Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When defining the information classification policy - the ___________________ need to be identified.






2. Has to be integrated into the requirements of every software application's design.






3. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information






4. Applications cannot access data associated with other apps






5. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.






6. provides the most effective protection of data on mobile devices.






7. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.






8. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.






9. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability






10. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.






11. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.






12. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.






13. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.






14. Uses security metrics to measure the performance of the information security program.






15. Occurs when the electrical supply drops






16. A notice that guarantees a user or a web site is legitimate






17. Should be performed to identify the risk and determine needed controls.






18. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -






19. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.






20. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee






21. Used to understand the flow of one process into another.






22. A repository of historical data organized by subject to support decision makers in the org






23. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


24. Programs that act without a user's knowledge and deliberately alter a computer's operations






25. Involves the correction of software weaknesses and would necessarily follow change management procedures.






26. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.






27. ecurity design flaws require a ____________________.






28. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.






29. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.






30. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.






31. Oversees the overall classification management of the information.






32. Provides strong online authentication.






33. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.






34. Someone who uses the internet or network to destroy or damage computers for political reasons






35. The PRIMARY goal in developing an information security strategy is to: _________________________.






36. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.






37. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.






38. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'






39. Inject malformed input.






40. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.






41. Reducing risk to a level too small to measure is _______________.






42. An information security manager has to impress upon the human resources department the need for _____________________.






43. New security ulnerabilities should be managed through a ________________.






44. A risk assessment should be conducted _________________.






45. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.






46. Most effective for evaluating the degree to which information security objectives are being met.






47. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.






48. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.






49. A Successful risk management should lead to a ________________.






50. The job of the information security officer on a management team is to ___________________.