Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A template for the designing the architecture






2. An image compression standard for photographs






3. A layer 3 device that used to connect two or more network segments and regulate traffic.






4. To reduce sudden rises in current






5. To start business continuity processes






6. A technology that reduces the size of a file.






7. Requirement to take time off






8. A basic level of network access control that is based upon information contained in the IP packet header.






9. A simple - inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.






10. Of a system without prior knowledge by the tester or the tested






11. Unchecked data which spills into another location in memory






12. Is secondhand and usually not admissible in court






13. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






14. The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance - which combines function and assurance requirements






15. An event which stops business from continuing.






16. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities






17. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






18. A running key using a random key that is never used again






19. Mathematical function that determines the cryptographic operations






20. Identification and notification of an unauthorized and/or undesired action






21. Potentially retrievable data residue that remains following intended erasure of data.






22. Forgery of the sender's email address in an email header.






23. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.






24. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.






25. A system that enforces an access control policy between two networks.






26. A control before attack






27. A process state - (blocked) needing input before continuing






28. Recovery alternative which includes cold site and some equipment and infrastructure is available






29. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






30. Actions measured against either a policy or what a reasonable person would do






31. A form of data hiding which protects running threads of execution from using each other's memory






32. A protocol for the efficient transmission of voice over the Internet






33. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.






34. Mitigate damage by isolating compromised systems from the network.






35. A signal suggesting a system has been or is being attacked.






36. Recovery alternative - complete duplication of services including personnel






37. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






38. Malware that makes many small changes over time to a single data point or system






39. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management






40. For PKI - decertify an entities certificate






41. Threats x Vulnerability x Asset Value = Total Risk






42. A covert storage channel on the file attribute






43. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






44. An availability attack - to consume resources to the point of exhaustion from multiple vectors






45. Deals with discretionary protection






46. Try a list of words in passwords or encryption keys






47. An unintended communication path






48. A choice in risk management - to convince another to assume risk - typically by payment






49. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.






50. Responsibility of a user for the actions taken by their account which requires unique identification







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests