Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






2. Pertaining to law - accepted by a court






3. Event(s) that cause harm






4. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






5. Hiding the fact that communication has occurred






6. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






7. Owner directed mediation of access






8. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things






9. An availability attack - to consume resources to the point of exhaustion from multiple vectors






10. Some systems are actually run at the alternate site






11. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?






12. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.






13. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






14. A covert storage channel on the file attribute






15. A temporary public file to inform others of a compromised digital certificate






16. Reduction of voltage by the utility company for a prolonged period of time






17. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






18. Controls for logging and alerting






19. Potential danger to information or systems






20. An unintended communication path






21. Transaction controls for a database - a return to a previous state






22. A Denial of Service attack that floods the target system with connection requests that are not finalized.






23. A programming design concept which abstracts one set of functions from another in a serialized fashion






24. A risk assessment method - measurable real money cost






25. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






26. Induces a crime - tricks a person - and is illegal






27. Hitting a filed down key in a lock with a hammer to open without real key






28. An alert or alarm that is triggered when no actual attack has taken place






29. Recognition of an individual's assertion of identity.






30. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






31. Communication of a security incident to stakeholders and data owners.






32. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






33. A failure of an IDS to detect an actual attack






34. Ertaining to a number system that has just two unique digits.






35. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals






36. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






37. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.






38. Information about data or records






39. When two or more computers are networked together in a LAN situation - one computer may be utilized as a storage location for files for the group.






40. Binary decision by a system of permitting or denying access to the entire system






41. Unchecked data which spills into another location in memory






42. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






43. Specific format of technical and physical controls that support the chosen framework and the architecture






44. System mediation of access with the focus on the context of the request






45. Computing power will double every 18 months

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


46. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






47. A design methodology which executes in a linear one way fashion






48. With enough computing power trying all possible combinations






49. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.






50. The principles a person sets for themselves to follow