Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Act of scrambling the cleartext message by using a key.






2. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.






3. A layer 3 device that used to connect two or more network segments and regulate traffic.






4. Controls deployed to avert unauthorized and/or undesired actions.






5. Granular decision by a system of permitting or denying access to a particular resource on the system






6. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs






7. Event(s) that cause harm






8. One way encryption






9. Renders the record inaccessible to the database management system






10. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals






11. A risk assessment method - intrinsic value






12. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






13. Controls for logging and alerting






14. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






15. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.






16. An encryption method that has a key as long as the message






17. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






18. Descrambling the encrypted message with the corresponding key






19. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.






20. Organized group of compromised computers






21. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.






22. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






23. More than one CPU on a single board






24. System mediation of access with the focus on the context of the request






25. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.






26. Control category - more than one control on a single asset






27. A process state - to be executing a process on the CPU






28. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






29. The connection between a wireless and wired network.






30. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






31. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination






32. A secure connection to another network.






33. Potential danger to information or systems






34. Vehicle stopping object






35. To segregate for the purposes of labeling






36. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.






37. A control before attack






38. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated






39. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.






40. An availability attack - to consume resources to the point of exhaustion






41. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






42. To evaluate the current situation and make basic decisions as to what to do






43. High frequency noise






44. The technical and risk assesment of a system within the context of the operating environment






45. Control category- to restore to a previous state by removing the adversary and or the results of their actions






46. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.






47. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy






48. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.






49. Tool which mediates access






50. Line by line translation from a high level language to machine code