Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A electronic attestation of identity by a certificate authority






2. A protocol for the efficient transmission of voice over the Internet






3. Wrong against society






4. An administrative unit or a group of objects and subjects controlled by one reference monitor






5. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






6. An image compression standard for photographs






7. Control type- that is communication based - typically written or oral






8. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management






9. An asymmetric cryptography mechanism that provides authentication.






10. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






11. The collection and summation of risk data relating to a particular asset and controls for that asset






12. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.






13. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated






14. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






15. A backup of data located where staff can gain access readily and a localized disaster will not cause harm






16. Event(s) that cause harm






17. Autonomous malware that requires a flaw in a service






18. Using small special tools all tumblers of the lock are aligned - opening the door






19. Hitting a filed down key in a lock with a hammer to open without real key






20. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.






21. Hardware or software that is part of a larger system






22. To assert or claim credentialing to an authentication system






23. Someone who wants to cause harm






24. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






25. A layer 2 device that used to connect two network segments and regulate traffic.






26. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






27. Less granular organization of controls -






28. A test conducted on one or more components of a plan under actual operating conditions.






29. Tool which mediates access






30. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






31. Recovery alternative - a building only with sufficient power - and HVAC






32. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






33. A device that provides the functions of both a bridge and a router.






34. The one person responsible for data - its classification and control setting






35. Recovery alternative - complete duplication of services including personnel






36. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources






37. Mathematical function that determines the cryptographic operations






38. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






39. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.






40. Regular operations are stopped and where processing is moved to the alternate site.






41. An individuals conduct that violates government laws developed to protect the public






42. Use of specialized techniques for recovery - authentication - and analysis of electronic data






43. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.






44. To smooth out reductions or increases in power






45. A backup type which creates a complete copy






46. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






47. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






48. Interception of a communication session by an attacker.






49. Binary decision by a system of permitting or denying access to the entire system






50. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.