Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






2. To set the clearance of a subject or the classification of an object






3. Controls for termination of attempt to access object






4. Provides a physical cross connect point for devices.






5. Process of statistically testing a data set for the likelihood of relevant information.






6. A copy of transaction data - designed for querying and reporting






7. Control category- to give instructions or inform






8. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






9. A BCP testing type - (structured walkthrough) - a test that answers the question: Is everything need for recovery available?






10. The connection between a wireless and wired network.






11. A telephone exchange for a specific office or business.






12. RADIUS - TACACS+ - Diameter






13. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.






14. Claiming another's identity at a physical level






15. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated






16. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






17. OOP concept of a taking attributes from the original or parent






18. Pertaining to law - lending it self to one side of an argument






19. Memory management technique which allows data to be moved from one memory address to another






20. Eavesdropping on network communications by a third party.






21. Key






22. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.






23. A form of data hiding which protects running threads of execution from using each other's memory






24. One entity with two competing allegiances






25. A hash that has been further encrypted with a symmetric algorithm






26. The core of a computer that calculates






27. Intellectual property protection for marketing efforts






28. The managerial approval to operate a system based upon knowledge of risk to operate






29. A type a computer memory that temporarily stores frequently used information for quick access.






30. Control type- that is communication based - typically written or oral






31. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






32. Measures followed to restore critical functions following a security incident.






33. Mitigate damage by isolating compromised systems from the network.






34. Impossibility of denying authenticity and identity






35. To assert or claim credentialing to an authentication system






36. Object based description of a system or a collection of resources






37. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






38. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.






39. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






40. Narrow scope examination of a system






41. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






42. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.






43. More than one process in the middle of executing at a time






44. A system that enforces an access control policy between two networks.






45. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.






46. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.






47. Communication of a security incident to stakeholders and data owners.






48. A legal enforceable agreement between: two people - two organizations - a person and an organization.






49. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






50. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.