Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A database backup type which records at the transaction level






2. Use of specialized techniques for recovery - authentication - and analysis of electronic data






3. Communication of a security incident to stakeholders and data owners.






4. A database that contains the name - type - range of values - source and authorization for access for each data element






5. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






6. System mediation of access with the focus on the context of the request






7. A electronic attestation of identity by a certificate authority






8. OOP concept of an object at runtime






9. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






10. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor






11. Uses two or more legal systems






12. To start business continuity processes






13. Two certificate authorities that trust each other






14. Final purpose or result






15. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.






16. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






17. A collection of information designed to reduce duplication and increase integrity






18. Control category- to restore to a previous state by removing the adversary and or the results of their actions






19. Natural occurrence in circuits that are in close proximity






20. The collection and summation of risk data relating to a particular asset and controls for that asset






21. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






22. A backup of data located where staff can gain access immediately






23. Something that happened






24. Reduces causes of fire






25. A system that enforces an access control policy between two networks.






26. A programming design concept which abstracts one set of functions from another in a serialized fashion






27. Malware that makes many small changes over time to a single data point or system






28. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






29. Reduction of voltage by the utility company for a prolonged period of time






30. Data or interference that can trigger a false positive






31. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.






32. A template for the designing the architecture






33. A mail server that improperly allows inbound SMTP connections for domains it does not serve.






34. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






35. A design methodology which executes in a linear one way fashion






36. Recording activities at the keyboard level






37. Forging of an IP address.






38. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.






39. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.






40. Induces a crime - tricks a person - and is illegal






41. For PKI - decertify an entities certificate






42. Regular operations are stopped and where processing is moved to the alternate site.






43. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






44. Program instructions based upon the CPU's specific architecture






45. A device that converts between digital and analog representation of data.






46. A device that sequentially switches multiple analog inputs to the output.






47. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






48. Firewalls - encryption - and access control lists






49. People who interact with assets






50. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.