Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.






2. Program that hides within or looks like a legit program






3. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.






4. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.






5. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.






6. Information security governance models are highly dependent on the _____________________.






7. It is more efficient to establish a ___________________for locations that must meet specific requirements.






8. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -






9. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.






10. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.






11. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.






12. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.






13. S small warehouse - designed for the end-user needs in a strategic business unit






14. The BEST justification to convince management to invest in an information security program is that doing so would _________________.






15. Used to understand the flow of one process into another.






16. Should be determined from the risk assessment results.






17. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are






18. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.






19. The primary role of the information security manager in the process of information classification within the organization.






20. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.






21. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.






22. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.






23. Without _____________________ - there cannot be accountability.






24. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'






25. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the






26. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance






27. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.






28. An information security manager has to impress upon the human resources department the need for _____________________.






29. Oversees the overall classification management of the information.






30. Provides strong online authentication.






31. Accesses a computer or network illegally






32. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.






33. Occurs when the electrical supply drops






34. The MOST useful way to describe the objectives in the information security strategy is through ______________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


35. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.






36. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.






37. Carries out the technical administration.






38. The best measure for preventing the unauthorized disclosure of confidential information.






39. Occurs after the risk assessment process - it does not measure it.






40. Reducing risk to a level too small to measure is _______________.






41. Someone who uses the internet or network to destroy or damage computers for political reasons






42. Would protect against spoofing an internal address but would not provide strong authentication.






43. A Successful risk management should lead to a ________________.






44. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.






45. Company or person you believe will not send a virus-infect file knowingly






46. Applications cannot access data associated with other apps






47. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing






48. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.






49. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information






50. Awareness - training and physical security defenses.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests