Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives






2. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.






3. The property that data meet with a priority expectation of quality and that the data can be relied upon.






4. More than one process in the middle of executing at a time






5. Intellectual property protection for the expression of an idea






6. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.






7. Specific format of technical and physical controls that support the chosen framework and the architecture






8. To set the clearance of a subject or the classification of an object






9. A system that enforces an access control policy between two networks.






10. Autonomous malware that requires a flaw in a service






11. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.






12. Summary of a communication for the purpose of integrity






13. Impossibility of denying authenticity and identity






14. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.






15. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.






16. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.






17. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things






18. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






19. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






20. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective






21. A shield against leakage of electromagnetic signals.






22. The guardian of asset(s) - a maintenance activity






23. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.






24. Scrambled form of the message or data






25. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






26. Security policy - procedures - and compliance enforcement






27. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.






28. Maintenance procedures outline the process for the review and update of business continuity plans.






29. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






30. Hardware or software that is part of a larger system






31. The one person responsible for data - its classification and control setting






32. An alert or alarm that is triggered when no actual attack has taken place






33. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






34. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






35. A computer designed for the purpose of studying adversaries






36. Someone who want to know how something works - typically by taking it apart






37. Less granular organization of controls -






38. High frequency noise






39. Natural or human-readable form of message






40. A documented battle plan for coordinating response to incidents.






41. To smooth out reductions or increases in power






42. Maximum tolerance for loss of certain business function - basis of strategy






43. Recovery alternative - complete duplication of services including personnel






44. High degree of visual control






45. Hiding the fact that communication has occurred






46. Most granular organization of controls






47. Quantity of risk remaining after a control is applied






48. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






49. Process whereby data is removed from active files and other data storage structures






50. False memory reference