SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Protective switch covers
Reduce risk to an acceptable level
The data custodian
Virus
2. Someone who uses the internet or network to destroy or damage computers for political reasons
Cyber terrorist
Owner of the information asset
Aligned with organizational goals
The awareness and agreement of the data subjects
3. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Risk assessment - evaluation and impact analysis
Annually or whenever there is a significant change
Aligned with organizational goals
Vulnerability assessment
4. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Data warehouse
Logon banners
Encryption of the hard disks
Comparison of cost of achievement
5. Responsible for securing the information.
Stress testing
Service level agreements (SLAs)
The data custodian
Creation of a business continuity plan
6. The job of the information security officer on a management team is to ___________________.
Key controls
Identify the relevant systems and processes
Assess the risks to the business operation
Two-factor authentication
7. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Phishing
Platform security - intrusion detection and antivirus controls
Annually or whenever there is a significant change
Encryption
8. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Platform security - intrusion detection and antivirus controls
Virus detection
Security code reviews for the entire software application
Annually or whenever there is a significant change
9. Utility program that detects and protects a personal computer from unauthorized intrusions
Personal firewall
Inherent risk
Negotiating a local version of the organization standards
A network vulnerability assessment
10. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Tie security risks to key business objectives
Data mart
Transmit e-mail messages
Detection defenses
11. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Malicious software and spyware
Requirements of the data owners
Role-based access control
Defining high-level business security requirements
12. Program that hides within or looks like a legit program
Use of security metrics
Is willing to accept
Trojan horse
Public key infrastructure (PKI)
13. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Platform security - intrusion detection and antivirus controls
Negotiating a local version of the organization standards
Comparison of cost of achievement
Role-based policy
14. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
Examples of containment defenses
Data warehouse
Negotiating a local version of the organization standards
Get senior management onboard
15. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Prioritization
Return on security investment (ROSI)
Monitoring processes
Asset classification
16. Applications cannot access data associated with other apps
People
Data isolation
Classification of assets needs
Tie security risks to key business objectives
17. An information security manager has to impress upon the human resources department the need for _____________________.
Centralization of information security management
Security awareness training for all employees
Compliance with the organization's information security requirements
The authentication process is broken
18. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Consensus on risks and controls
Increase business value and confidence
Encryption of the hard disks
Cyber terrorist
19. Someone who accesses a computer or network illegally
Defining high-level business security requirements
Hacker
Encryption of the hard disks
Data isolation
20. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
The data custodian
Increase business value and confidence
Key risk indicator (KRI) setup
Well-defined roles and responsibilities
21. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Monitoring processes
Equal error rate (EER)
Reduce risk to an acceptable level
Performing a risk assessment
22. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Biometric access control systems
Virus detection
Malicious software and spyware
Negotiating a local version of the organization standards
23. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Reduce risk to an acceptable level
Transferred risk
Lack of change management
Waterfall chart
24. Culture has a significant impact on how information security will be implemented in a ______________________.
Safeguards over keys
Multinational organization
OBusiness case development
Cross-site scripting attacks
25. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Tailgating
Well-defined roles and responsibilities
Security awareness training for all employees
Cryptographic secure sockets layer (SSL) implementations and short key lengths
26. Carries out the technical administration.
Transferred risk
The database administrator
Classification of assets needs
Personal firewall
27. Company or person you believe will not send a virus-infect file knowingly
Trusted source
The balanced scorecard
Penetration testing
Transmit e-mail messages
28. The information security manager needs to prioritize the controls based on ________________________.
Risk management and the requirements of the organization
Threat assessment
Security baselines
Data isolation
29. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Regular review of access control lists
Intrusion detection system (IDS)
Comparison of cost of achievement
Centralization of information security management
30. Information security governance models are highly dependent on the _____________________.
Acceptable use policies
Overall organizational structure
Security awareness training for all employees
Well-defined roles and responsibilities
31. Occurs when the incoming level
Data owners
Power surge/over voltage (spike)
Notifications and opt-out provisions
Safeguards over keys
32. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Prioritization
Equal error rate (EER)
People
include security responsibilities in a job description
33. Needs to define the access rules - which is troublesome and error prone in large organizations.
Digital signatures
Data isolation
Rule-based access control
Examples of containment defenses
34. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Information contained on the equipment
Confidentiality
Applying the proper classification to the data
include security responsibilities in a job description
35. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Alignment with business strategy
All personnel
Control effectiveness
Risk assessment - evaluation and impact analysis
36. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Data classification
Control risk
Virus
Developing an information security baseline
37. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Phishing
Total cost of ownership (TCO)
The board of directors and senior management
Normalization
38. Cannot be minimized
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Inherent risk
Rule-based access control
Security code reviews for the entire software application
39. The best measure for preventing the unauthorized disclosure of confidential information.
Cracker
Encryption key management
Acceptable use policies
Get senior management onboard
40. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Equal error rate (EER)
Worm
Defined objectives
Retention of business records
41. Has to be integrated into the requirements of every software application's design.
Asset classification
Fault-tolerant computer
Encryption key management
Deeper level of analysis
42. Computer that has duplicate components so it can continue to operate when one of its main components fail
Fault-tolerant computer
Risk assessment - evaluation and impact analysis
Audit objectives
Knowledge management
43. Accesses a computer or network illegally
Cracker
Threat assessment
Gap analysis
Skills inventory
44. Only valid if assets have first been identified and appropriately valued.
Retention of business records
Centralization of information security management
Risk assessment - evaluation and impact analysis
Annual loss expectancy (ALE)calculations
45. Ensures that there are no scalability problems.
Applying the proper classification to the data
Stress testing
Digital certificate
Defining high-level business security requirements
46. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Data mart
Gap analysis
Safeguards over keys
Process of introducing changes to systems
47. Provide metrics to which outsourcing firms can be held accountable.
Service level agreements (SLAs)
Access control matrix
Centralization of information security management
Properly aligned with business goals and objectives
48. The primary role of the information security manager in the process of information classification within the organization.
Logon banners
Process of introducing changes to systems
Security risk
Defining and ratifying the classification structure of information assets
49. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Requirements of the data owners
BIA (Business Impact Assessment
Stress testing
Encryption of the hard disks
50. Most effective for evaluating the degree to which information security objectives are being met.
Defining and ratifying the classification structure of information assets
People
The balanced scorecard
Deeper level of analysis
