SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Logon banners
Background checks of prospective employees
Security code reviews for the entire software application
Virus
2. Applications cannot access data associated with other apps
Data warehouse
Data isolation
Waterfall chart
Biometric access control systems
3. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Role-based access control
Residual risk
Developing an information security baseline
Two-factor authentication
4. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Methodology used in the assessment
Properly aligned with business goals and objectives
Owner of the information asset
Tie security risks to key business objectives
5. Utility program that detects and protects a personal computer from unauthorized intrusions
Vulnerability assessment
Trojan horse
Compliance with the organization's information security requirements
Personal firewall
6. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Owner of the information asset
The authentication process is broken
Phishing
Examples of containment defenses
7. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Properly aligned with business goals and objectives
Aligned with organizational goals
Attributes and characteristics of the 'desired state'
Gap analysis
8. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
OBusiness case development
Creation of a business continuity plan
Comparison of cost of achievement
Service level agreements (SLAs)
9. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
Risk appetite
Virus detection
Support the business objectives of the organization
Undervoltage (brownout)
10. Occurs when the electrical supply drops
Continuous analysis - monitoring and feedback
Malicious software and spyware
Notifications and opt-out provisions
Undervoltage (brownout)
11. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Performing a risk assessment
Data classification
Centralized structure
Key risk indicator (KRI) setup
12. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Data owners
Performing a risk assessment
Worm
Intrusion detection system (IDS)
13. Identification and _______________ of business risk enables project managers to address areas with most significance.
Resource dependency assessment
Prioritization
Intrusion detection system (IDS)
Internal risk assessment
14. Occurs when the incoming level
Annual loss expectancy (ALE)calculations
Resource dependency assessment
Power surge/over voltage (spike)
Inherent risk
15. The job of the information security officer on a management team is to ___________________.
The data owner
Assess the risks to the business operation
Transferred risk
Digital certificate
16. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Classification of assets needs
Key controls
Internal risk assessment
Platform security - intrusion detection and antivirus controls
17. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Platform security - intrusion detection and antivirus controls
Information contained on the equipment
Encryption
Defining high-level business security requirements
18. Provide metrics to which outsourcing firms can be held accountable.
Spoofing attacks
Multinational organization
Support the business objectives of the organization
Service level agreements (SLAs)
19. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Security awareness training for all employees
Security risk
The database administrator
The information security officer
20. Someone who accesses a computer or network illegally
Return on security investment (ROSI)
Gap analysis
IP address packet filtering
Hacker
21. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.
Its ability to reduce or eliminate business risks
Spoofing attacks
A network vulnerability assessment
Increase business value and confidence
22. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Data warehouse
Security baselines
The balanced scorecard
Annually or whenever there is a significant change
23. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Confidentiality
Centralization of information security management
Developing an information security baseline
Negotiating a local version of the organization standards
24. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
Deeper level of analysis
What happened and how the breach was resolved
Impractical and is often cost-prohibitive
include security responsibilities in a job description
25. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
What happened and how the breach was resolved
Stress testing
Data mart
Biometric access control systems
26. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Key risk indicator (KRI) setup
The board of directors and senior management
Gain unauthorized access to applications
The authentication process is broken
27. Inject malformed input.
Cross-site scripting attacks
Patch management
Is willing to accept
Platform security - intrusion detection and antivirus controls
28. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Equal error rate (EER)
Alignment with business strategy
Increase business value and confidence
Data isolation
29. When the ________________ is more than the cost of the risk - the risk should be accepted.
Public key infrastructure (PKI)
Deeper level of analysis
Trojan horse
Cost of control
30. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Vulnerability assessment
Role-based policy
Cryptographic secure sockets layer (SSL) implementations and short key lengths
The balanced scorecard
31. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
The data custodian
MAL wear
Certificate authority (CA)
Requirements of the data owners
32. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Internal risk assessment
All personnel
Protective switch covers
Annually or whenever there is a significant change
33. An information security manager has to impress upon the human resources department the need for _____________________.
Hacker
Encryption of the hard disks
Security awareness training for all employees
Internal risk assessment
34. Most effective for evaluating the degree to which information security objectives are being met.
Audit objectives
Centralized structure
The balanced scorecard
Retention of business records
35. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.
Information contained on the equipment
Regulatory compliance
Strategic alignment of security with business objectives
Power surge/over voltage (spike)
36. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Use of security metrics
Risk appetite
Gain unauthorized access to applications
Defining and ratifying the classification structure of information assets
37. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Centralized structure
Consensus on risks and controls
Transmit e-mail messages
BIA (Business Impact Assessment
38. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Exceptions to policy
Well-defined roles and responsibilities
Data mart
Virus
39. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Data mart
Key controls
Alignment with business strategy
Service level agreements (SLAs)
40. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
41. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Information contained on the equipment
Role-based access control
Background checks of prospective employees
The data owner
42. Needs to define the access rules - which is troublesome and error prone in large organizations.
Certificate authority (CA)
Rule-based access control
Strategic alignment of security with business objectives
Platform security - intrusion detection and antivirus controls
43. Company or person you believe will not send a virus-infect file knowingly
Encryption of the hard disks
Two-factor authentication
Trusted source
Increase business value and confidence
44. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Single sign-on (SSO) product
Process of introducing changes to systems
The board of directors and senior management
Virus
45. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Gap analysis
Personal firewall
Regulatory compliance
Cracker
46. Whenever personal data are transferred across national boundaries; ________________________ are required.
Regular review of access control lists
Cyber terrorist
The awareness and agreement of the data subjects
Centralized structure
47. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
All personnel
Regular review of access control lists
0-day vulnerabilities
Security risk
48. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Acceptable use policies
Knowledge management
Use of security metrics
Residual risk
49. All within the responsibility of the information security manager.
Platform security - intrusion detection and antivirus controls
Attributes and characteristics of the 'desired state'
Knowledge management
Stress testing
50. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
