Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A layer 3 device that used to connect two or more network segments and regulate traffic.






2. The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster - including personnel - essential records - communication facilities - fax - mail services - etc.






3. A layer 2 device that used to connect two or more network segments and regulate traffic.






4. A trusted issuer of digital certificates






5. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.






6. Control type- that is communication based - typically written or oral






7. People protect their domain






8. Amount of time for restoring a business process or function to normal operations without major loss






9. Impossibility of denying authenticity and identity






10. Subject based description of a system or a collection of resources






11. One way encryption






12. Unsolicited commercial email






13. Long term knowledge building






14. Recording activities at the keyboard level






15. Policy or stated actions






16. High degree of visual control






17. Using small special tools all tumblers of the lock are aligned - opening the door






18. System of law based upon precedence - with major divisions of criminal - tort - and administrative






19. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.






20. The level and label given to an individual for the purpose of compartmentalization






21. Descrambling the encrypted message with the corresponding key






22. Disruption of operation of an electronic device due to a competing electromagnetic field.






23. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.






24. Eavesdropping on network communications by a third party.






25. Hardware or software that is part of a larger system






26. The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.






27. Converts a high level language into machine language






28. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






29. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






30. Uses a role-based method to determine access rights and permissions. Role based access control is based on the user's role and responsibilities within the company.






31. An administrative unit or a group of objects and subjects controlled by one reference monitor






32. Substitution at the word or phrase level






33. Intermediate level - pertaining to planning






34. Use of specialized techniques for recovery - authentication - and analysis of electronic data






35. A perpetrator leaves something behind or takes something with them at the scene of a crime

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


36. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






37. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.






38. Third party processes used to organize the implementation of an architecture






39. A design methodology which addresses risk early and often






40. To set the clearance of a subject or the classification of an object






41. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.






42. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.






43. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






44. Reduces causes of fire






45. Communication of a security incident to stakeholders and data owners.






46. Most granular organization of controls






47. A control after attack






48. Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive






49. To create a copy of data as a precaution against the loss or damage of the original data.






50. It is embedded as part of a complete device often including hardware and mechanical parts - Features a limited OS - Mobile phones - routers and wireless devices take a similar approach - Less than robust security features - Difficult to patch.






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests