Test your basic knowledge |

CISSP Certified Information Systems Security Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To evaluate the current situation and make basic decisions as to what to do






2. Potentially compromising leakage of electrical or acoustical signals.






3. Something that happened






4. Transaction controls for a database - a return to a previous state






5. A form of data hiding which protects running threads of execution from using each other's memory






6. Of a system without prior knowledge by the tester or the tested






7. The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity






8. The current internationally accepted set of standards and processes for information security products evaluation and assurance - which joins function and assurance requirements






9. Individuals - normally managers or directors - who have responsibility .for the integrity - accurate reporting and use of computerized data.






10. A description of a database






11. Executive responsibilities of goal setting - delegation - and verification - based upon the mission.






12. Code breaking - practice of defeating the protective properties of cryptography.






13. Code making






14. To stop damage from spreading






15. Memory management technique which allows subjects to use the same resource






16. Share security concerns with embedded devices - Often security has been scarified for richer user experience during low power - Prime target for data loss as they transmit and store information in ways that can't be controlled.






17. Copies of the plan are handed out to each functional area to ensure the plan properly deals with the area's needs and vulnerabilities






18. Written step-by-step actions






19. Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization






20. A failure of an IDS to detect an actual attack






21. Server optimized for providing file-based data storage to the network. Unlike a File Server - a NAS unit has no input or output devices - and the OS is dedicated for providing storage services.






22. High frequency noise






23. The chance that something negative will occur






24. Memory management technique which allows data to be moved from one memory address to another






25. An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.






26. Only the key protects the encrypted information

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


27. Malware that makes small random changes to many data points






28. Requires two of the three user authentication attributes (knows - is or has) - e.g. you have an ATM card and enter a PIN






29. OOP concept of a distinct copy of the class






30. Information residing on computer systems - that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion - modification or reconstruction.






31. A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.






32. A computer designed for the purpose of studying adversaries






33. Wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time - usually a fine is paid






34. The study of cryptography and cryptanalysis






35. Pertaining to law - no omissions






36. An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed - resources are allocated and - recovery and continuity strategies and procedures are completed and tested.






37. Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.






38. For PKI - to have more than one person in charge of a sensitive function






39. More than one processor sharing same memory - also know as parallel systems






40. Subset of operating systems components dedicated to protection mechanisms






41. The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.






42. A. Common Combustibles B. Liquid C. Electrical D Combustible Metals






43. Descrambling the encrypted message with the corresponding key






44. Information that - if made public or even shared around the organization - could seriously impede the organization's operations






45. Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.






46. Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.






47. A signal suggesting a system has been or is being attacked.






48. A physical enclosure for verifying identity before entry to a facility






49. Electronically forwarding backup data to an offsite server or storage facility. Vaulting eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.






50. A tag of three or four letters - preceded by a period - which identifies a data file's format or the application used to create the file.