SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Ensure that transmitted information can be attributed to the named sender.
Digital signatures
Spoofing attacks
What happened and how the breach was resolved
Methodology used in the assessment
2. Focuses on identifying vulnerabilities.
Creation of a business continuity plan
include security responsibilities in a job description
Penetration testing
Normalization
3. Should PRIMARILY be based on regulatory and legal requirements.
Retention of business records
Spoofing attacks
Annually or whenever there is a significant change
Protective switch covers
4. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
The balanced scorecard
include security responsibilities in a job description
Its ability to reduce or eliminate business risks
Countermeasure cost-benefit analysis
5. Used to understand the flow of one process into another.
Power surge/over voltage (spike)
Inherent risk
Waterfall chart
Hacker
6. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Security code reviews for the entire software application
Power surge/over voltage (spike)
Background checks of prospective employees
Tie security risks to key business objectives
7. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
8. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Identify the vulnerable systems and apply compensating controls
Lack of change management
Transferred risk
Overall organizational structure
9. Most effective for evaluating the degree to which information security objectives are being met.
The balanced scorecard
Retention of business records
Security awareness training for all employees
Biometric access control systems
10. Should be performed to identify the risk and determine needed controls.
BIA (Business Impact Assessment
SWOT analysis
Internal risk assessment
Defining and ratifying the classification structure of information assets
11. A repository of historical data organized by subject to support decision makers in the org
Data warehouse
Consensus on risks and controls
The board of directors and senior management
Equal error rate (EER)
12. A notice that guarantees a user or a web site is legitimate
Cross-site scripting attacks
Personal firewall
Digital certificate
Deeper level of analysis
13. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Multinational organization
Background check
Baseline standard and then develop additional standards
Data mart
14. Inject malformed input.
Trusted source
Comparison of cost of achievement
Cross-site scripting attacks
Phishing
15. Someone who accesses a computer or network illegally
People
Continuous monitoring control initiatives
Risk management and the requirements of the organization
Hacker
16. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Return on security investment (ROSI)
Acceptable use policies
Process of introducing changes to systems
MAL wear
17. Normally addressed through antivirus and antispyware policies.
Resource dependency assessment
Malicious software and spyware
Developing an information security baseline
Audit objectives
18. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Access control matrix
Residual risk
BIA (Business Impact Assessment
Acceptable use policies
19. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Personal firewall
Knowledge management
Protective switch covers
Annual loss expectancy (ALE)calculations
20. Has to be integrated into the requirements of every software application's design.
Spoofing attacks
Encryption key management
Intrusion detection system (IDS)
SWOT analysis
21. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Gap analysis
Background checks of prospective employees
Breakeven point of risk reduction and cost
Decentralization
22. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Risk management and the requirements of the organization
Assess the risks to the business operation
Background check
Virus
23. A method for analyzing and reducing a relational database to its most streamlined form
Normalization
Transmit e-mail messages
Applying the proper classification to the data
Fault-tolerant computer
24. Information security governance models are highly dependent on the _____________________.
Gain unauthorized access to applications
Patch management
Overall organizational structure
Waterfall chart
25. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Security baselines
Intrusion detection system (IDS)
Detection defenses
Stress testing
26. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Increase business value and confidence
Proficiency testing
Identify the relevant systems and processes
Deeper level of analysis
27. Reducing risk to a level too small to measure is _______________.
SWOT analysis
Countermeasure cost-benefit analysis
Data isolation
Impractical and is often cost-prohibitive
28. A key indicator of performance measurement.
Strategic alignment of security with business objectives
Gain unauthorized access to applications
Key controls
Threat assessment
29. Occurs after the risk assessment process - it does not measure it.
Control effectiveness
0-day vulnerabilities
BIA (Business Impact Assessment
Use of security metrics
30. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Data classification
Patch management
Well-defined roles and responsibilities
Virus
31. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Calculating the value of the information or asset
Key risk indicator (KRI) setup
Normalization
Data mart
32. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Role-based policy
Security baselines
Total cost of ownership (TCO)
Control risk
33. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Service level agreements (SLAs)
Data owners
Internal risk assessment
Two-factor authentication
34. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Developing an information security baseline
Defining high-level business security requirements
Its ability to reduce or eliminate business risks
Notifications and opt-out provisions
35. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Power surge/over voltage (spike)
Undervoltage (brownout)
Data mart
Transferred risk
36. Only valid if assets have first been identified and appropriately valued.
Threat assessment
Annual loss expectancy (ALE)calculations
Lack of change management
Background checks of prospective employees
37. Provide metrics to which outsourcing firms can be held accountable.
Service level agreements (SLAs)
Methodology used in the assessment
Get senior management onboard
Threat assessment
38. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Fault-tolerant computer
Patch management process
Worm
Retention of business records
39. It is easier to manage and control a _________________.
Proficiency testing
Information security manager
Support the business objectives of the organization
Centralized structure
40. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Risk appetite
Acceptable use policies
Knowledge management
Control effectiveness
41. Provides process needs but not impact.
Skills inventory
Lack of change management
Script kiddie
Resource dependency assessment
42. Responsible for securing the information.
Alignment with business strategy
The data custodian
Identify the relevant systems and processes
Threat assessment
43. Has full responsibility over data.
All personnel
The database administrator
Overall organizational structure
The data owner
44. By definition are not previously known and therefore are undetectable.
0-day vulnerabilities
Transferred risk
Skills inventory
Process of introducing changes to systems
45. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Key controls
Gap analysis
Examples of containment defenses
People
46. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Penetration testing
Annually or whenever there is a significant change
Trusted source
Identify the relevant systems and processes
47. provides the most effective protection of data on mobile devices.
Its ability to reduce or eliminate business risks
The balanced scorecard
Encryption
Rule-based access control
48. The most important characteristic of good security policies is that they be ____________________.
The awareness and agreement of the data subjects
Key controls
Prioritization
Aligned with organizational goals
49. The PRIMARY goal in developing an information security strategy is to: _________________________.
Cracker
Background checks of prospective employees
Support the business objectives of the organization
Get senior management onboard
50. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
The data owner
Vulnerability assessment
Certificate authority (CA)
Power surge/over voltage (spike)
