Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A back up type - where the organization has excess capacity in another location.






2. Those who initiate the attack






3. Prolonged loss of commercial power






4. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).






5. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.






6. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.






7. Determines the impact of the loss of an operational or technological resource. The loss of a system - network or other critical resource may affect a number of business processes.






8. Only the key protects the encrypted information

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


9. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing






10. Security policy - procedures - and compliance enforcement






11. Written internalized or nationalized norms that are internal to an organization






12. Malware that makes many small changes over time to a single data point or system






13. Two certificate authorities that trust each other






14. Unauthorized access of information (e.g. Tapping - sniffing - unsecured wireless communication - emanations)






15. Control category- to record an adversary's actions






16. A secure connection to another network.






17. Responsibility of a user for the actions taken by their account which requires unique identification






18. All of the protection mechanism in a computer system






19. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






20. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






21. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services






22. Controls for logging and alerting






23. Sphere of influence






24. Low level - pertaining to planning






25. To know more than one job






26. An internal list of contact information used for the communication of incident information - designed in a distributed manor so that no one person is responsible for contacting everyone.






27. Eavesdropping on network communications by a third party.






28. Organization way of classifying data by factors such as criticality - sensitivity and ownership.






29. Recovery alternative - complete duplication of services including personnel






30. A programming design philosophy and a type of programming language - which breaks a program into smaller units. Each unit has its own function.






31. Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.






32. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.






33. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






34. A copy of transaction data - designed for querying and reporting






35. Recording the Who What When Where How of evidence






36. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






37. Substitution at the word or phrase level






38. Recovery alternative - short-term - high cost movable processing location






39. Includes identification and collection of the evidence - its storage - preservation - transportation - presentation in court - and return to the owner






40. Unauthorized wireless network access device.






41. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc






42. Intellectual property protection for marketing efforts






43. The study of cryptography and cryptanalysis






44. Regular operations are stopped and where processing is moved to the alternate site.






45. A telephone exchange for a specific office or business.






46. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.






47. An unintended communication path






48. A signal suggesting a system has been or is being attacked.






49. Using many alphabets






50. The response of an organization to a disaster or other significant event that may significantly impact the organization - its people - or its ability to function productively.