Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






2. A copy of transaction data - designed for querying and reporting






3. Those who initiate the attack






4. A shield against leakage of electromagnetic signals.






5. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






6. Low level - pertaining to planning






7. A telephone exchange for a specific office or business.






8. One way encryption






9. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data






10. Dedicated fast memory located on the same board as the CPU






11. A layer 2 device that used to connect two or more network segments and regulate traffic.






12. Standard for the establishment - implementation - control - and improvement of the Information Security Management System






13. A protocol for the efficient transmission of voice over the Internet






14. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing






15. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.






16. Recovery alternative - short-term - high cost movable processing location






17. Also known as regulatory laws - covers standards of performance or conduct expected by government agencies from companies - industries - and certain officials






18. A database backup type which records at the transaction level






19. A electronic attestation of identity by a certificate authority






20. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.






21. Two different keys decrypt the same cipher text






22. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






23. A control after attack






24. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






25. Specific format of technical and physical controls that support the chosen framework and the architecture






26. Review of data






27. A trusted issuer of digital certificates






28. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.






29. Unchecked data which spills into another location in memory






30. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






31. A type of multitasking that allows for more even distribution of computing time among competing request






32. The event signaling an IDS to produce an alarm when no attack has taken place






33. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






34. Collection of data on business functions which determines the strategy of resiliency






35. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.






36. Physical description on the exterior of an object that communicates the existence of a label






37. Less granular organization of controls -






38. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).






39. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






40. The document that defines the resources - actions - tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.






41. More than one CPU on a single board






42. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






43. Malware that makes small random changes to many data points






44. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management






45. Code breaking - practice of defeating the protective properties of cryptography.






46. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate






47. False memory reference






48. Measures followed to restore critical functions following a security incident.






49. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys






50. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities