Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.






2. A passive network attack involving monitoring of traffic.






3. Uncleared buffers or media






4. Momentary loss of power






5. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.






6. System mediation of access with the focus on the context of the request






7. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.






8. Implementation of measures to deter specific threats to the continuity of business operations - and/or respond to any occurrence of such threats in a timely and appropriate manner.






9. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






10. Using small special tools all tumblers of the lock are aligned - opening the door






11. A BCP testing type - a test that answers the question: Can the organization replicate the business process?






12. A group or network of honeypots






13. Means the systems design and level of protection are verifiable and provide the highest level of assurance and trust.






14. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.






15. A signal suggesting a system has been or is being attacked.






16. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






17. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.






18. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).






19. Hardware or software that is part of a larger system






20. An individuals conduct that violates government laws developed to protect the public






21. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






22. Interception of a communication session by an attacker.






23. Amount of time for restoring a business process or function to normal operations without major loss






24. A subnetwork with storage devices servicing all servers on the attached network.






25. The event signaling an IDS to produce an alarm when no attack has taken place






26. Periodic - automatic and transparent backup of data in bulk.






27. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






28. Evidence must be: admissible - authentic - complete - accurate - and convincing






29. A database that contains the name - type - range of values - source and authorization for access for each data element






30. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.






31. Prolonged loss of commercial power






32. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






33. Converts source code to an executable






34. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things






35. Key






36. The one person responsible for data - its classification and control setting






37. Event(s) that cause harm






38. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.






39. Recovery alternative - everything needed for the business function - except people and last backup






40. Written core statements that rarely change






41. The collection and summation of risk data relating to a particular asset and controls for that asset






42. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






43. Unused storage capacity






44. Real-time - automatic and transparent backup of data.






45. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






46. Unsolicited commercial email






47. A telephone exchange for a specific office or business.






48. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






49. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.






50. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






Can you answer 50 questions in 15 minutes?



Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests