SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. New security ulnerabilities should be managed through a ________________.
Patch management process
Methodology used in the assessment
The database administrator
Hacker
2. Has full responsibility over data.
The data owner
Get senior management onboard
Undervoltage (brownout)
Gap analysis
3. Inject malformed input.
Cross-site scripting attacks
Support the business objectives of the organization
Risk appetite
Process of introducing changes to systems
4. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Audit objectives
Applying the proper classification to the data
Detection defenses
5. An information security manager has to impress upon the human resources department the need for _____________________.
Regulatory compliance
Platform security - intrusion detection and antivirus controls
Security awareness training for all employees
Single sign-on (SSO) product
6. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Hacker
Consensus on risks and controls
Fault-tolerant computer
Personal firewall
7. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Tie security risks to key business objectives
Cryptographic secure sockets layer (SSL) implementations and short key lengths
SWOT analysis
Identify the relevant systems and processes
8. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Security code reviews for the entire software application
BIA (Business Impact Assessment
Power surge/over voltage (spike)
Data warehouse
9. The data owner is responsible for _______________________.
Knowledge management
Defined objectives
Power surge/over voltage (spike)
Applying the proper classification to the data
10. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Is willing to accept
Access control matrix
Cost of control
Annually or whenever there is a significant change
11. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Data isolation
Public key infrastructure (PKI)
SWOT analysis
Information contained on the equipment
12. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Notifications and opt-out provisions
OBusiness case development
Data owners
Compliance with the organization's information security requirements
13. Focuses on identifying vulnerabilities.
Protective switch covers
Identify the vulnerable systems and apply compensating controls
Logon banners
Penetration testing
14. Should be performed to identify the risk and determine needed controls.
Increase business value and confidence
Trusted source
Negotiating a local version of the organization standards
Internal risk assessment
15. Carries out the technical administration.
The database administrator
Total cost of ownership (TCO)
Virus
Patch management process
16. Same intent as a cracker but does not have the technical skills and knowledge
Personal firewall
Confidentiality
Script kiddie
Security risk
17. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Skills inventory
Risk assessment - evaluation and impact analysis
Regular review of access control lists
The database administrator
18. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Gap analysis
Overall organizational structure
The information security officer
Gain unauthorized access to applications
19. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
20. provides the most effective protection of data on mobile devices.
Cyber extortionist
Decentralization
Encryption
Do with the information it collects
21. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
The awareness and agreement of the data subjects
Prioritization
Lack of change management
Cost of control
22. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Data isolation
Virus detection
Breakeven point of risk reduction and cost
Centralized structure
23. The job of the information security officer on a management team is to ___________________.
Assess the risks to the business operation
Defining high-level business security requirements
Centralized structure
Rule-based access control
24. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
BIA (Business Impact Assessment
Identify the relevant systems and processes
Decentralization
Intrusion detection system (IDS)
25. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Malicious software and spyware
Tailgating
SWOT analysis
Hacker
26. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Cracker
Asset classification
Tailgating
Certificate authority (CA)
27. All within the responsibility of the information security manager.
Rule-based access control
Platform security - intrusion detection and antivirus controls
Trusted source
Aligned with organizational goals
28. Primarily reduce risk and are most effective for the protection of information assets.
Encryption of the hard disks
All personnel
Key controls
Security risk
29. Only valid if assets have first been identified and appropriately valued.
Annual loss expectancy (ALE)calculations
Security awareness training for all employees
Developing an information security baseline
Strategic alignment of security with business objectives
30. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Asset classification
Biometric access control systems
Monitoring processes
Background check
31. Should be a standard requirement for the service provider.
Encryption key management
Hacker
Background check
Tailgating
32. Reducing risk to a level too small to measure is _______________.
Tie security risks to key business objectives
Its ability to reduce or eliminate business risks
Comparison of cost of achievement
Impractical and is often cost-prohibitive
33. A Successful risk management should lead to a ________________.
Breakeven point of risk reduction and cost
Resource dependency assessment
Trusted source
Vulnerability assessment
34. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
Gap analysis
Cyber extortionist
Risk appetite
Comparison of cost of achievement
35. Ensure that transmitted information can be attributed to the named sender.
Transferred risk
Digital signatures
Nondisclosure agreement (NDA)
Proficiency testing
36. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Owner of the information asset
Key risk indicator (KRI) setup
Gain unauthorized access to applications
The data custodian
37. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Calculating the value of the information or asset
Cyber extortionist
Classification of assets needs
Data classification
38. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Trusted source
Vulnerability assessment
Control risk
Logon banners
39. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Alignment with business strategy
Biometric access control systems
Regular review of access control lists
Script kiddie
40. Responsible for securing the information.
Detection defenses
Performing a risk assessment
Monitoring processes
The data custodian
41. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
IP address packet filtering
Risk management and the requirements of the organization
0-day vulnerabilities
Defining high-level business security requirements
42. Most effective for evaluating the degree to which information security objectives are being met.
Script kiddie
Residual risk
The balanced scorecard
Data owners
43. Applications cannot access data associated with other apps
Increase business value and confidence
Equal error rate (EER)
Data isolation
Reduce risk to an acceptable level
44. Whenever personal data are transferred across national boundaries; ________________________ are required.
Inherent risk
Certificate authority (CA)
The awareness and agreement of the data subjects
Biometric access control systems
45. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Exceptions to policy
Power surge/over voltage (spike)
Centralization of information security management
Continuous analysis - monitoring and feedback
46. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
What happened and how the breach was resolved
Control effectiveness
Power surge/over voltage (spike)
Transmit e-mail messages
47. Information security governance models are highly dependent on the _____________________.
Impractical and is often cost-prohibitive
Reduce risk to an acceptable level
Overall organizational structure
Asset classification
48. The best measure for preventing the unauthorized disclosure of confidential information.
Inherent risk
Vulnerability assessment
Continuous analysis - monitoring and feedback
Acceptable use policies
49. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
50. Has to be integrated into the requirements of every software application's design.
Baseline standard and then develop additional standards
Annual loss expectancy (ALE)calculations
The data custodian
Encryption key management
