Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.






2. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






3. People protect their domain






4. More than one processor sharing same memory - also know as parallel systems






5. Potential danger to information or systems






6. Weak evidence






7. One way encryption






8. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






9. Review of data






10. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)






11. Using many alphabets






12. More than one process in the middle of executing at a time






13. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






14. Recovery alternative - everything needed for the business function - except people and last backup






15. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






16. Memory management technique that allows two processes to run concurrently without interaction






17. Records or documents that - if damaged or destroyed - would cause considerable inconvenience and/or require replacement or recreation at considerable expense.






18. A system designed to prevent unauthorized access to or from a private network.






19. Only the key protects the encrypted information

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


20. Standard for the establishment - implementation - control - and improvement of the Information Security Management System






21. A backup type which creates a complete copy






22. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.






23. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






24. High level - pertaining to planning






25. The technical and risk assesment of a system within the context of the operating environment






26. A process state - to be executing a process on the CPU






27. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court






28. Pertaining to law - no omissions






29. Communication of a security incident to stakeholders and data owners.






30. A test conducted on one or more components of a plan under actual operating conditions.






31. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.






32. Written step-by-step actions






33. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.






34. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






35. Interception of a communication session by an attacker.






36. Maintenance procedures outline the process for the review and update of business continuity plans.






37. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.






38. Is secondhand and usually not admissible in court






39. Line noise that is superimposed on the supply circuit.






40. Process whereby data is removed from active files and other data storage structures






41. Low level - pertaining to planning






42. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor






43. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks






44. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.






45. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






46. Substitution at the word or phrase level






47. An availability attack - to consume resources to the point of exhaustion from multiple vectors






48. An administrative unit or a group of objects and subjects controlled by one reference monitor






49. A race condition where the security changes during the object's access






50. Recovery alternative - complete duplication of services including personnel