SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Inject malformed input.
Cracker
Cross-site scripting attacks
Certificate authority (CA)
Biometric access control systems
2. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Security risk
Total cost of ownership (TCO)
Breakeven point of risk reduction and cost
Impractical and is often cost-prohibitive
3. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Impractical and is often cost-prohibitive
Lack of change management
Detection defenses
Background checks of prospective employees
4. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Background checks of prospective employees
Regular review of access control lists
BIA (Business Impact Assessment
Knowledge management
5. provides the most effective protection of data on mobile devices.
Multinational organization
Reduce risk to an acceptable level
Encryption
Hacker
6. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Identify the vulnerable systems and apply compensating controls
Requirements of the data owners
Annual loss expectancy (ALE)calculations
Role-based policy
7. By definition are not previously known and therefore are undetectable.
Centralized structure
0-day vulnerabilities
Background check
Countermeasure cost-benefit analysis
8. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Two-factor authentication
Threat assessment
The data custodian
Vulnerability assessment
9. A notice that guarantees a user or a web site is legitimate
Digital certificate
The data custodian
Strategic alignment of security with business objectives
Access control matrix
10. BEST option to improve accountability for a system administrator is to _____________________.
Skills inventory
Knowledge management
include security responsibilities in a job description
Spoofing attacks
11. Would protect against spoofing an internal address but would not provide strong authentication.
Prioritization
Aligned with organizational goals
IP address packet filtering
Encryption key management
12. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Resource dependency assessment
Methodology used in the assessment
Equal error rate (EER)
Use of security metrics
13. Used to understand the flow of one process into another.
Background checks of prospective employees
MAL wear
Compliance with the organization's information security requirements
Waterfall chart
14. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Do with the information it collects
Nondisclosure agreement (NDA)
Skills inventory
Resource dependency assessment
15. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Increase business value and confidence
Script kiddie
Access control matrix
Resource dependency assessment
16. The PRIMARY goal in developing an information security strategy is to: _________________________.
Data mart
Background checks of prospective employees
Support the business objectives of the organization
BIA (Business Impact Assessment
17. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Digital certificate
Negotiating a local version of the organization standards
Increase business value and confidence
Continuous analysis - monitoring and feedback
18. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Identify the relevant systems and processes
Use of security metrics
Data classification
0-day vulnerabilities
19. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Multinational organization
The balanced scorecard
Negotiating a local version of the organization standards
Data warehouse
20. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
BIA (Business Impact Assessment
Gain unauthorized access to applications
Data warehouse
Logon banners
21. Has to be integrated into the requirements of every software application's design.
Security code reviews for the entire software application
A network vulnerability assessment
Encryption key management
Performing a risk assessment
22. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Phishing
Service level agreements (SLAs)
Breakeven point of risk reduction and cost
Role-based access control
23. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
24. Should be performed to identify the risk and determine needed controls.
Role-based policy
Centralization of information security management
Asset classification
Internal risk assessment
25. A Successful risk management should lead to a ________________.
Control risk
Defining high-level business security requirements
Patch management process
Breakeven point of risk reduction and cost
26. It is easier to manage and control a _________________.
Increase business value and confidence
Undervoltage (brownout)
Get senior management onboard
Centralized structure
27. Program that hides within or looks like a legit program
Biometric access control systems
Spoofing attacks
Prioritization
Trojan horse
28. Occurs when the incoming level
Prioritization
Breakeven point of risk reduction and cost
Power surge/over voltage (spike)
Assess the risks to the business operation
29. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Security awareness training for all employees
Inherent risk
Virus
Nondisclosure agreement (NDA)
30. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Knowledge management
Single sign-on (SSO) product
The board of directors and senior management
Gap analysis
31. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Intrusion detection system (IDS)
Information security manager
Internal risk assessment
Encryption of the hard disks
32. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Normalization
Get senior management onboard
Use of security metrics
Defining high-level business security requirements
33. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Gap analysis
Strategic alignment of security with business objectives
The board of directors and senior management
Control effectiveness
34. Identification and _______________ of business risk enables project managers to address areas with most significance.
Prioritization
Security awareness training for all employees
Well-defined roles and responsibilities
Residual risk would be reduced by a greater amount
35. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Equal error rate (EER)
The board of directors and senior management
Virus
Patch management process
36. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
The authentication process is broken
People
Cyber terrorist
Comparison of cost of achievement
37. Provide metrics to which outsourcing firms can be held accountable.
Requirements of the data owners
Service level agreements (SLAs)
Support the business objectives of the organization
Notifications and opt-out provisions
38. Same intent as a cracker but does not have the technical skills and knowledge
Service level agreements (SLAs)
Script kiddie
Access control matrix
Information contained on the equipment
39. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Defined objectives
Total cost of ownership (TCO)
Identify the relevant systems and processes
Protective switch covers
40. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Risk appetite
Data mart
Countermeasure cost-benefit analysis
Threat assessment
41. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Platform security - intrusion detection and antivirus controls
Tie security risks to key business objectives
Background checks of prospective employees
Spoofing attacks
42. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Patch management
Use of security metrics
Do with the information it collects
0-day vulnerabilities
43. When defining the information classification policy - the ___________________ need to be identified.
Requirements of the data owners
Cyber terrorist
Countermeasure cost-benefit analysis
Compliance with the organization's information security requirements
44. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Aligned with organizational goals
Developing an information security baseline
Worm
Knowledge management
45. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Cyber extortionist
Multinational organization
The authentication process is broken
Tailgating
46. Culture has a significant impact on how information security will be implemented in a ______________________.
Multinational organization
A network vulnerability assessment
Inherent risk
Conduct a risk assessment
47. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Acceptable use policies
Tie security risks to key business objectives
Confidentiality
Control risk
48. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Strategic alignment of security with business objectives
Creation of a business continuity plan
Annually or whenever there is a significant change
OBusiness case development
49. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Regulatory compliance
Knowledge management
Compliance with the organization's information security requirements
Notifications and opt-out provisions
50. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Tailgating
The authentication process is broken
MAL wear
Properly aligned with business goals and objectives
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests