SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
The awareness and agreement of the data subjects
Safeguards over keys
Trojan horse
Strategic alignment of security with business objectives
2. Awareness - training and physical security defenses.
The database administrator
The information security officer
Examples of containment defenses
Key controls
3. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
Trojan horse
Encryption of the hard disks
Rule-based access control
Tie security risks to key business objectives
4. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
5. A key indicator of performance measurement.
Penetration testing
Protective switch covers
include security responsibilities in a job description
Strategic alignment of security with business objectives
6. A repository of historical data organized by subject to support decision makers in the org
Protective switch covers
Data warehouse
Encryption
OBusiness case development
7. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Calculating the value of the information or asset
Asset classification
Virus detection
Baseline standard and then develop additional standards
8. Normally addressed through antivirus and antispyware policies.
Assess the risks to the business operation
Compliance with the organization's information security requirements
Detection defenses
Malicious software and spyware
9. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Comparison of cost of achievement
Transferred risk
Certificate authority (CA)
Control risk
10. Should be performed to identify the risk and determine needed controls.
Process of introducing changes to systems
Total cost of ownership (TCO)
Defining and ratifying the classification structure of information assets
Internal risk assessment
11. Accesses a computer or network illegally
Equal error rate (EER)
Two-factor authentication
Its ability to reduce or eliminate business risks
Cracker
12. Risk should be reduced to a level that an organization _____________.
Negotiating a local version of the organization standards
Normalization
Is willing to accept
A network vulnerability assessment
13. Inject malformed input.
Fault-tolerant computer
Cross-site scripting attacks
The balanced scorecard
Increase business value and confidence
14. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Data classification
Residual risk
Role-based policy
Single sign-on (SSO) product
15. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Performing a risk assessment
Annually or whenever there is a significant change
Encryption of the hard disks
Consensus on risks and controls
16. Responsible for securing the information.
Rule-based access control
Safeguards over keys
The data custodian
Tie security risks to key business objectives
17. Useful but only with regard to specific technical skills.
Proficiency testing
Knowledge management
Security code reviews for the entire software application
Protective switch covers
18. The MOST important element of an information security strategy.
Process of introducing changes to systems
The board of directors and senior management
Defined objectives
Equal error rate (EER)
19. Primarily reduce risk and are most effective for the protection of information assets.
The balanced scorecard
Phishing
Key controls
Overall organizational structure
20. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Transmit e-mail messages
Encryption of the hard disks
Annually or whenever there is a significant change
Decentralization
21. When the ________________ is more than the cost of the risk - the risk should be accepted.
Cost of control
Data mart
Tailgating
IP address packet filtering
22. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Script kiddie
Methodology used in the assessment
The database administrator
Encryption
23. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
All personnel
Regulatory compliance
Centralization of information security management
Alignment with business strategy
24. A method for analyzing and reducing a relational database to its most streamlined form
Normalization
Inherent risk
Confidentiality
Data owners
25. Without _____________________ - there cannot be accountability.
Total cost of ownership (TCO)
Well-defined roles and responsibilities
Lack of change management
The board of directors and senior management
26. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Residual risk would be reduced by a greater amount
BIA (Business Impact Assessment
Lack of change management
Encryption of the hard disks
27. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Role-based policy
Its ability to reduce or eliminate business risks
0-day vulnerabilities
All personnel
28. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Security awareness training for all employees
Control risk
Lack of change management
Aligned with organizational goals
29. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
People
Tie security risks to key business objectives
Audit objectives
Cross-site scripting attacks
30. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Single sign-on (SSO) product
Malicious software and spyware
Confidentiality
Cyber extortionist
31. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Cracker
Baseline standard and then develop additional standards
Worm
Transmit e-mail messages
32. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
BIA (Business Impact Assessment
Multinational organization
Certificate authority (CA)
The data custodian
33. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Notifications and opt-out provisions
Security risk
Key risk indicator (KRI) setup
Impractical and is often cost-prohibitive
34. Applications cannot access data associated with other apps
Data isolation
Knowledge management
BIA (Business Impact Assessment
Stress testing
35. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
Risk appetite
Performing a risk assessment
Cyber terrorist
The data custodian
36. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
Safeguards over keys
OBusiness case development
Rule-based access control
Encryption key management
37. Same intent as a cracker but does not have the technical skills and knowledge
Public key infrastructure (PKI)
Penetration testing
Residual risk would be reduced by a greater amount
Script kiddie
38. Occurs when the electrical supply drops
Countermeasure cost-benefit analysis
Personal firewall
Undervoltage (brownout)
Total cost of ownership (TCO)
39. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Owner of the information asset
Inherent risk
Security awareness training for all employees
Data classification
40. Someone who accesses a computer or network illegally
Hacker
Information security manager
Security risk
Knowledge management
41. An information security manager has to impress upon the human resources department the need for _____________________.
Multinational organization
Applying the proper classification to the data
Security awareness training for all employees
Owner of the information asset
42. Provides process needs but not impact.
Do with the information it collects
Attributes and characteristics of the 'desired state'
Monitoring processes
Resource dependency assessment
43. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Information contained on the equipment
Risk management and the requirements of the organization
Two-factor authentication
Spoofing attacks
44. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Aligned with organizational goals
Countermeasure cost-benefit analysis
Process of introducing changes to systems
Defining high-level business security requirements
45. By definition are not previously known and therefore are undetectable.
Developing an information security baseline
Support the business objectives of the organization
Well-defined roles and responsibilities
0-day vulnerabilities
46. Focuses on identifying vulnerabilities.
People
Penetration testing
Gain unauthorized access to applications
Alignment with business strategy
47. The information security manager needs to prioritize the controls based on ________________________.
Risk management and the requirements of the organization
Phishing
Cyber extortionist
Residual risk would be reduced by a greater amount
48. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Residual risk
Fault-tolerant computer
Waterfall chart
Intrusion detection system (IDS)
49. Whenever personal data are transferred across national boundaries; ________________________ are required.
Trojan horse
Information contained on the equipment
The awareness and agreement of the data subjects
Applying the proper classification to the data
50. Utility program that detects and protects a personal computer from unauthorized intrusions
The awareness and agreement of the data subjects
Acceptable use policies
Personal firewall
Fault-tolerant computer