Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Regular operations are stopped and where processing is moved to the alternate site.






2. Maintenance procedures outline the process for the review and update of business continuity plans.






3. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective






4. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






5. The past U.S. military accepted set of standards and processes for network evaluation and assurance - which combines function and assurance requirements






6. Real-time data backup ( Data Mirroring)






7. One entity with two competing allegiances






8. Calculation encompassing threats - vulnerabilities and assets






9. False memory reference






10. Creation distribution update and deletion






11. Mitigation of spamming and other attacks by delaying incoming connections as long as possible.






12. System of law based upon precedence - with major divisions of criminal - tort - and administrative






13. Renders the record inaccessible to the database management system






14. Low level - pertaining to planning






15. Computing power will double every 18 months

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


16. Firewalls - encryption - and access control lists






17. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






18. Physical description on the exterior of an object that communicates the existence of a label






19. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.






20. Unauthorized access of network devices.






21. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






22. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






23. Deals with discretionary protection






24. Two different keys decrypt the same cipher text






25. A program with an inappropriate second purpose






26. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.






27. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






28. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






29. To smooth out reductions or increases in power






30. Planning for the delegation of authority required when decisions must be made without the normal chain of command






31. The one person responsible for data - its classification and control setting






32. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






33. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






34. The event signaling an IDS to produce an alarm when no attack has taken place






35. Hiding the fact that communication has occurred






36. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






37. Use of specialized techniques for recovery - authentication - and analysis of electronic data






38. To load the first piece of software that starts a computer.






39. Process whereby data is removed from active files and other data storage structures






40. Recovery alternative which includes cold site and some equipment and infrastructure is available






41. A set of laws that the organization agrees to be bound by






42. A system that enforces an access control policy between two networks.






43. Code making






44. Unused storage capacity






45. An attack involving the hijacking of a TCP session by predicting a sequence number.






46. The duplication of data on separate disks in real time to ensure its continuous availability - currency and accuracy. True mirroring will enable a zero recovery point objective.






47. The principles a person sets for themselves to follow






48. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






49. Sudden rise in voltage in the power supply.






50. Malware that makes many small changes over time to a single data point or system