Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.






2. Intellectual property management technique for identifying after distribution






3. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing






4. An exact bit-by-bit copy of the entire physical hard drive or floppy disk - including slack and unallocated space. Only forensic copy quality will hold up in court.






5. A covert storage channel on the file attribute






6. Weakness or flaw in an asset






7. The collection and summation of risk data relating to a particular asset and controls for that asset






8. A perpetrator leaves something behind or takes something with them at the scene of a crime

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


9. An administrative unit or a group of objects and subjects controlled by one reference monitor






10. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






11. Responsibility of a user for the actions taken by their account which requires unique identification






12. A database backup type which records at the transaction level






13. Recovery alternative - everything needed for the business function - except people and last backup






14. Individuals and departments responsible for the storage and safeguarding of computerized data.






15. Short period of low voltage.






16. RADIUS - TACACS+ - Diameter






17. Mathematical function that determines the cryptographic operations






18. Control category - more than one control on a single asset






19. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate






20. The technical and risk assesment of a system within the context of the operating environment






21. A software design technique for abstraction of a process






22. A control after attack






23. Process whereby data is removed from active files and other data storage structures






24. A template for the designing the architecture






25. A database that contains the name - type - range of values - source and authorization for access for each data element






26. A basic level of network access control that is based upon information contained in the IP packet header.






27. Asymmetric encryption of a hash of message






28. Requirement of access to data for a clearly defined purpose






29. System of law based upon what is good for society






30. A design methodology which addresses risk early and often






31. Potential danger to information or systems






32. A disturbance that degrades performance of electronic devices and electronic communications.






33. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






34. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






35. Natural or human-readable form of message






36. Narrow scope examination of a system






37. A unit of execution






38. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.






39. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






40. The process of assessing damage - following a disaster - to computer hardware - vital records - office facilities - etc. And determining what can be salvaged or restored and what must be replaced.






41. Collection of data on business functions which determines the strategy of resiliency






42. Descrambling the encrypted message with the corresponding key






43. False memory reference






44. The connection between a wireless and wired network.






45. Reconnaissance technique - involving automated - brute force identification of potentially vulnerable modems.






46. The process of planning for and/or implementing the restarting of defined business operations following a disaster - usually beginning with the most critical or time-sensitive functions






47. Program that inappropriately collects private data or activity






48. An individuals conduct that violates government laws developed to protect the public






49. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.






50. Used to code/decode a digital data stream.