Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Computing power will double every 18 months

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

2. A temporary public file to inform others of a compromised digital certificate
Certificate Revocation List (CRL)
Recovery Point Objective (RPO)
Business Continuity Steering Committee
Concatenation

3. Recognition of an individual's assertion of identity.
Risk Mitigation
ISO/IEC 27001
Identification
Running

4. The level and label given to an individual for the purpose of compartmentalization
Incident
Security Clearance
Recovery Period
Business Continuity Steering Committee

5. Periodic - automatic and transparent backup of data in bulk.
Electronic Vaulting
Noise
Radio Frequency Interference (RFI)
Operational Test

6. Unauthorized intrusion - unauthorized alteration or destruction - and using malicious code
3 Types of harm Addressed in computer crime laws
Packet Filtering
Byte
IP Address Spoofing

7. Impossibility of denying authenticity and identity
Need-To-Know
Replication
Packet Filtering
Non-Repudiation

8. A process state - to be executing a process on the CPU
Bumping
Resumption
Running
Access Control

9. A physical enclosure for verifying identity before entry to a facility
Complete
Strategic
Mantrap (Double Door System)
Open Mail Relay Servers

10. Eavesdropping on network communications by a third party.
Chain Of Custody
Tapping
Alternate Site
Cryptanalysis

11. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals
Operating
Workaround Procedures
Hash Function
Fire Classes

12. The principles a person sets for themselves to follow
Active Data
Administrative
Ethics
BCP Testing Drills and Exercises

13. Final purpose or result
Payload
ISO/IEC 27001
Operational Impact Analysis
Virus

14. A secure connection to another network.
Blind Testing
Relocation
Integrated Test
Gateway

15. System mediation of access with the focus on the context of the request
Due Care
Content Dependent Access Control
Data Dictionary
Evidence

16. Not fulfilling legally recognized obligation - failure to conform to a standard of care that results in injury or damage - and proximate causation - not practicing due diligence - or due care - not following prudent person (doing due diligence in due
Civil Or Code Law
Elements of Negligence
Multi-Tasking
Database Shadowing

17. A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Declaration
Logic Bomb
Infrastructure
Centralized Access Control Technologies

18. Recording the Who What When Where How of evidence
Identification
Man-In-The-Middle Attack
TCSEC (Orange Book)
Chain Of Custody

19. Third party processes used to organize the implementation of an architecture
Framework
Voice Over IP (VOIP)
Operational Impact Analysis
Incident

20. Planning with a goal of returning to the normal business function
Ethics
Operational Test
Restoration
ISO/IEC 27002

21. Outputs within a given function are the same result
Hub
Event
Threat Agent
Collisions

22. Two certificate authorities that trust each other
Sag/Dip
Cross Certification
Application Programming Interface
Monitor

23. Control category- to discourage an adversary from attempting to access
Intrusion Detection Systems
Confidence Value
Domain
Deterrent

24. Power surge
Proxies
Electrostatic Discharge
Total Risk
Emanations

25. Maximum tolerance for loss of certain business function - basis of strategy
Recovery Time Objectives
Classification
Access Control Matrix
Mirrored Site

26. Indivisible - data field must contain only one value that either all transactions take place or none do
File Server
Operational Test
Atomicity
Watermarking

27. Is secondhand and usually not admissible in court
Hearsay Evidence
Separation Of Duties
Brouter
Workaround Procedures

28. Employment education done once per position or at significant change of function
Security Clearance
Keyed-Hashing For Message Authentication
Mandatory Vacations
Job Training

29. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.
Vital Record
TEMPEST
Risk Assessment
Risk Assessment / Analysis

30. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate
CobiT
Rootkit
Interception
Hearsay

31. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.
Tort
Labeling
Governance
Due Care

32. An attack involving the hijacking of a TCP session by predicting a sequence number.
Data Owner
Intrusion Prevention Systems
Sequence Attacks
Tar Pits

33. Key
Criminal Law
Waterfall
Technical Access Controls
Cryptovariable

34. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.
Rogue Access Points
Pervasive Computing and Mobile Computing Devices
Due Care
Simulation Test

35. Slang for making (burning) a CD-ROM copy of data - whether it is music - software - or other data.
Administrative
Rollback
Burn
Virus

36. A test conducted on a specific component of a plan - in isolation from other components - typically under simulated operating conditions.
Standalone Test
Intrusion Prevention Systems
Hacker
Overlapping Fragment Attack

37. Inappropriate data
Assembler
Malformed Input
Electronic Vaulting
Hearsay Evidence

38. The time period between a disaster and a return to normal functions - during which the disaster recovery plan is employed.
Secondary Storage
Metadata
Salami
Recovery Period

39. Natural occurrence in circuits that are in close proximity
Interference (Noise)
Supervisor Mode (monitor - system - privileged)
Alert/Alarm
Record Level Deletion

40. Requirement to take time off
Remote Journaling
Digital Signature
Common Law
Mandatory Vacations

41. DoS - Spoofing - dictionary - brute force - wardialing
Access Control Attacks
Double Blind Testing
Key Management
Lattice

42. High frequency - highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
Microwave
Change Control
Hub
Incident

43. A perpetrator leaves something behind or takes something with them at the scene of a crime

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

44. Control category- to restore to a previous state by removing the adversary and or the results of their actions
Conflict Of Interest
Corrective
Administrative Law
Authorization

45. Mediation of subject and object interactions
Message Digest
Modification
Access Control
Deletion

46. Review of data
Detective
Watermarking
Spyware
Analysis

47. Pertaining to law - accepted by a court
Time Of Check/Time Of Use
Admissible
Interception
Method

48. Long term knowledge building
Education
State Machine Model
Call Tree
Mirrored Site

49. People protect their domain
Territoriality
Electronic Vaulting
Bridge
Routers

50. A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
Reference Monitor
Source Routing Exploitation
Picking
Admissible