Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Code breaking - practice of defeating the protective properties of cryptography.






2. Requirement to take time off






3. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






4. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






5. A description of a database






6. Something that happened






7. The technical and risk assesment of a system within the context of the operating environment






8. Wrong against society






9. Unsolicited commercial email






10. To segregate for the purposes of labeling






11. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.






12. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






13. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective






14. High level - pertaining to planning






15. A program that waits for a condition or time to occur that executes an inappropriate activity






16. Long term knowledge building






17. A one way - directed graph which indicates confidentiality or integrity flow






18. A condition in which neither party is willing to stop their activity for the other to complete






19. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






20. A type a computer memory that temporarily stores frequently used information for quick access.






21. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.






22. A device that converts between digital and analog representation of data.






23. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.






24. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






25. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.






26. To create a copy of data as a precaution against the loss or damage of the original data.






27. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






28. The first rating that requires security labels






29. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






30. A type of attack involving attempted insertion - deletion or altering of data.






31. Less granular organization of controls -






32. A form of data hiding which protects running threads of execution from using each other's memory






33. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






34. Intellectual property protection for an confidential and critical process






35. Evaluation of a system without prior knowledge by the tester






36. An availability attack - to consume resources to the point of exhaustion






37. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






38. Measures followed to restore critical functions following a security incident.






39. False memory reference






40. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






41. The hard drive






42. A risk assessment method - intrinsic value






43. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.






44. Sphere of influence






45. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






46. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






47. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






48. The managerial approval to operate a system based upon knowledge of risk to operate






49. Owner directed mediation of access






50. Power surge