Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Final purpose or result






2. Joining two pieces of text






3. Process of identifying the risks to an organization - assessing the critical functions - defining the controls in place to reduce organization exposure and evaluating the cost for such controls.






4. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.






5. Unused storage capacity






6. Hiding the fact that communication has occurred






7. Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.






8. Control category - more than one control on a single asset






9. Communication of a security incident to stakeholders and data owners.






10. Pertaining to law - high degree of veracity






11. A software design technique for abstraction of a process






12. Fault tolerance for power






13. Alerts personnel to the presence of a fire






14. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.






15. To evaluate the current situation and make basic decisions as to what to do






16. A library of commands maintained by a system for other programs to use - provides consistency and integrity for the programs






17. A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack






18. Policy or stated actions






19. Momentary loss of power






20. A list of team members and/or key players to be contacted including their backups. The list will include the necessary contact information (i.e. Home phone - pager - cell - etc.) And in most cases be considered confidential.






21. A test conducted on one or more components of a plan under actual operating conditions.






22. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






23. OOP concept of a taking attributes from the original or parent






24. To stop damage from spreading






25. Unchecked data which spills into another location in memory






26. Review of data






27. Renders the record inaccessible to the database management system






28. A control before attack






29. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






30. A passive network attack involving monitoring of traffic.






31. Periodic - automatic and transparent backup of data in bulk.






32. A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)






33. An access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to the file and what privileges they have - most commonly used in the PC environment (i.e. file permissions).






34. A signal suggesting a system has been or is being attacked.






35. Computing power will double every 18 months

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


36. What is will remain - persistence






37. A technology that reduces the size of a file.






38. Memory management technique which allows data to be moved from one memory address to another






39. Recognition of an individual's assertion of identity.






40. Methodical research of an incident with the purpose of finding the root cause






41. An attack involving the hijacking of a TCP session by predicting a sequence number.






42. Key






43. A documented battle plan for coordinating response to incidents.






44. A document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster or severe outage situation.






45. Actions measured against either a policy or what a reasonable person would do






46. OOP concept of a distinct copy of the class






47. One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all - or most - of the applicable teams.






48. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.






49. A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)






50. Location where coordination and execution of BCP or DRP is directed