Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Object based description of a system or a collection of resources






2. People who interact with assets






3. A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.






4. Prolonged loss of commercial power






5. Code making






6. A backup type which creates a complete copy






7. Independent malware that requires user interaction to execute






8. False memory reference






9. A electronic attestation of identity by a certificate authority






10. Only the key protects the encrypted information

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


11. An asymmetric cryptography mechanism that provides authentication.






12. Threats x Vulnerability x Asset Value = Total Risk






13. A choice in risk management - to implement a control that limits or lessens negative effects






14. Line noise that is superimposed on the supply circuit.






15. Individuals and departments responsible for the storage and safeguarding of computerized data.






16. The asynchronous duplication of the production database on separate media to ensure data availability - currency and accuracy. File shadowing can be used as a disaster recovery solution if performed remotely.






17. Used to code/decode a digital data stream.






18. The property that data meet with a priority expectation of quality and that the data can be relied upon.






19. Continuous surveillance - to provide for detection and response of any failure in preventive controls.






20. An access policy that uses a security label system. Users have clearances - and resources have security labels that contain data classifications. MAC compares these two attributes to determine access control capabilies - most commonly used in governm






21. May render the data inaccessible to the application intended to be used in processing the file - but may not actually remove the data






22. With enough computing power trying all possible combinations






23. Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization - community - nation - etc






24. Framework that defines goals for the controls that should be used to properly manage IT - consists of 4 domains: - Plan and Organize - - Acquire and Implement - Deliver and Support - Monitor and Evaluate






25. The event signaling an IDS to produce an alarm when no attack has taken place






26. Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.






27. Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware






28. Hardware or software that is part of a larger system






29. An activity that is performed for the purpose of training and conditioning team members - and improving their performance.






30. DoS - Spoofing - dictionary - brute force - wardialing






31. Vehicle stopping object






32. Weak evidence






33. A sudden - unexpected event requiring immediate action due to potential threat to health and safety - the environment - or property.






34. An encryption method that has a key as long as the message






35. Try a list of words in passwords or encryption keys






36. Control category- to discourage an adversary from attempting to access






37. Potentially compromising leakage of electrical or acoustical signals.






38. Loss would inconvenience the organization but disclosure is unlikely to result in financial loss or serious damage to credibility.






39. Forgery of the sender's email address in an email header.






40. Amount of time for restoring a business process or function to normal operations without major loss






41. Any event - whether anticipated (i.e. - public service strike) or unanticipated (i.e. - blackout) which disrupts the normal course of business operations at an organization location.






42. Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives - including timeframes - technologies - offsite storage - and will ensuretime objectives can be met.






43. The core logic engine of an operating system which almost never changes






44. Alternate facility - other than the primary production site - where duplicated vital records and documentation may be stored for use during disaster recovery.






45. May be responsible for overall recovery of an organization or unit(s).






46. Intellectual property protection for an confidential and critical process






47. An event that triggers an IDS to produce an alarm and react as though a real attack were in progress






48. Less granular organization of controls -






49. Motive - opportunity - and means; when looking for suspects it is important to consider these 3 things






50. The level and label given to an individual for the purpose of compartmentalization