special tools all tumblers of the lock are aligned - opening the door






34. A layer 2 device that used to connect two or more network segments and regulate traffic.






35. One entity with two competing allegiances






36. System directed mediation of access with labels






37. Another subject cannot see an ongoing or pending update until it is complete






38. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.






39. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.






40. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






41. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






42. Eavesdropping on network communications by a third party.






43. A one way - directed graph which indicates confidentiality or integrity flow






44. Identification and notification of an unauthorized and/or undesired action






45. Intellectual property protection for an invention






46. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.






47. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






48. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys






49. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).






50. Creation distribution update and deletion