Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






2. A mobilized resource purchased or contracted for the purpose of business recovery.






3. A database that contains the name - type - range of values - source and authorization for access for each data element






4. Responsibility for actions






5. A temporary public file to inform others of a compromised digital certificate






6. Use of specialized techniques for recovery - authentication - and analysis of electronic data






7. System mediation of access with the focus on the context of the request






8. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination






9. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.






10. Pertaining to law - lending it self to one side of an argument






11. A device that converts between digital and analog representation of data.






12. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data






13. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






14. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






15. Organized group of compromised computers






16. Unsolicited advertising software






17. Controls for logging and alerting






18. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.






19. Key






20. Communication of a security incident to stakeholders and data owners.






21. Control category- to discourage an adversary from attempting to access






22. Information about data or records






23. A design methodology which addresses risk early and often






24. Location where coordination and execution of BCP or DRP is directed






25. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.






26. Prolonged loss of commercial power






27. Moving the alphabet intact a certain number spaces






28. People who interact with assets






29. An availability attack - to consume resources to the point of exhaustion






30. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






31. A programming device use in development to circumvent controls






32. Intellectual property protection for an invention






33. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.






34. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)






35. A database backup type which records at the transaction level






36. Recovery alternative - a building only with sufficient power - and HVAC






37. To move from location to location - keeping the same function






38. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.






39. A shield against leakage of electromagnetic signals.






40. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






41. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






42. The managerial approval to operate a system based upon knowledge of risk to operate






43. A trusted issuer of digital certificates






44. More than one processor sharing same memory - also know as parallel systems






45. To set the clearance of a subject or the classification of an object






46. Code breaking - practice of defeating the protective properties of cryptography.






47. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






48. Creation distribution update and deletion






49. A backup type which creates a complete copy






50. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.