SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Ensure that transmitted information can be attributed to the named sender.
Power surge/over voltage (spike)
Equal error rate (EER)
Digital signatures
Encryption
2. All within the responsibility of the information security manager.
Platform security - intrusion detection and antivirus controls
All personnel
Skills inventory
Role-based policy
3. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.
Its ability to reduce or eliminate business risks
Risk management and the requirements of the organization
Transferred risk
Breakeven point of risk reduction and cost
4. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Knowledge management
Data owners
Residual risk
Multinational organization
5. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
The data owner
The awareness and agreement of the data subjects
Total cost of ownership (TCO)
SWOT analysis
6. Only valid if assets have first been identified and appropriately valued.
Platform security - intrusion detection and antivirus controls
Control risk
Annual loss expectancy (ALE)calculations
Identify the relevant systems and processes
7. Useful but only with regard to specific technical skills.
Cross-site scripting attacks
Proficiency testing
Penetration testing
Requirements of the data owners
8. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Creation of a business continuity plan
Detection defenses
Worm
Audit objectives
9. A risk assessment should be conducted _________________.
Data owners
Do with the information it collects
Applying the proper classification to the data
Annually or whenever there is a significant change
10. Applications cannot access data associated with other apps
The information security officer
Notifications and opt-out provisions
Data isolation
Creation of a business continuity plan
11. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Data classification
Risk management and the requirements of the organization
Consensus on risks and controls
Virus detection
12. It is easier to manage and control a _________________.
Data classification
Centralized structure
Transmit e-mail messages
Methodology used in the assessment
13. Without _____________________ - there cannot be accountability.
Monitoring processes
Well-defined roles and responsibilities
Asset classification
Control risk
14. Someone who uses the internet or network to destroy or damage computers for political reasons
Stress testing
Audit objectives
Waterfall chart
Cyber terrorist
15. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
The awareness and agreement of the data subjects
Lack of change management
Continuous analysis - monitoring and feedback
Return on security investment (ROSI)
16. Primarily reduce risk and are most effective for the protection of information assets.
Key controls
Spoofing attacks
Impractical and is often cost-prohibitive
Increase business value and confidence
17. S small warehouse - designed for the end-user needs in a strategic business unit
Audit objectives
The database administrator
Data mart
Key risk indicator (KRI) setup
18. Utility program that detects and protects a personal computer from unauthorized intrusions
Applying the proper classification to the data
Personal firewall
Security awareness training for all employees
Cryptographic secure sockets layer (SSL) implementations and short key lengths
19. Risk should be reduced to a level that an organization _____________.
Encryption of the hard disks
Certificate authority (CA)
Is willing to accept
Conduct a risk assessment
20. provides the most effective protection of data on mobile devices.
Role-based access control
Encryption key management
Encryption
Protective switch covers
21. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Access control matrix
Assess the risks to the business operation
Acceptable use policies
Undervoltage (brownout)
22. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Phishing
The board of directors and senior management
Its ability to reduce or eliminate business risks
Methodology used in the assessment
23. A function of the session keys distributed by the PKI.
0-day vulnerabilities
Asset classification
Confidentiality
Negotiating a local version of the organization standards
24. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Deeper level of analysis
Key risk indicator (KRI) setup
Patch management
Residual risk would be reduced by a greater amount
25. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
What happened and how the breach was resolved
Key controls
include security responsibilities in a job description
Role-based access control
26. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Service level agreements (SLAs)
Continuous monitoring control initiatives
Centralization of information security management
Undervoltage (brownout)
27. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Protective switch covers
Key controls
Data classification
Tailgating
28. Normally addressed through antivirus and antispyware policies.
Continuous analysis - monitoring and feedback
MAL wear
Malicious software and spyware
People
29. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Compliance with the organization's information security requirements
Data mart
Certificate authority (CA)
Inherent risk
30. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Patch management
Attributes and characteristics of the 'desired state'
Defining high-level business security requirements
Continuous analysis - monitoring and feedback
31. Occurs when the electrical supply drops
A network vulnerability assessment
Undervoltage (brownout)
The authentication process is broken
Well-defined roles and responsibilities
32. Provides process needs but not impact.
Audit objectives
Patch management process
Resource dependency assessment
Security risk
33. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Strategic alignment of security with business objectives
Digital signatures
Patch management process
Information contained on the equipment
34. Provides strong online authentication.
Public key infrastructure (PKI)
Digital certificate
Asset classification
Breakeven point of risk reduction and cost
35. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Use of security metrics
Patch management
The authentication process is broken
Control effectiveness
36. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Security baselines
Continuous analysis - monitoring and feedback
Penetration testing
Protective switch covers
37. The PRIMARY goal in developing an information security strategy is to: _________________________.
Tailgating
Support the business objectives of the organization
Attributes and characteristics of the 'desired state'
Stress testing
38. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Conduct a risk assessment
Use of security metrics
Retention of business records
All personnel
39. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Aligned with organizational goals
The board of directors and senior management
Penetration testing
Classification of assets needs
40. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Annual loss expectancy (ALE)calculations
Malicious software and spyware
Platform security - intrusion detection and antivirus controls
Increase business value and confidence
41. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Fault-tolerant computer
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Defined objectives
Decentralization
42. Awareness - training and physical security defenses.
Performing a risk assessment
Logon banners
Annually or whenever there is a significant change
Examples of containment defenses
43. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Identify the relevant systems and processes
Increase business value and confidence
Digital certificate
Asset classification
44. Culture has a significant impact on how information security will be implemented in a ______________________.
Information security manager
The information security officer
Control effectiveness
Multinational organization
45. BEST option to improve accountability for a system administrator is to _____________________.
Breakeven point of risk reduction and cost
Rule-based access control
include security responsibilities in a job description
Cross-site scripting attacks
46. Has full responsibility over data.
Role-based policy
Confidentiality
Centralized structure
The data owner
47. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
48. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
People
Security risk
Deeper level of analysis
Biometric access control systems
49. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
The board of directors and senior management
Gain unauthorized access to applications
Creation of a business continuity plan
Owner of the information asset
50. A notice that guarantees a user or a web site is legitimate
Digital certificate
Internal risk assessment
OBusiness case development
Negotiating a local version of the organization standards