SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. provides the most effective protection of data on mobile devices.
Encryption
Cross-site scripting attacks
Countermeasure cost-benefit analysis
Compliance with the organization's information security requirements
2. Reducing risk to a level too small to measure is _______________.
Centralization of information security management
Exceptions to policy
Impractical and is often cost-prohibitive
Consensus on risks and controls
3. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Process of introducing changes to systems
Breakeven point of risk reduction and cost
Undervoltage (brownout)
Use of security metrics
4. A key indicator of performance measurement.
Do with the information it collects
include security responsibilities in a job description
Threat assessment
Strategic alignment of security with business objectives
5. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Security baselines
Digital certificate
Confidentiality
Defining high-level business security requirements
6. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Equal error rate (EER)
Countermeasure cost-benefit analysis
Acceptable use policies
Certificate authority (CA)
7. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Spoofing attacks
Baseline standard and then develop additional standards
Platform security - intrusion detection and antivirus controls
The awareness and agreement of the data subjects
8. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Skills inventory
Normalization
The data custodian
Deeper level of analysis
9. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Requirements of the data owners
Background checks of prospective employees
Creation of a business continuity plan
Continuous analysis - monitoring and feedback
10. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Single sign-on (SSO) product
Conduct a risk assessment
Overall organizational structure
Control effectiveness
11. When the ________________ is more than the cost of the risk - the risk should be accepted.
Nondisclosure agreement (NDA)
Continuous monitoring control initiatives
Cost of control
Alignment with business strategy
12. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Data isolation
Defining high-level business security requirements
Countermeasure cost-benefit analysis
Information contained on the equipment
13. When defining the information classification policy - the ___________________ need to be identified.
Defining and ratifying the classification structure of information assets
Platform security - intrusion detection and antivirus controls
Encryption of the hard disks
Requirements of the data owners
14. Risk should be reduced to a level that an organization _____________.
Is willing to accept
0-day vulnerabilities
Support the business objectives of the organization
Confidentiality
15. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Reduce risk to an acceptable level
The information security officer
Safeguards over keys
Deeper level of analysis
16. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Access control matrix
Compliance with the organization's information security requirements
Well-defined roles and responsibilities
Defining high-level business security requirements
17. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Control risk
The awareness and agreement of the data subjects
Centralized structure
Regular review of access control lists
18. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Regulatory compliance
Cost of control
Total cost of ownership (TCO)
Centralization of information security management
19. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Patch management process
Baseline standard and then develop additional standards
Control risk
Service level agreements (SLAs)
20. Inject malformed input.
Cross-site scripting attacks
Identify the relevant systems and processes
Control risk
Script kiddie
21. Program that hides within or looks like a legit program
Cross-site scripting attacks
Trojan horse
Transferred risk
Applying the proper classification to the data
22. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
All personnel
Penetration testing
Decentralization
Classification of assets needs
23. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
Public key infrastructure (PKI)
Data warehouse
OBusiness case development
BIA (Business Impact Assessment
24. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
Performing a risk assessment
Regular review of access control lists
Get senior management onboard
Equal error rate (EER)
25. Company or person you believe will not send a virus-infect file knowingly
Personal firewall
0-day vulnerabilities
Trusted source
Cracker
26. Culture has a significant impact on how information security will be implemented in a ______________________.
Decentralization
Continuous analysis - monitoring and feedback
Multinational organization
Consensus on risks and controls
27. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Creation of a business continuity plan
Single sign-on (SSO) product
All personnel
Resource dependency assessment
28. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Consensus on risks and controls
Cost of control
SWOT analysis
Gain unauthorized access to applications
29. Needs to define the access rules - which is troublesome and error prone in large organizations.
Notifications and opt-out provisions
Proficiency testing
Rule-based access control
Service level agreements (SLAs)
30. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
The authentication process is broken
The database administrator
Inherent risk
All personnel
31. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Strategic alignment of security with business objectives
Worm
Patch management
Role-based policy
32. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Encryption key management
Identify the vulnerable systems and apply compensating controls
Stress testing
Trojan horse
33. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
People
What happened and how the breach was resolved
Knowledge management
Exceptions to policy
34. Computer that has duplicate components so it can continue to operate when one of its main components fail
Equal error rate (EER)
Fault-tolerant computer
Process of introducing changes to systems
Cross-site scripting attacks
35. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Tie security risks to key business objectives
Data mart
Equal error rate (EER)
Process of introducing changes to systems
36. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Applying the proper classification to the data
Phishing
Properly aligned with business goals and objectives
Security code reviews for the entire software application
37. Should be performed to identify the risk and determine needed controls.
Encryption of the hard disks
Defined objectives
Creation of a business continuity plan
Internal risk assessment
38. Has to be integrated into the requirements of every software application's design.
Encryption of the hard disks
Strategic alignment of security with business objectives
Audit objectives
Encryption key management
39. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Compliance with the organization's information security requirements
Conduct a risk assessment
Continuous monitoring control initiatives
Cyber extortionist
40. Responsible for securing the information.
Audit objectives
Acceptable use policies
Baseline standard and then develop additional standards
The data custodian
41. Used to understand the flow of one process into another.
Data owners
Waterfall chart
0-day vulnerabilities
Digital signatures
42. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Compliance with the organization's information security requirements
Get senior management onboard
Intrusion detection system (IDS)
Calculating the value of the information or asset
43. Provide metrics to which outsourcing firms can be held accountable.
Service level agreements (SLAs)
Transmit e-mail messages
Knowledge management
Vulnerability assessment
44. BEST option to improve accountability for a system administrator is to _____________________.
Gain unauthorized access to applications
include security responsibilities in a job description
Data classification
Encryption key management
45. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Regulatory compliance
Biometric access control systems
Script kiddie
Internal risk assessment
46. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Resource dependency assessment
Increase business value and confidence
The data owner
Phishing
47. Should be a standard requirement for the service provider.
Worm
Background check
Knowledge management
Alignment with business strategy
48. Utility program that detects and protects a personal computer from unauthorized intrusions
Owner of the information asset
Cracker
Deeper level of analysis
Personal firewall
49. Has full responsibility over data.
Decentralization
Well-defined roles and responsibilities
The data owner
Methodology used in the assessment
50. Programs that act without a user's knowledge and deliberately alter a computer's operations
MAL wear
Regular review of access control lists
Trusted source
The balanced scorecard
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests