Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Controls deployed to avert unauthorized and/or undesired actions.






2. Uncleared buffers or media






3. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.






4. Those who initiate the attack






5. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






6. A state for operating system tasks only






7. Moving the alphabet intact a certain number spaces






8. Responsibility of a user for the actions taken by their account which requires unique identification






9. The event signaling an IDS to produce an alarm when no attack has taken place






10. Two different keys decrypt the same cipher text






11. A choice in risk management - to implement a control that limits or lessens negative effects






12. Subset of operating systems components dedicated to protection mechanisms






13. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






14. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






15. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






16. A description of a database






17. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






18. Unchecked data which spills into another location in memory






19. Requirement of access to data for a clearly defined purpose






20. A planned or unplanned interruption in system availability.






21. A backup type which creates a complete copy






22. Provides a physical cross connect point for devices.






23. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






24. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs






25. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.






26. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






27. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities






28. Descrambling the encrypted message with the corresponding key






29. A choice in risk management - to convince another to assume risk - typically by payment






30. A unit of execution






31. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.






32. Vehicle or tool that exploits a weakness






33. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






34. Written suggestions that direct choice to a few alternatives






35. Converts source code to an executable






36. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due






37. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.






38. One entity with two competing allegiances






39. To break a business process into separate functions and assign to different people






40. A database backup type which records at the transaction level






41. A collection of information designed to reduce duplication and increase integrity






42. Malware that subverts the detective controls of an operating system






43. Line noise that is superimposed on the supply circuit.






44. Consume resources to a point of exhaustion - loss of availability






45. False memory reference






46. Third party processes used to organize the implementation of an architecture






47. A legal enforceable agreement between: two people - two organizations - a person and an organization.






48. A perpetrator leaves something behind or takes something with them at the scene of a crime

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


49. Requires security labels for all subjects and devices - the existence of a trusted path - routine covert channel analysis - and provision of separate administrator functionality.






50. Pertaining to law - no omissions