Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Review of data






2. Subset of operating systems components dedicated to protection mechanisms






3. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






4. High degree of visual control






5. A collection of information designed to reduce duplication and increase integrity






6. Is secondhand and usually not admissible in court






7. Unsolicited commercial email






8. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.






9. Total number of keys available that may be selected by the user of a cryptosystem






10. The chance that something negative will occur






11. An attack involving the hijacking of a TCP session by predicting a sequence number.






12. Control category- to record an adversary's actions






13. Representatives from each functional area or department get together and walk through the plan from beginning to end.






14. Intermediate level - pertaining to planning






15. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.






16. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc






17. Controls deployed to avert unauthorized and/or undesired actions.






18. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






19. For PKI - to store another copy of a key






20. Unused storage capacity






21. Some systems are actually run at the alternate site






22. Converts a high level language into machine language






23. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements






24. Individuals and departments responsible for the storage and safeguarding of computerized data.






25. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






26. An individuals conduct that violates government laws developed to protect the public






27. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a concentrator).






28. Pertaining to law - no omissions






29. Organized group of compromised computers






30. Methodical research of an incident with the purpose of finding the root cause






31. A process state - (blocked) needing input before continuing






32. Code making






33. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






34. Can be statistical (monitor behavior) or signature based (watch for known attacks)






35. The property that data meet with a priority expectation of quality and that the data can be relied upon.






36. To create a copy of data as a precaution against the loss or damage of the original data.






37. Someone who want to know how something works - typically by taking it apart






38. A electronic attestation of identity by a certificate authority






39. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






40. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate






41. Just enough access to do the job






42. The level and label given to an individual for the purpose of compartmentalization






43. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm






44. Mathematical function that determines the cryptographic operations






45. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.






46. May be responsible for overall recovery of an organization or unit(s).






47. Recognition of an individual's assertion of identity.






48. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






49. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






50. A design methodology which executes in a linear one way fashion