SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Whenever personal data are transferred across national boundaries; ________________________ are required.
Biometric access control systems
Creation of a business continuity plan
Cracker
The awareness and agreement of the data subjects
2. Reducing risk to a level too small to measure is _______________.
Impractical and is often cost-prohibitive
Malicious software and spyware
Calculating the value of the information or asset
Security baselines
3. Should be a standard requirement for the service provider.
Background check
Malicious software and spyware
Process of introducing changes to systems
Transmit e-mail messages
4. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Use of security metrics
Data warehouse
Skills inventory
Two-factor authentication
5. The data owner is responsible for _______________________.
Biometric access control systems
Trojan horse
Applying the proper classification to the data
Patch management
6. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Trojan horse
Trusted source
Residual risk would be reduced by a greater amount
Normalization
7. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
OBusiness case development
The information security officer
Compliance with the organization's information security requirements
Digital certificate
8. Same intent as a cracker but does not have the technical skills and knowledge
The authentication process is broken
Waterfall chart
The awareness and agreement of the data subjects
Script kiddie
9. A function of the session keys distributed by the PKI.
Is willing to accept
Single sign-on (SSO) product
Properly aligned with business goals and objectives
Confidentiality
10. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Owner of the information asset
Resource dependency assessment
Data owners
Security code reviews for the entire software application
11. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Control effectiveness
OBusiness case development
Cyber extortionist
Baseline standard and then develop additional standards
12. ecurity design flaws require a ____________________.
Deeper level of analysis
Centralized structure
Use of security metrics
Continuous analysis - monitoring and feedback
13. Occurs when the electrical supply drops
Undervoltage (brownout)
Detection defenses
Regular review of access control lists
Multinational organization
14. S small warehouse - designed for the end-user needs in a strategic business unit
Data mart
Patch management
Asset classification
What happened and how the breach was resolved
15. Utility program that detects and protects a personal computer from unauthorized intrusions
Personal firewall
Conduct a risk assessment
Data warehouse
Acceptable use policies
16. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Cost of control
Process of introducing changes to systems
The balanced scorecard
Inherent risk
17. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Decentralization
Service level agreements (SLAs)
The data owner
Cryptographic secure sockets layer (SSL) implementations and short key lengths
18. Should be determined from the risk assessment results.
Regular review of access control lists
Audit objectives
Assess the risks to the business operation
Control risk
19. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Get senior management onboard
Examples of containment defenses
Gap analysis
Continuous analysis - monitoring and feedback
20. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Virus detection
Biometric access control systems
MAL wear
Tailgating
21. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Information security manager
Biometric access control systems
Data isolation
Performing a risk assessment
22. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Single sign-on (SSO) product
Transmit e-mail messages
Performing a risk assessment
Cyber terrorist
23. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Skills inventory
Access control matrix
Equal error rate (EER)
Baseline standard and then develop additional standards
24. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
A network vulnerability assessment
Defining high-level business security requirements
SWOT analysis
Encryption key management
25. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Single sign-on (SSO) product
Nondisclosure agreement (NDA)
Cost of control
Lack of change management
26. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Breakeven point of risk reduction and cost
Comparison of cost of achievement
Rule-based access control
Knowledge management
27. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Internal risk assessment
Identify the vulnerable systems and apply compensating controls
Breakeven point of risk reduction and cost
Continuous analysis - monitoring and feedback
28. An information security manager has to impress upon the human resources department the need for _____________________.
Assess the risks to the business operation
Asset classification
Multinational organization
Security awareness training for all employees
29. A repository of historical data organized by subject to support decision makers in the org
Data warehouse
Worm
Breakeven point of risk reduction and cost
Do with the information it collects
30. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
The board of directors and senior management
The data custodian
Vulnerability assessment
Exceptions to policy
31. Would protect against spoofing an internal address but would not provide strong authentication.
IP address packet filtering
Risk management and the requirements of the organization
Digital certificate
Waterfall chart
32. Provides strong online authentication.
Public key infrastructure (PKI)
Deeper level of analysis
Compliance with the organization's information security requirements
Performing a risk assessment
33. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Increase business value and confidence
Skills inventory
Digital certificate
What happened and how the breach was resolved
34. Awareness - training and physical security defenses.
Examples of containment defenses
Personal firewall
Conduct a risk assessment
Single sign-on (SSO) product
35. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Biometric access control systems
Encryption of the hard disks
Security risk
The information security officer
36. Focuses on identifying vulnerabilities.
Penetration testing
Worm
Annual loss expectancy (ALE)calculations
Continuous analysis - monitoring and feedback
37. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Key risk indicator (KRI) setup
Patch management
Tailgating
Data owners
38. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
People
Retention of business records
Biometric access control systems
The balanced scorecard
39. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Skills inventory
Background check
Calculating the value of the information or asset
The data owner
40. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
41. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Script kiddie
Spoofing attacks
Penetration testing
Security baselines
42. The most important characteristic of good security policies is that they be ____________________.
Transmit e-mail messages
Aligned with organizational goals
Inherent risk
0-day vulnerabilities
43. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Annually or whenever there is a significant change
Worm
Data isolation
Script kiddie
44. By definition are not previously known and therefore are undetectable.
Background check
0-day vulnerabilities
People
Calculating the value of the information or asset
45. Needs to define the access rules - which is troublesome and error prone in large organizations.
Rule-based access control
Background check
The data owner
Two-factor authentication
46. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Assess the risks to the business operation
Alignment with business strategy
The board of directors and senior management
MAL wear
47. Primarily reduce risk and are most effective for the protection of information assets.
Virus detection
Key controls
Breakeven point of risk reduction and cost
Data isolation
48. Someone who accesses a computer or network illegally
Fault-tolerant computer
Tie security risks to key business objectives
Hacker
Personal firewall
49. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Background check
Nondisclosure agreement (NDA)
Gain unauthorized access to applications
Use of security metrics
50. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
