Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Employment education done once per position or at significant change of function






2. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.






3. A design methodology which executes in a linear one way fashion






4. To break a business process into separate functions and assign to different people






5. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.






6. The first rating that requires security labels






7. The partial or full duplication of data from a source database to one or more destination databases.






8. Indivisible - data field must contain only one value that either all transactions take place or none do






9. Planning for the delegation of authority required when decisions must be made without the normal chain of command






10. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






11. A device that converts between digital and analog representation of data.






12. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






13. Control category- to record an adversary's actions






14. A layer 2 device that used to connect two or more network segments and regulate traffic.






15. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)






16. Uncheck data input which results in redirection






17. Potential danger to information or systems






18. Reduces causes of fire






19. High frequency noise






20. The managerial approval to operate a system based upon knowledge of risk to operate






21. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






22. Third party processes used to organize the implementation of an architecture






23. Text that does not include special formatting features and therefore can be exchanged and read by most computer systems






24. Recovery alternative which outsources a business function at a cost






25. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






26. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






27. Some systems are actually run at the alternate site






28. Key






29. A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives






30. A type of attack involving attempted insertion - deletion or altering of data.






31. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management






32. Written core statements that rarely change






33. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated






34. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






35. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code






36. Controls deployed to avert unauthorized and/or undesired actions.






37. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






38. Code making






39. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.






40. A electronic attestation of identity by a certificate authority






41. What is will remain - persistence






42. Unsolicited advertising software






43. A copy of transaction data - designed for querying and reporting






44. Process of statistically testing a data set for the likelihood of relevant information.






45. Of a system without prior knowledge by the tester or the tested






46. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.






47. High level design or model with a goal of consistency - integrity - and balance






48. An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.






49. Two different keys decrypt the same cipher text






50. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.