Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Method for determine functions - identifying function failure - assessing it - and were failure is most likely to occur






2. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.






3. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data






4. Most granular organization of controls






5. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc






6. Responsibility for actions






7. Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.






8. Binary decision by a system of permitting or denying access to the entire system






9. To break a business process into separate functions and assign to different people






10. The connection between a wireless and wired network.






11. Intellectual property management technique for identifying after distribution






12. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.






13. Part of a transaction control for a database which informs the database of the last recorded transaction






14. One method of testing a specific component of a plan. Typically - a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.






15. A choice in risk management - to convince another to assume risk - typically by payment






16. The event signaling an IDS to produce an alarm when no attack has taken place






17. A set of laws that the organization agrees to be bound by






18. A failure of an IDS to detect an actual attack






19. Companies should have their own team - made up of ppl from management - IT leagal - HR - and public relations - security and other key areas






20. A backup of data located where staff can gain access readily and a localized disaster will not cause harm






21. A process state - (blocked) needing input before continuing






22. Impossibility of denying authenticity and identity






23. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






24. Unsolicited advertising software






25. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.






26. Searching for wireless networks in a moving car.






27. A description of a database






28. Use of a backup server(s) to protect information and essential processes in the event of a primary system failure.






29. To stop damage from spreading






30. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.






31. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






32. Pertaining to law - lending it self to one side of an argument






33. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






34. Third party processes used to organize the implementation of an architecture






35. Written suggestions that direct choice to a few alternatives






36. A one way - directed graph which indicates confidentiality or integrity flow






37. Mediation of subject and object interactions






38. A type a computer memory that temporarily stores frequently used information for quick access.






39. Pertaining to law - accepted by a court






40. For PKI - decertify an entities certificate






41. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.






42. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






43. Written core statements that rarely change






44. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.






45. Short period of low voltage.






46. A system that enforces an access control policy between two networks.






47. To jump to a conclusion






48. A trusted issuer of digital certificates






49. Computing power will double every 18 months

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


50. The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.