Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To break a business process into separate functions and assign to different people






2. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.






3. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






4. Intermediate level - pertaining to planning






5. Maximum tolerance for loss of certain business function - basis of strategy






6. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions






7. A device that sequentially switches multiple analog inputs to the output.






8. A program with an inappropriate second purpose






9. To set the clearance of a subject or the classification of an object






10. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






11. Continuous surveillance - to provide for detection and response of any failure in preventive controls.






12. Information about a particular data set






13. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






14. Final purpose or result






15. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






16. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due






17. Line noise that is superimposed on the supply circuit.






18. OOP concept of a distinct copy of the class






19. Two certificate authorities that trust each other






20. Mitigation of system or component loss or interruption through use of backup capability.






21. An individuals conduct that violates government laws developed to protect the public






22. Claiming another's identity at a physical level






23. Subject based description of a system or a collection of resources






24. The core of a computer that calculates






25. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






26. Evaluation of a system without prior knowledge by the tester






27. Representatives from each functional area or department get together and walk through the plan from beginning to end.






28. A copy of transaction data - designed for querying and reporting






29. Employment education done once per position or at significant change of function






30. Potentially retrievable data residue that remains following intended erasure of data.






31. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






32. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






33. Key






34. Sudden rise in voltage in the power supply.






35. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






36. Physical description on the exterior of an object that communicates the existence of a label






37. A database that contains the name - type - range of values - source and authorization for access for each data element






38. Controls for logging and alerting






39. Measures followed to restore critical functions following a security incident.






40. Subjects will not interact with each other's objects






41. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing






42. Segmented memory addressing - encapsulation of objects - time multiplexing of shared resources - naming distinctions - and virtual mapping.






43. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.






44. Wrong against society






45. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives






46. A structured group of teams ready to take control of the recovery operations if a disaster should occur.






47. Amount of time for restoring a business process or function to normal operations without major loss






48. To collect many small pieces of data






49. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






50. A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?