Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.






2. Alerts personnel to the presence of a fire






3. Amount of time for restoring a business process or function to normal operations without major loss






4. Malware that makes small random changes to many data points






5. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data






6. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






7. A collection of information designed to reduce duplication and increase integrity






8. An administrative unit or a group of objects and subjects controlled by one reference monitor






9. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






10. Someone who want to know how something works - typically by taking it apart






11. Mediation of covert channels must be addressed






12. A telephone exchange for a specific office or business.






13. Code making






14. Security policy - procedures - and compliance enforcement






15. Control category- to give instructions or inform






16. A state for operating system tasks only






17. Unused storage capacity






18. A backup of data located where staff can gain access immediately






19. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






20. Evidence must be: admissible - authentic - complete - accurate - and convincing






21. Natural occurrence in circuits that are in close proximity






22. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.






23. More than one processor sharing same memory - also know as parallel systems






24. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.






25. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






26. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals






27. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






28. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






29. Process whereby data is removed from active files and other data storage structures






30. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






31. A Denial of Service attack that floods the target system with connection requests that are not finalized.






32. Object based description of a system or a collection of resources






33. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






34. Memory management technique that allows two processes to run concurrently without interaction






35. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






36. Total number of keys available that may be selected by the user of a cryptosystem






37. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance






38. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.






39. Wrong against society






40. Communication of a security incident to stakeholders and data owners.






41. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






42. To evaluate the current situation and make basic decisions as to what to do






43. With enough computing power trying all possible combinations






44. Regular operations are stopped and where processing is moved to the alternate site.






45. Written internalized or nationalized norms that are internal to an organization






46. Data or interference that can trigger a false positive






47. Standard for the establishment - implementation - control - and improvement of the Information Security Management System






48. A basic level of network access control that is based upon information contained in the IP packet header.






49. Planning for the delegation of authority required when decisions must be made without the normal chain of command






50. System mediation of access with the focus on the context of the request