Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Recovery alternative which outsources a business function at a cost






2. The one person responsible for data - its classification and control setting






3. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






4. Someone who want to know how something works - typically by taking it apart






5. Act of luring an intruder and is legal.






6. Evidence must be: admissible - authentic - complete - accurate - and convincing






7. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.






8. Encryption system using shared key/private key/single key/secret key






9. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






10. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.






11. Less granular organization of controls -






12. Vehicle stopping object






13. Short period of low voltage.






14. Written suggestions that direct choice to a few alternatives






15. A Trojan horse with the express underlying purpose of controlling host from a distance






16. A computer designed for the purpose of studying adversaries






17. Requirement to take time off






18. Impossibility of denying authenticity and identity






19. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






20. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






21. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






22. Dedicated fast memory located on the same board as the CPU






23. A state where two subjects can access the same object without proper mediation






24. Renders the file inaccessible to the operating system - available to reuse for data storage.






25. A collection of data or information that has a name






26. RADIUS - TACACS+ - Diameter






27. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals






28. An administrative unit or a group of objects and subjects controlled by one reference monitor






29. High level design or model with a goal of consistency - integrity - and balance






30. State of computer - to be running a process






31. Planning for the delegation of authority required when decisions must be made without the normal chain of command






32. A passive network attack involving monitoring of traffic.






33. A choice in risk management - to convince another to assume risk - typically by payment






34. A control before attack






35. Periodic - automatic and transparent backup of data in bulk.






36. An attack involving the hijacking of a TCP session by predicting a sequence number.






37. Continuous surveillance - to provide for detection and response of any failure in preventive controls.






38. Recording the Who What When Where How of evidence






39. Threats x Vulnerability x Asset Value = Total Risk






40. An asymmetric cryptography mechanism that provides authentication.






41. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.






42. The event signaling an IDS to produce an alarm when no attack has taken place






43. Individuals and departments responsible for the storage and safeguarding of computerized data.






44. Representatives from each functional area or department get together and walk through the plan from beginning to end.






45. Indivisible - data field must contain only one value that either all transactions take place or none do






46. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






47. To evaluate the current situation and make basic decisions as to what to do






48. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks






49. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






50. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






Can you answer 50 questions in 15 minutes?



Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests