Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security policy - procedures - and compliance enforcement






2. A failure of an IDS to detect an actual attack






3. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective






4. Mediation of subject and object interactions






5. More than one processor sharing same memory - also know as parallel systems






6. Converts a high level language into machine language






7. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






8. Recovery alternative - everything needed for the business function - except people and last backup






9. Process of statistically testing a data set for the likelihood of relevant information.






10. Location where coordination and execution of BCP or DRP is directed






11. A world-wide wireless technology






12. Reduction of voltage by the utility company for a prolonged period of time






13. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.






14. A programming device use in development to circumvent controls






15. Use of specialized techniques for recovery - authentication - and analysis of electronic data






16. Real-time - automatic and transparent backup of data.






17. A software design technique for abstraction of a process






18. A computer designed for the purpose of studying adversaries






19. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.






20. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






21. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






22. Methodical research of an incident with the purpose of finding the root cause






23. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources






24. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements






25. Hiding the fact that communication has occurred






26. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






27. Return to a normal state






28. A process state - to be executing a process on the CPU






29. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.






30. Inappropriate data






31. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






32. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






33. A control before attack






34. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities






35. Used to code/decode a digital data stream.






36. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






37. A programming design concept which abstracts one set of functions from another in a serialized fashion






38. DoS - Spoofing - dictionary - brute force - wardialing






39. A hash that has been further encrypted with a symmetric algorithm






40. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.






41. An availability attack - to consume resources to the point of exhaustion






42. Weakness or flaw in an asset






43. Employment education done once per position or at significant change of function






44. Memory management technique which allows data to be moved from one memory address to another






45. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.






46. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






47. OOP concept of a class's details to be hidden from object






48. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal






49. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






50. A backup type - for databases at a point in time