Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The study of cryptography and cryptanalysis






2. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






3. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm






4. An alert or alarm that is triggered when no actual attack has taken place






5. An event which stops business from continuing.






6. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.






7. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






8. An attack that breaks up malicious code into fragments - in an attempt to elude detection.






9. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






10. To break a business process into separate functions and assign to different people






11. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






12. Firewalls - encryption - and access control lists






13. Uncleared buffers or media






14. Recognition of an individual's assertion of identity.






15. Unchecked data which spills into another location in memory






16. Event(s) that cause harm






17. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.






18. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions






19. Total number of keys available that may be selected by the user of a cryptosystem






20. Memory management technique which allows data to be moved from one memory address to another






21. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






22. Intellectual property management technique for identifying after distribution






23. Two different keys decrypt the same cipher text






24. Searching for wireless networks in a moving car.






25. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






26. Location where coordination and execution of BCP or DRP is directed






27. Converts source code to an executable






28. Representatives from each functional area or department get together and walk through the plan from beginning to end.






29. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






30. A layer 2 device that used to connect two or more network segments and regulate traffic.






31. A covert storage channel on the file attribute






32. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






33. The core logic engine of an operating system which almost never changes






34. Used to code/decode a digital data stream.






35. OOP concept of a template that consist of attributes and behaviors






36. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.






37. The first rating that requires security labels






38. Specific format of technical and physical controls that support the chosen framework and the architecture






39. For PKI - decertify an entities certificate






40. The event signaling an IDS to produce an alarm when no attack has taken place






41. State of computer - to be running a process






42. Try a list of words in passwords or encryption keys






43. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






44. Can be statistical (monitor behavior) or signature based (watch for known attacks)






45. Fault tolerance for power






46. Using small special tools all tumblers of the lock are aligned - opening the door






47. A process state - to be executing a process on the CPU






48. A system designed to prevent unauthorized access to or from a private network.






49. Mediation of covert channels must be addressed






50. A device that sequentially switches multiple analog inputs to the output.