Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Long term knowledge building






2. Robust project management process of new systems with at least the following phases: design and development - production - distribution - operation - maintenance - retirement - and disposal






3. Actions measured against either a policy or what a reasonable person would do






4. A description of a database






5. System of law based upon what is good for society






6. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






7. People protect their domain






8. High degree of visual control






9. A back up type - where the organization has excess capacity in another location.






10. A software design technique for abstraction of a process






11. One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions






12. To reduce sudden rises in current






13. Amount of time for restoring a business process or function to normal operations without major loss






14. Asymmetric encryption of a hash of message






15. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.






16. Line noise that is superimposed on the supply circuit.






17. Uncheck data input which results in redirection






18. Return to a normal state






19. A type of attack involving attempted insertion - deletion or altering of data.






20. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






21. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






22. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






23. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






24. Unauthorized wireless network access device.






25. Total number of keys available that may be selected by the user of a cryptosystem






26. Use of specialized techniques for recovery - authentication - and analysis of electronic data






27. A planned or unplanned interruption in system availability.






28. A race condition where the security changes during the object's access






29. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






30. The core of a computer that calculates






31. Object based description of a system or a collection of resources






32. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






33. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.






34. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






35. Requirement of access to data for a clearly defined purpose






36. Intellectual property protection for an confidential and critical process






37. Individuals and departments responsible for the storage and safeguarding of computerized data.






38. Potentially retrievable data residue that remains following intended erasure of data.






39. Identification and notification of an unauthorized and/or undesired action






40. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






41. A signal suggesting a system has been or is being attacked.






42. A template for the designing the architecture






43. Uses two or more legal systems






44. A condition in which neither party is willing to stop their activity for the other to complete






45. Event(s) that cause harm






46. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services






47. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






48. Natural or human-readable form of message






49. Outputs within a given function are the same result






50. Summary of a communication for the purpose of integrity