Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.






2. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.






3. Normally addressed through antivirus and antispyware policies.






4. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are






5. A process that helps organizations manipulate important knowledge that is part of the orgs. memory






6. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network






7. Culture has a significant impact on how information security will be implemented in a ______________________.






8. Should PRIMARILY be based on regulatory and legal requirements.






9. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.






10. All within the responsibility of the information security manager.






11. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee






12. The MOST useful way to describe the objectives in the information security strategy is through ______________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


13. Computer that has duplicate components so it can continue to operate when one of its main components fail






14. Responsible for securing the information.






15. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.






16. Company or person you believe will not send a virus-infect file knowingly






17. Should be determined from the risk assessment results.






18. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.






19. Identification and _______________ of business risk enables project managers to address areas with most significance.






20. Focuses on identifying vulnerabilities.






21. Involves the correction of software weaknesses and would necessarily follow change management procedures.






22. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance






23. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability






24. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.






25. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.






26. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.






27. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.






28. S small warehouse - designed for the end-user needs in a strategic business unit






29. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


30. The most important characteristic of good security policies is that they be ____________________.






31. By definition are not previously known and therefore are undetectable.






32. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.






33. Would protect against spoofing an internal address but would not provide strong authentication.






34. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree






35. Ensures that there are no scalability problems.






36. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing






37. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.






38. Inject malformed input.






39. The best measure for preventing the unauthorized disclosure of confidential information.






40. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.






41. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.






42. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.






43. Cannot be minimized






44. BEST option to improve accountability for a system administrator is to _____________________.






45. A Successful risk management should lead to a ________________.






46. A repository of historical data organized by subject to support decision makers in the org






47. Has to be integrated into the requirements of every software application's design.






48. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.






49. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.






50. To identify known vulnerabilities based on common misconfigurations and missing updates.