Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Written core statements that rarely change






2. Short period of low voltage.






3. Using small special tools all tumblers of the lock are aligned - opening the door






4. Recovery alternative - short-term - high cost movable processing location






5. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






6. A control after attack






7. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data






8. System directed mediation of access with labels






9. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






10. A technology that reduces the size of a file.






11. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.






12. A database that contains the name - type - range of values - source and authorization for access for each data element






13. An opportunity for a threat to cause loss. (terminology that encompasses many recent risk terms)






14. A back up type - where the organization has excess capacity in another location.






15. Business and technical process of applying security software updates in a regulated periodic way






16. An attack that breaks up malicious code into fragments - in an attempt to elude detection.






17. To stop damage from spreading






18. Abstract and mathematical in nature - defining all possible states - transitions and operations






19. Process whereby data is removed from active files and other data storage structures






20. Controls for termination of attempt to access object






21. Mitigation of system or component loss or interruption through use of backup capability.






22. A type of attack involving attempted insertion - deletion or altering of data.






23. Renders the record inaccessible to the database management system






24. Asymmetric encryption of a hash of message






25. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






26. More than one CPU on a single board






27. RADIUS - TACACS+ - Diameter






28. Location to perform the business function






29. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.






30. Narrow scope examination of a system






31. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






32. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






33. Creation distribution update and deletion






34. The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks






35. A perpetrator leaves something behind or takes something with them at the scene of a crime

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


36. Small data warehouse






37. A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.






38. Specific format of technical and physical controls that support the chosen framework and the architecture






39. A test conducted on multiple components of a plan - in conjunction with each other - typically under simulated operating conditions






40. Security Policy - Personnel Controls - Supervisory Structure - Security Awareness Training - Testing






41. Implementation of operating system protection mechanism - where more sensitive built upon the layering concept






42. A group or network of honeypots






43. Responsibility for actions






44. Someone who wants to cause harm






45. Memory management technique which allows data to be moved from one memory address to another






46. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.






47. To set the clearance of a subject or the classification of an object






48. Control category- to give instructions or inform






49. Granular decision by a system of permitting or denying access to a particular resource on the system






50. A Trojan horse with the express underlying purpose of controlling host from a distance