Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Weakness or flaw in an asset






2. Intellectual property protection for an confidential and critical process






3. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.






4. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






5. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






6. The level and label given to an individual for the purpose of compartmentalization






7. A subnetwork with storage devices servicing all servers on the attached network.






8. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






9. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






10. Outputs within a given function are the same result






11. A mobilized resource purchased or contracted for the purpose of business recovery.






12. Recovery alternative which includes cold site and some equipment and infrastructure is available






13. A temporary public file to inform others of a compromised digital certificate






14. To set the clearance of a subject or the classification of an object






15. Eight bits.






16. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






17. A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.






18. Trading one for another






19. Narrow scope examination of a system






20. Return to a normal state






21. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.






22. A process state - to be either be unable to run waiting for an external event or terminated






23. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






24. A device that converts between digital and analog representation of data.






25. Requirement of access to data for a clearly defined purpose






26. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






27. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.






28. To know more than one job






29. Something that happened






30. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).






31. A basic level of network access control that is based upon information contained in the IP packet header.






32. Pertaining to law - verified as real






33. Interim procedures that may be used by a business unit to enable it to continue to perform its critical functions during temporary unavailability of information and/or resources






34. Employment education done once per position or at significant change of function






35. Memory management technique which allows subjects to use the same resource






36. Just enough access to do the job






37. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things






38. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






39. Momentary loss of power






40. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.






41. A state where two subjects can access the same object without proper mediation






42. A system designed to prevent unauthorized access to or from a private network.






43. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner






44. For PKI - to have more than one person in charge of a sensitive function






45. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






46. The principles a person sets for themselves to follow






47. To reduce sudden rises in current






48. The connection between a wireless and wired network.






49. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






50. A form of data hiding which protects running threads of execution from using each other's memory