Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Uncleared buffers or media






2. Try a list of words in passwords or encryption keys






3. A layer 2 device that used to connect two or more network segments and regulate traffic.






4. Impossibility of denying authenticity and identity






5. An encryption method that has a key as long as the message






6. A state for operating system tasks only






7. Power surge






8. Calculation encompassing threats - vulnerabilities and assets






9. Mediation of covert channels must be addressed






10. A template for the designing the architecture






11. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.






12. A device that provides the functions of both a bridge and a router.






13. Location to perform the business function






14. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.






15. Business and technical process of applying security software updates in a regulated periodic way






16. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.






17. Weak evidence






18. Using small special tools all tumblers of the lock are aligned - opening the door






19. Requirement to take time off






20. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.






21. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions






22. Intellectual property protection for marketing efforts






23. A process state - to be executing a process on the CPU






24. To break a business process into separate functions and assign to different people






25. A choice in risk management - to implement a control that limits or lessens negative effects






26. Just enough access to do the job






27. Employment education done once per position or at significant change of function






28. Evaluation of a system without prior knowledge by the tester






29. Converts a high level language into machine language






30. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






31. An asymmetric cryptography mechanism that provides authentication.






32. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.






33. Amount of time for restoring a business process or function to normal operations without major loss






34. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.






35. Subject based description of a system or a collection of resources






36. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






37. To move from location to location - keeping the same function






38. Pertaining to law - lending it self to one side of an argument






39. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal






40. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






41. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive






42. One way encryption






43. Using many alphabets






44. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






45. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.






46. Control category - more than one control on a single asset






47. Joining two pieces of text






48. Individuals and departments responsible for the storage and safeguarding of computerized data.






49. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






50. What is will remain - persistence