Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The managerial approval to operate a system based upon knowledge of risk to operate






2. Narrow scope examination of a system






3. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






4. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.






5. Someone who want to know how something works - typically by taking it apart






6. All of the protection mechanism in a computer system






7. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.






8. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






9. A technology that reduces the size of a file.






10. Recovery alternative - complete duplication of services including personnel






11. Control category - more than one control on a single asset






12. Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."






13. A running key using a random key that is never used again






14. A distributed system's transaction control that requires updates to complete or rollback






15. A choice in risk management - to convince another to assume risk - typically by payment






16. To evaluate the current situation and make basic decisions as to what to do






17. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.






18. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.






19. Control category- to restore to a previous state by removing the adversary and or the results of their actions






20. Mediation of covert channels must be addressed






21. A hash that has been further encrypted with a symmetric algorithm






22. A state where two subjects can access the same object without proper mediation






23. The partial or full duplication of data from a source database to one or more destination databases.






24. System directed mediation of access with labels






25. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.






26. Potentially retrievable data residue that remains following intended erasure of data.






27. A control after attack






28. Potential danger to information or systems






29. An encryption method that has a key as long as the message






30. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






31. Recording the Who What When Where How of evidence






32. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






33. Written internalized or nationalized norms that are internal to an organization






34. A programming device use in development to circumvent controls






35. Intellectual property protection for an invention






36. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.






37. Planning for the delegation of authority required when decisions must be made without the normal chain of command






38. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






39. Organized group of compromised computers






40. Property that data is represented in the same manner at all times






41. An availability attack - to consume resources to the point of exhaustion






42. Responsibility for actions






43. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






44. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






45. Weakness or flaw in an asset






46. Process whereby data is removed from active files and other data storage structures






47. A state for operating system tasks only






48. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated






49. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






50. Something that happened







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests