Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security policy - procedures - and compliance enforcement






2. Try a list of words in passwords or encryption keys






3. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.






4. To collect many small pieces of data






5. Pertaining to law - lending it self to one side of an argument






6. One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.






7. Object based description of a single resource and the permission each subject






8. Real-time data backup ( Data Mirroring)






9. Just enough access to do the job






10. Maximum tolerance for loss of certain business function - basis of strategy






11. Control category- to restore to a previous state by removing the adversary and or the results of their actions






12. Small data warehouse






13. A test that answers the questions: Does the organization have the documentation it needs? Can it be located?






14. Property that data is represented in the same manner at all times






15. Binary decision by a system of permitting or denying access to the entire system






16. A physical enclosure for verifying identity before entry to a facility






17. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.






18. Pertaining to law - accepted by a court






19. Computing power will double every 18 months

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


20. Identification and notification of an unauthorized and/or undesired action






21. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






22. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






23. The point in time to which systems and data must be recovered after an outage. (e.g. End of previous day's processing). Rpos are often used as the basis for the development of backup strategies.






24. Recovery alternative - short-term - high cost movable processing location






25. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






26. The risk that remains after management implements internal controls - or some other response to risk - (Threats x Vulnerability x Asset Value) x Controls Gap = Residual Risk






27. Control category - more than one control on a single asset






28. The one person responsible for data - its classification and control setting






29. A practice execution of the plan takes place. A specific scenario is established - and the simulation continues up to the point of actual relocation to the alternate site.






30. Intellectual property protection for an invention






31. A state where two subjects can access the same object without proper mediation






32. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.






33. A telephone exchange for a specific office or business.






34. Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated






35. Use of specialized techniques for recovery - authentication - and analysis of electronic data






36. Object reuse protection and auditing






37. A test conducted on one or more components of a plan under actual operating conditions.






38. Memory management technique that allows two processes to run concurrently without interaction






39. OOP concept of a distinct copy of the class






40. Attempts to assign real and meaningful numbers to all elements of the risk analysis process.






41. Inference about encrypted communications






42. Independent malware that requires user interaction to execute






43. Written suggestions that direct choice to a few alternatives






44. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data






45. Representatives from each functional area or department get together and walk through the plan from beginning to end.






46. Statistical probabilities of a collision are more likely than one thinks






47. Location where coordination and execution of BCP or DRP is directed






48. Communication of a security incident to stakeholders and data owners.






49. To jump to a conclusion






50. A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.