Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.






2. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.






3. Computing power will double every 18 months

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


4. Inference about encrypted communications






5. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






6. Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.






7. Use of specialized techniques for recovery - authentication - and analysis of electronic data






8. Process whereby data is removed from active files and other data storage structures






9. Can be statistical (monitor behavior) or signature based (watch for known attacks)






10. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






11. To start business continuity processes






12. Renders the record inaccessible to the database management system






13. Mediation of covert channels must be addressed






14. A Denial of Service attack that floods the target system with connection requests that are not finalized.






15. Abstract and mathematical in nature - defining all possible states - transitions and operations






16. Individuals and departments responsible for the storage and safeguarding of computerized data.






17. A basic level of network access control that is based upon information contained in the IP packet header.






18. Using small special tools all tumblers of the lock are aligned - opening the door






19. Firewalls - encryption - and access control lists






20. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.






21. The past internationally accepted set of standards and processes for information security products evaluation and assurance - which separates function and assurance requirements






22. The managerial approval to operate a system based upon knowledge of risk to operate






23. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






24. Act of luring an intruder and is legal.






25. A programming device use in development to circumvent controls






26. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.






27. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






28. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.






29. The process of identifying - accessing - reducing risk to an acceptable level - and implementing the right countermeasure to maintain that level of risk






30. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






31. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?






32. Control category- to give instructions or inform






33. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






34. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






35. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






36. A system that enforces an access control policy between two networks.






37. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






38. Record of system activity - which provides for monitoring and detection.






39. Unused storage capacity






40. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.






41. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






42. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






43. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services






44. Controls for termination of attempt to access object






45. Measures followed to restore critical functions following a security incident.






46. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






47. Subjects will not interact with each other's objects






48. The study of cryptography and cryptanalysis






49. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






50. What is will remain - persistence







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests