Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Someone who wants to cause harm






2. Layer 1 network device that is used to connect network segments together - but provides no traffic control (a hub).






3. An administrative unit or a group of objects and subjects controlled by one reference monitor






4. Organized group of compromised computers






5. Descrambling the encrypted message with the corresponding key






6. The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.






7. A test conducted on one or more components of a plan under actual operating conditions.






8. Controls for logging and alerting






9. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






10. A backup of data located where staff can gain access readily and a localized disaster will not cause harm






11. To jump to a conclusion






12. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






13. Maintaining full control over requests - implementation - traceability - and proper documentation of changes.






14. Guidelines within an organization that control the rules and configurations of an IDS






15. Responsibility of a user for the actions taken by their account which requires unique identification






16. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






17. Computing power will double every 18 months

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


18. To assert or claim credentialing to an authentication system






19. Need to understand both the assets that need to be protected and management's priorities - Also be prepared to adjust the design over time - and verify the design has been implemented correctly - need to be good negotiator - artist and analyst.






20. A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate






21. The core logic engine of an operating system which almost never changes






22. The core of a computer that calculates






23. Control category- to discourage an adversary from attempting to access






24. A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.






25. Pertaining to law - accepted by a court






26. Sphere of influence






27. Cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components






28. A technology that reduces the size of a file.






29. Potentially compromising leakage of electrical or acoustical signals.






30. Are bound to objects and indicate what subjects can use them - typically kept by a network device (router - switch and so on) to control access to or from the device for a number of services






31. Reduces causes of fire






32. A basic level of network access control that is based upon information contained in the IP packet header.






33. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions






34. Hardware or software that is part of a larger system






35. Notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan.






36. System of law based upon what is good for society






37. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.






38. Recognition of an individual's assertion of identity.






39. Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.






40. Communication of a security incident to stakeholders and data owners.






41. Act of scrambling the cleartext message by using a key.






42. Owner directed mediation of access






43. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






44. The problems solving state - the opposite of supervisor mode






45. Mathematical function that determines the cryptographic operations






46. The chronological sequence of recovery activities - or critical path - that must be followed to resume an acceptable level of operations following a business interruption.






47. Uses two or more legal systems






48. To move from location to location - keeping the same function






49. Binary decision by a system of permitting or denying access to the entire system






50. Someone who want to know how something works - typically by taking it apart