Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Demonstrate the actual ability to recover and can verify the compatibility of backup facilities






2. Vehicle stopping object






3. Computing power will double every 18 months

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


4. Individuals and departments responsible for the storage and safeguarding of computerized data.






5. An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business - as well as legal or regulatory impacts.






6. Intermediate level - pertaining to planning






7. A mail server that improperly allows inbound SMTP connections for domains it does not serve.






8. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






9. Reduces causes of fire






10. Forgery of the sender's email address in an email header.






11. Program instructions based upon the CPU's specific architecture






12. Inference about encrypted communications






13. Control category- to restore to a previous state by removing the adversary and or the results of their actions






14. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).






15. To load the first piece of software that starts a computer.






16. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






17. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.






18. Uncheck data input which results in redirection






19. Indivisible - data field must contain only one value that either all transactions take place or none do






20. Creation distribution update and deletion






21. Mediation of subject and object interactions






22. The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.






23. Written step-by-step actions






24. Mediation of covert channels must be addressed






25. System Access - Network Architecture - Network Access - Encryption and Protocols - and Auditing






26. A process state - to be executing a process on the CPU






27. A unit of execution






28. Standard for the establishment - implementation - control - and improvement of the Information Security Management System






29. Threats x Vulnerability x Asset Value = Total Risk






30. To set the clearance of a subject or the classification of an object






31. Converts a high level language into machine language






32. Used to code/decode a digital data stream.






33. A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes.






34. Part of a transaction control for a database which informs the database of the last recorded transaction






35. The process of logging changes or updates to a database since the last full backup. Journals can be used to recover previous versions of a file before updates were made - or to facilitate disaster recovery.






36. Property that data is represented in the same manner at all times






37. Pertaining to law - no omissions






38. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






39. What is will remain - persistence






40. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.






41. Recording activities at the keyboard level






42. Act of scrambling the cleartext message by using a key.






43. A group or network of honeypots






44. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






45. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






46. Just enough access to do the job






47. Control category- to discourage an adversary from attempting to access






48. Adversary intercepts encrypted communications - decrypts - views - encrypts - and send along to the true destination






49. One of the most important first steps in the planning development. Qualitative and quantitative data needs to be gathered - analyzed - interpreted and presented to management






50. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.