Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?






2. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks






3. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






4. Descrambling the encrypted message with the corresponding key






5. A set of laws that the organization agrees to be bound by






6. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.






7. A test conducted on one or more components of a plan under actual operating conditions.






8. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.






9. Impossibility of denying authenticity and identity






10. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






11. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






12. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions






13. The guardian of asset(s) - a maintenance activity






14. More than one CPU on a single board






15. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






16. The least formatted and therefore most portable form of text for computerized documents. ASCII files are often called plaintext files.






17. To jump to a conclusion






18. Act of scrambling the cleartext message by using a key.






19. Using many alphabets






20. Some systems are actually run at the alternate site






21. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






22. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.






23. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.






24. Unsolicited commercial email






25. Written suggestions that direct choice to a few alternatives






26. Regular operations are stopped and where processing is moved to the alternate site.






27. Individuals and departments responsible for the storage and safeguarding of computerized data.






28. Potentially retrievable data residue that remains following intended erasure of data.






29. A backup type - for databases at a point in time






30. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.






31. Inappropriate data






32. A process state - (blocked) needing input before continuing






33. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)






34. Those who initiate the attack






35. The partial or full duplication of data from a source database to one or more destination databases.






36. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.






37. Objects or programming that looks the different but act same






38. Organized group of compromised computers






39. A planned or unplanned interruption in system availability.






40. Control category- to restore to a previous state by removing the adversary and or the results of their actions






41. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.






42. Business and technical process of applying security software updates in a regulated periodic way






43. Location to perform the business function






44. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






45. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






46. Communicate to stakeholders






47. Responsibility for actions






48. Record of system activity - which provides for monitoring and detection.






49. Intellectual property management technique for identifying after distribution






50. Potential danger to information or systems