Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?






2. Another subject cannot see an ongoing or pending update until it is complete






3. A backup type which creates a complete copy






4. Location to perform the business function






5. Interception of a communication session by an attacker.






6. The technical and risk assesment of a system within the context of the operating environment






7. The chance that something negative will occur






8. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






9. Controls deployed to avert unauthorized and/or undesired actions.






10. An individuals conduct that violates government laws developed to protect the public






11. A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. A contingency plan may use any number of resources (e.e workaround procedures - alternate work area - etc.)






12. Authentication protocol which only uses symmetric session keys between principals distributed by a 3rd party using different preshared symmetric keys






13. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






14. A race condition where the security changes during the object's access






15. A device that provides the functions of both a bridge and a router.






16. A layer 2 device that used to connect two network segments and regulate traffic.






17. To know more than one job






18. An image compression standard for photographs






19. Sphere of influence






20. A hash that has been further encrypted with a symmetric algorithm






21. Specific format of technical and physical controls that support the chosen framework and the architecture






22. Control category- to give instructions or inform






23. Communicate to stakeholders






24. Unsolicited advertising software






25. A cable consisting of a core - inner conductor that is surrounding by an insulator - an outer cylindrical conductor






26. Provides a physical cross connect point for devices.






27. A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.






28. To break a business process into separate functions and assign to different people






29. Claiming another's identity at a physical level






30. Encryption system using a pair of mathematically related unequal keys






31. Recovery alternative - complete duplication of services including personnel






32. A BCP testing type - a test that answers the question: Can the organization operate at the alternate location only?






33. Must be legally permissible - meaning it was seized legally and the chain of custody was not broken. To be admissible in court - it needs to be relevant - sufficient - and reliable.






34. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






35. Only the key protects the encrypted information

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


36. High degree of visual control






37. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).






38. More than one CPU on a single board






39. A mail server that improperly allows inbound SMTP connections for domains it does not serve.






40. System of law based upon what is good for society






41. Potential danger to information or systems






42. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






43. A backup of data located where staff can gain access readily and a localized disaster will not cause harm






44. A backup of data located where staff can gain access immediately






45. Two different keys decrypt the same cipher text






46. Data or interference that can trigger a false positive






47. A state for operating system tasks only






48. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






49. The property that data meet with a priority expectation of quality and that the data can be relied upon.






50. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated