Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Narrow scope examination of a system






2. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






3. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things






4. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






5. A mathematical tool for verifying no unintentional changes have been made






6. The partial or full duplication of data from a source database to one or more destination databases.






7. Reduces causes of fire






8. One of the key benefits of a network is the ability to share files stored on the server among several users.






9. Power surge






10. To break a business process into separate functions and assign to different people






11. One way encryption






12. System directed mediation of access with labels






13. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components






14. Act of luring an intruder and is legal.






15. Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.






16. A electronic attestation of identity by a certificate authority






17. To start business continuity processes






18. Consume resources to a point of exhaustion - loss of availability






19. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities






20. A form of data hiding which protects running threads of execution from using each other's memory






21. Two certificate authorities that trust each other






22. Mediation of covert channels must be addressed






23. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions






24. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.






25. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.






26. The back up of system - application - program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.






27. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)






28. Requirement of access to data for a clearly defined purpose






29. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.






30. Only the key protects the encrypted information

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


31. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






32. Momentary loss of power






33. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.






34. Written suggestions that direct choice to a few alternatives






35. A Denial of Service attack that exploits systems that are not able to handle malicious - overlapping and oversized IP fragments.






36. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






37. A covert storage channel on the file attribute






38. Maximum tolerance for loss of certain business function - basis of strategy






39. A legal enforceable agreement between: two people - two organizations - a person and an organization.






40. Physical description on the exterior of an object that communicates the existence of a label






41. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due






42. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.






43. The level and label given to an individual for the purpose of compartmentalization






44. System mediation of access with the focus on the context of the request






45. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






46. Substitution at the word or phrase level






47. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






48. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data






49. OOP concept of a distinct copy of the class






50. Impossibility of denying authenticity and identity