Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. System directed mediation of access with labels






2. Security policy - procedures - and compliance enforcement






3. Intellectual property protection for the expression of an idea






4. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






5. Recording the Who What When Where How of evidence






6. Those who initiate the attack






7. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives






8. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






9. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions






10. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.






11. A programming design concept which abstracts one set of functions from another in a serialized fashion






12. Wrong against society






13. OOP concept of a template that consist of attributes and behaviors






14. A computer designed for the purpose of studying adversaries






15. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






16. Forgery of the sender's email address in an email header.






17. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.






18. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






19. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






20. A group of hard drives working as one storage unit for the purpose of speed and fault tolerance






21. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal






22. Forging of an IP address.






23. Renders the file inaccessible to the operating system - available to reuse for data storage.






24. Ertaining to a number system that has just two unique digits.






25. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination






26. Mediation of subject and object interactions






27. The principles a person sets for themselves to follow






28. Line noise that is superimposed on the supply circuit.






29. To stop damage from spreading






30. Guidelines within an organization that control the rules and configurations of an IDS






31. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






32. System mediation of access with the focus on the context of the request






33. Actions measured against either a policy or what a reasonable person would do






34. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






35. A choice in risk management - to convince another to assume risk - typically by payment






36. Threats x Vulnerability x Asset Value = Total Risk






37. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






38. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.






39. To move from location to location - keeping the same function






40. Induces a crime - tricks a person - and is illegal






41. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






42. Total number of keys available that may be selected by the user of a cryptosystem






43. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






44. Mediation of covert channels must be addressed






45. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






46. Responsibility of a user for the actions taken by their account which requires unique identification






47. A covert storage channel on the file attribute






48. Subjects will not interact with each other's objects






49. A template for the designing the architecture






50. A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy