Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A condition in which neither party is willing to stop their activity for the other to complete






2. Minimal Protection - and is used for systems that were evaluated but failed to meet the criteria for higher divisions






3. A backup of data located where staff can not gain access readily and a regional disaster will not cause harm






4. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities






5. Computing power will double every 18 months

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


6. Methodical research of an incident with the purpose of finding the root cause






7. Recovery alternative - complete duplication of services including personnel






8. To reduce sudden rises in current






9. To be admissible in court they have to be made and collected in the normal course of business - not specially generated for a case in court. They can easily be considered hearsay if no firsthand proof of their accuracy and reliability exists






10. A programming device use in development to circumvent controls






11. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






12. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.






13. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






14. Object reuse protection and auditing






15. A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.






16. Information which has retained its importance - but which has been created or stored by software/hardware that has been rendered obsolete.






17. OOP concept of a distinct copy of the class






18. Specific format of technical and physical controls that support the chosen framework and the architecture






19. Recovery alternative which outsources a business function at a cost






20. Dictate that data collected by govt. agencies must be collected fairly and lawfully - must be used only for the purpose for which they were collected - must only be held for a reasonable amount of time - and must be accurate and timely.






21. Mediates communication between un-trusted hosts on behalf of the hosts that it protects.






22. Mitigate damage by isolating compromised systems from the network.






23. Unsolicited commercial email






24. Subjects will not interact with each other's objects






25. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data






26. To move from location to location - keeping the same function






27. Potentially compromising leakage of electrical or acoustical signals.






28. The hard drive






29. Uses two or more legal systems






30. uropean standard for IT security criteria. Wasn't universally adopted. - Consists of four components:1. "Security Target" 2. "Target of Evaluation" or ToE. 3. Functional Levels. 4. Assurance Levels.






31. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.






32. A design methodology which addresses risk early and often






33. Another subject cannot see an ongoing or pending update until it is complete






34. An index entry in the directory of any storage medium that identifies the space on the medium in which an electronic document resides - thereby preventing that space from being overwritten by other data.






35. The chance that something negative will occur






36. A control before attack






37. A collection of data or information that has a name






38. An alert or alarm that is triggered when no actual attack has taken place






39. Those who initiate the attack






40. Process of planning for and/or implementing procedures for the repair or relocation of the primary site and its contents - and for the restoration of normal operations at the primary site.






41. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






42. Individuals and departments responsible for the storage and safeguarding of computerized data.






43. A committee of decision makers - business owners - technology experts and continuity professionals - tasked with making strategic recovery and continuity planning decisions for the organization.






44. Redundant component that provides failover capability in the event of failure or interruption of a primary component.






45. Record of system activity - which provides for monitoring and detection.






46. To execute more than one instruction at an instant in time






47. A unit of execution






48. The guardian of asset(s) - a maintenance activity






49. A mobilized resource purchased or contracted for the purpose of business recovery.






50. More than one process in the middle of executing at a time