Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Moving letters around






2. Abstract and mathematical in nature - defining all possible states - transitions and operations






3. An alert or alarm that is triggered when no actual attack has taken place






4. Individuals and departments responsible for the storage and safeguarding of computerized data.






5. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive






6. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.






7. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.






8. Vehicle or tool that exploits a weakness






9. Key






10. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






11. Unused storage capacity






12. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.






13. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






14. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).






15. Effort/time needed to overcome a protective measure






16. The partial or full duplication of data from a source database to one or more destination databases.






17. A program that waits for a condition or time to occur that executes an inappropriate activity






18. Using small special tools all tumblers of the lock are aligned - opening the door






19. Identification and notification of an unauthorized and/or undesired action






20. An availability attack - to consume resources to the point of exhaustion






21. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions






22. Line noise that is superimposed on the supply circuit.






23. Intellectual property protection for marketing efforts






24. Owner directed mediation of access






25. System of law based upon precedence - with major divisions of criminal - tort - and administrative






26. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.






27. Evidence must be: admissible - authentic - complete - accurate - and convincing






28. Vehicle stopping object






29. Claiming another's identity at a physical level






30. A group or network of honeypots






31. A computer designed for the purpose of studying adversaries






32. Threats x Vulnerability x Asset Value = Total Risk






33. Pertaining to law - high degree of veracity






34. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






35. Ertaining to a number system that has just two unique digits.






36. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






37. The collection and summation of risk data relating to a particular asset and controls for that asset






38. Business and technical process of applying security software updates in a regulated periodic way






39. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.






40. Outputs within a given function are the same result






41. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






42. Planning for the delegation of authority required when decisions must be made without the normal chain of command






43. To start business continuity processes






44. Small data files written to a user's hard drive by a web server.






45. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs






46. Intellectual property protection for an invention






47. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.






48. To stop damage from spreading






49. A backup of data located where staff can gain access immediately






50. To jump to a conclusion