SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. S small warehouse - designed for the end-user needs in a strategic business unit
Trojan horse
Data mart
Certificate authority (CA)
Knowledge management
2. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Virus
Key risk indicator (KRI) setup
Consensus on risks and controls
Role-based access control
3. Normally addressed through antivirus and antispyware policies.
Internal risk assessment
Defining and ratifying the classification structure of information assets
Information security manager
Malicious software and spyware
4. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Digital certificate
SWOT analysis
Transmit e-mail messages
Single sign-on (SSO) product
5. Identification and _______________ of business risk enables project managers to address areas with most significance.
The data custodian
Use of security metrics
Prioritization
Retention of business records
6. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Detection defenses
Classification of assets needs
Get senior management onboard
Data isolation
7. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Developing an information security baseline
Strategic alignment of security with business objectives
Regulatory compliance
Its ability to reduce or eliminate business risks
8. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
9. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Digital certificate
Defining high-level business security requirements
0-day vulnerabilities
Skills inventory
10. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Creation of a business continuity plan
Logon banners
Strategic alignment of security with business objectives
Transmit e-mail messages
11. Occurs when the incoming level
Tie security risks to key business objectives
Retention of business records
People
Power surge/over voltage (spike)
12. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Owner of the information asset
The board of directors and senior management
Security code reviews for the entire software application
Residual risk
13. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Centralization of information security management
Multinational organization
Service level agreements (SLAs)
Attributes and characteristics of the 'desired state'
14. provides the most effective protection of data on mobile devices.
Encryption
The awareness and agreement of the data subjects
Identify the relevant systems and processes
Certificate authority (CA)
15. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Identify the relevant systems and processes
Information contained on the equipment
SWOT analysis
Support the business objectives of the organization
16. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Identify the relevant systems and processes
Key controls
Waterfall chart
Background checks of prospective employees
17. Oversees the overall classification management of the information.
Gain unauthorized access to applications
Single sign-on (SSO) product
Confidentiality
The information security officer
18. A key indicator of performance measurement.
IP address packet filtering
Strategic alignment of security with business objectives
Continuous analysis - monitoring and feedback
Assess the risks to the business operation
19. BEST option to improve accountability for a system administrator is to _____________________.
Owner of the information asset
Tailgating
include security responsibilities in a job description
Negotiating a local version of the organization standards
20. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Centralized structure
Prioritization
Its ability to reduce or eliminate business risks
Control effectiveness
21. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
The database administrator
Information security manager
Risk assessment - evaluation and impact analysis
Gain unauthorized access to applications
22. A notice that guarantees a user or a web site is legitimate
Risk appetite
Digital certificate
The board of directors and senior management
Background check
23. An information security manager has to impress upon the human resources department the need for _____________________.
Power surge/over voltage (spike)
Security awareness training for all employees
Reduce risk to an acceptable level
Hacker
24. Provides strong online authentication.
Public key infrastructure (PKI)
0-day vulnerabilities
Well-defined roles and responsibilities
Cost of control
25. Reducing risk to a level too small to measure is _______________.
Access control matrix
Biometric access control systems
Trusted source
Impractical and is often cost-prohibitive
26. Applications cannot access data associated with other apps
Calculating the value of the information or asset
Key controls
Data isolation
Developing an information security baseline
27. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Confidentiality
Process of introducing changes to systems
Encryption key management
Transmit e-mail messages
28. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
The authentication process is broken
Security code reviews for the entire software application
Data owners
Data mart
29. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Security awareness training for all employees
Access control matrix
include security responsibilities in a job description
Cryptographic secure sockets layer (SSL) implementations and short key lengths
30. Ensures that there are no scalability problems.
Key controls
Stress testing
Regular review of access control lists
Detection defenses
31. A function of the session keys distributed by the PKI.
Digital signatures
Information contained on the equipment
Confidentiality
Malicious software and spyware
32. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Risk management and the requirements of the organization
Control effectiveness
Get senior management onboard
Key risk indicator (KRI) setup
33. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Centralization of information security management
Baseline standard and then develop additional standards
Calculating the value of the information or asset
Rule-based access control
34. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
Proficiency testing
The data owner
Risk appetite
Public key infrastructure (PKI)
35. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Service level agreements (SLAs)
Calculating the value of the information or asset
Continuous analysis - monitoring and feedback
Decentralization
36. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
Control effectiveness
Encryption of the hard disks
The awareness and agreement of the data subjects
Defining high-level business security requirements
37. Has full responsibility over data.
Service level agreements (SLAs)
The data owner
Deeper level of analysis
include security responsibilities in a job description
38. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Negotiating a local version of the organization standards
Exceptions to policy
Decentralization
Developing an information security baseline
39. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Centralization of information security management
The authentication process is broken
Proficiency testing
Spoofing attacks
40. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Baseline standard and then develop additional standards
Service level agreements (SLAs)
Owner of the information asset
Identify the vulnerable systems and apply compensating controls
41. A Successful risk management should lead to a ________________.
Negotiating a local version of the organization standards
Requirements of the data owners
Breakeven point of risk reduction and cost
Spoofing attacks
42. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Calculating the value of the information or asset
Protective switch covers
Confidentiality
Resource dependency assessment
43. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Impractical and is often cost-prohibitive
Defined objectives
Detection defenses
Data owners
44. Has to be integrated into the requirements of every software application's design.
Strategic alignment of security with business objectives
Digital certificate
Encryption key management
Creation of a business continuity plan
45. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Risk appetite
Logon banners
Comparison of cost of achievement
Role-based access control
46. Accesses a computer or network illegally
Residual risk would be reduced by a greater amount
Cracker
Conduct a risk assessment
Data mart
47. Responsible for securing the information.
Hacker
People
Data mart
The data custodian
48. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Role-based policy
Background check
Methodology used in the assessment
Cracker
49. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Performing a risk assessment
Personal firewall
Get senior management onboard
Penetration testing
50. The information security manager needs to prioritize the controls based on ________________________.
Tailgating
Risk management and the requirements of the organization
BIA (Business Impact Assessment
Methodology used in the assessment
