Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A group or network of honeypots






2. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






3. A basic level of network access control that is based upon information contained in the IP packet header.






4. An alert or alarm that is triggered when no actual attack has taken place






5. Someone who wants to cause harm






6. Of a system without prior knowledge by the tester or the tested






7. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.






8. A social engineering attack that uses spoofed email or websites to persuade people to divulge information.






9. Memory management technique which allows data to be moved from one memory address to another






10. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






11. Control category - more than one control on a single asset






12. Unused storage capacity






13. Responsibility for actions






14. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.






15. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






16. People protect their domain






17. An encryption method that has a key as long as the message






18. A mail server that improperly allows inbound SMTP connections for domains it does not serve.






19. An attack that breaks up malicious code into fragments - in an attempt to elude detection.






20. One entity with two competing allegiances






21. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor






22. Deals with discretionary protection






23. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.






24. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






25. A critical event - which - if not handled in an appropriate manner - may dramatically impact an organization's profitability - reputation - or ability to operate.






26. Subject based description of a system or a collection of resources






27. Those who initiate the attack






28. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






29. Computing power will double every 18 months

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


30. A unit of execution






31. A structured group of teams ready to take control of the recovery operations if a disaster should occur.






32. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals






33. Requirement of access to data for a clearly defined purpose






34. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






35. Indivisible - data field must contain only one value that either all transactions take place or none do






36. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due






37. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






38. After being seized - the investigator should make a bit mirror image copy of the storage media before doing anything else.






39. To jump to a conclusion






40. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






41. Inference about encrypted communications






42. Control category- to discourage an adversary from attempting to access






43. Property that data is represented in the same manner at all times






44. Controls deployed to avert unauthorized and/or undesired actions.






45. Dedicated fast memory located on the same board as the CPU






46. To stop damage from spreading






47. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






48. Maintenance procedures outline the process for the review and update of business continuity plans.






49. An asymmetric cryptography mechanism that provides authentication.






50. To ensure that evidence will be admissible in court by showing it was properly controlled and handled before being presented in court