Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Guidelines within an organization that control the rules and configurations of an IDS






2. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






3. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






4. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions






5. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor






6. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.






7. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.






8. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys






9. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.






10. A choice in risk management - to implement a control that limits or lessens negative effects






11. A collection of data or information that has a name






12. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






13. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.






14. More than one process in the middle of executing at a time






15. Eight bits.






16. Impossibility of denying authenticity and identity






17. People who interact with assets






18. Hitting a filed down key in a lock with a hammer to open without real key






19. Of a system without prior knowledge by the tester or the tested






20. Use of specialized techniques for recovery - authentication - and analysis of electronic data






21. Real-time data backup ( Data Mirroring)






22. Recognition of an individual's assertion of identity.






23. Independent malware that requires user interaction to execute






24. Someone who wants to cause harm






25. A condition in which neither party is willing to stop their activity for the other to complete






26. May be responsible for overall recovery of an organization or unit(s).






27. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






28. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).






29. Control category- to restore to a previous state by removing the adversary and or the results of their actions






30. Subject based description of a system or a collection of resources






31. The chance that something negative will occur






32. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






33. Location to perform the business function






34. Some systems are actually run at the alternate site






35. Periodic - automatic and transparent backup of data in bulk.






36. An availability attack - to consume resources to the point of exhaustion






37. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






38. A state where two subjects can access the same object without proper mediation






39. Data or interference that can trigger a false positive






40. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc






41. A unit of execution






42. Mitigate damage by isolating compromised systems from the network.






43. Review of data






44. A process state - to be either be unable to run waiting for an external event or terminated






45. High level - pertaining to planning






46. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






47. Power surge






48. A disturbance that degrades performance of electronic devices and electronic communications.






49. What is will remain - persistence






50. To create a copy of data as a precaution against the loss or damage of the original data.