Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Planning with a goal of returning to the normal business function






2. Control category- to discourage an adversary from attempting to access






3. A risk assessment method - intrinsic value






4. Organized group of compromised computers






5. Hardware or software that is part of a larger system






6. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate






7. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.






8. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






9. Someone who wants to cause harm






10. Small data warehouse






11. Transaction controls for a database - a return to a previous state






12. Owner directed mediation of access






13. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






14. A state for operating system tasks only






15. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






16. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective






17. A legal enforceable agreement between: two people - two organizations - a person and an organization.






18. Encryption system using a pair of mathematically related unequal keys






19. Real-time data backup ( Data Mirroring)






20. The study of cryptography and cryptanalysis






21. Vehicle stopping object






22. To smooth out reductions or increases in power






23. May be responsible for overall recovery of an organization or unit(s).






24. Unused storage capacity






25. Communicate to stakeholders






26. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance






27. What is will remain - persistence






28. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






29. Unauthorized access of network devices.






30. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN






31. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated






32. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.






33. Communication of a security incident to stakeholders and data owners.






34. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






35. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.






36. A technology that reduces the size of a file.






37. Descrambling the encrypted message with the corresponding key






38. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






39. Written step-by-step actions






40. A program that waits for a condition or time to occur that executes an inappropriate activity






41. Return to a normal state






42. Business and technical process of applying security software updates in a regulated periodic way






43. Heavily populated areas - particularly susceptible to high-intensity earthquakes - floods - tsunamis - or other disasters - for which emergency response may be necessary in the event of a disaster.






44. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






45. A system designed to prevent unauthorized access to or from a private network.






46. Written internalized or nationalized norms that are internal to an organization






47. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






48. Mediation of subject and object interactions






49. The property that data meet with a priority expectation of quality and that the data can be relied upon.






50. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.