Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A hash that has been further encrypted with a symmetric algorithm






2. High level - pertaining to planning






3. Event(s) that cause harm






4. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.






5. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).






6. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






7. A telephone exchange for a specific office or business.






8. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






9. Alerts personnel to the presence of a fire






10. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






11. Real-time data backup ( Data Mirroring)






12. Vehicle stopping object






13. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






14. Program that inappropriately collects private data or activity






15. For PKI - to store another copy of a key






16. Information about a particular data set






17. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.






18. Abstract and mathematical in nature - defining all possible states - transitions and operations






19. Is secondhand and usually not admissible in court






20. Maximum tolerance for loss of certain business function - basis of strategy






21. Memory management technique which allows subjects to use the same resource






22. Regular operations are stopped and where processing is moved to the alternate site.






23. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.






24. To evaluate the current situation and make basic decisions as to what to do






25. A process state - to be either be unable to run waiting for an external event or terminated






26. The one person responsible for data - its classification and control setting






27. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






28. Responsibility of a user for the actions taken by their account which requires unique identification






29. Subset of operating systems components dedicated to protection mechanisms






30. The collection and summation of risk data relating to a particular asset and controls for that asset






31. Object reuse protection and auditing






32. A disturbance that degrades performance of electronic devices and electronic communications.






33. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






34. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions






35. Mitigation of system or component loss or interruption through use of backup capability.






36. Tool which mediates access






37. Representatives from each functional area or department get together and walk through the plan from beginning to end.






38. Small data files written to a user's hard drive by a web server.






39. Periodic - automatic and transparent backup of data in bulk.






40. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive






41. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal






42. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management






43. Measures followed to restore critical functions following a security incident.






44. A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.






45. Unauthorized access of network devices.






46. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






47. Transaction controls for a database - a return to a previous state






48. To reduce sudden rises in current






49. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






50. State of computer - to be running a process