Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






2. The property that data meet with a priority expectation of quality and that the data can be relied upon.






3. Prolonged loss of commercial power






4. A world-wide wireless technology






5. More than one processor sharing same memory - also know as parallel systems






6. Granular decision by a system of permitting or denying access to a particular resource on the system






7. Requirement of access to data for a clearly defined purpose






8. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






9. A temporary public file to inform others of a compromised digital certificate






10. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities






11. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources






12. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






13. A hash that has been further encrypted with a symmetric algorithm






14. Can be statistical (monitor behavior) or signature based (watch for known attacks)






15. OOP concept of a template that consist of attributes and behaviors






16. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components






17. A control before attack






18. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.






19. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






20. An encryption method that has a key as long as the message






21. A template for the designing the architecture






22. OOP concept of an object's abilities - what it does






23. To segregate for the purposes of labeling






24. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






25. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






26. Employment education done once per position or at significant change of function






27. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






28. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.






29. Intellectual property protection for marketing efforts






30. A test conducted on one or more components of a plan under actual operating conditions.






31. Requirement to take time off






32. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.






33. A program with an inappropriate second purpose






34. A Denial of Service attack that floods the target system with connection requests that are not finalized.






35. Recovery alternative - complete duplication of services including personnel






36. A collection of information designed to reduce duplication and increase integrity






37. A covert storage channel on the file attribute






38. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services






39. More than one CPU on a single board






40. An individuals conduct that violates government laws developed to protect the public






41. High degree of visual control






42. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions






43. System directed mediation of access with labels






44. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






45. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






46. Power surge






47. The connection between a wireless and wired network.






48. Independent malware that requires user interaction to execute






49. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






50. Memory management technique that allows two processes to run concurrently without interaction