Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An availability attack - to consume resources to the point of exhaustion






2. A computer designed for the purpose of studying adversaries






3. Fault tolerance for power






4. The managerial approval to operate a system based upon knowledge of risk to operate






5. Collection of data on business functions which determines the strategy of resiliency






6. System directed mediation of access with labels






7. Disk space it used to occupy has been designated by the computer as available for reuse. The deleted file remains intact until it has been overwritten with a new file.






8. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






9. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services






10. High level - pertaining to planning






11. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code






12. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






13. Uncleared buffers or media






14. Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective






15. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






16. Memory management technique which allows data to be moved from one memory address to another






17. To smooth out reductions or increases in power






18. Planning for the delegation of authority required when decisions must be made without the normal chain of command






19. Guidelines within an organization that control the rules and configurations of an IDS






20. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.






21. Using small special tools all tumblers of the lock are aligned - opening the door






22. One way encryption






23. System of law based upon what is good for society






24. Employment education done once per position or at significant change of function






25. Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).






26. A set of best practices for programmers to seek in all application or data base design: Atomicity - Consistency - Isolation - Durability






27. Define the way in which the organization operates.






28. Initial surge of current






29. To collect many small pieces of data






30. Data or interference that can trigger a false positive






31. Computing power will double every 18 months

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


32. With enough computing power trying all possible combinations






33. Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system.






34. Controls for termination of attempt to access object






35. System of law based upon precedence - with major divisions of criminal - tort - and administrative






36. Mathematical function that determines the cryptographic operations






37. Moving the alphabet intact a certain number spaces






38. Autonomous malware that requires a flaw in a service






39. Malware that makes many small changes over time to a single data point or system






40. The partial or full duplication of data from a source database to one or more destination databases.






41. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)






42. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities






43. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.






44. The study of cryptography and cryptanalysis






45. Interception of a communication session by an attacker.






46. Mediation of subject and object interactions






47. A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet.






48. Use of specialized techniques for recovery - authentication - and analysis of electronic data






49. A database backup type which records at the transaction level






50. Continuous surveillance - to provide for detection and response of any failure in preventive controls.