SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Do with the information it collects
Biometric access control systems
Stress testing
Regulatory compliance
2. Ensure that transmitted information can be attributed to the named sender.
Digital signatures
Creation of a business continuity plan
Virus detection
The balanced scorecard
3. Has to be integrated into the requirements of every software application's design.
Confidentiality
Tailgating
Key controls
Encryption key management
4. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Defining and ratifying the classification structure of information assets
Cyber extortionist
Internal risk assessment
Hacker
5. Accesses a computer or network illegally
Cracker
Properly aligned with business goals and objectives
Impractical and is often cost-prohibitive
Digital certificate
6. Same intent as a cracker but does not have the technical skills and knowledge
Script kiddie
Proficiency testing
Notifications and opt-out provisions
Information contained on the equipment
7. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Transmit e-mail messages
Consensus on risks and controls
Skills inventory
Knowledge management
8. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Retention of business records
Digital signatures
People
Comparison of cost of achievement
9. provides the most effective protection of data on mobile devices.
Encryption
Annual loss expectancy (ALE)calculations
Virus
Retention of business records
10. Should PRIMARILY be based on regulatory and legal requirements.
Retention of business records
Aligned with organizational goals
OBusiness case development
Script kiddie
11. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Performing a risk assessment
Protective switch covers
Key risk indicator (KRI) setup
Calculating the value of the information or asset
12. Identification and _______________ of business risk enables project managers to address areas with most significance.
Prioritization
Decentralization
Methodology used in the assessment
Stress testing
13. BEST option to improve accountability for a system administrator is to _____________________.
include security responsibilities in a job description
Residual risk
Risk management and the requirements of the organization
Public key infrastructure (PKI)
14. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Reduce risk to an acceptable level
Hacker
Access control matrix
Digital signatures
15. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Intrusion detection system (IDS)
Key risk indicator (KRI) setup
Encryption
Access control matrix
16. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Safeguards over keys
Encryption key management
Internal risk assessment
Developing an information security baseline
17. Computer that has duplicate components so it can continue to operate when one of its main components fail
Residual risk would be reduced by a greater amount
Fault-tolerant computer
The awareness and agreement of the data subjects
Malicious software and spyware
18. When defining the information classification policy - the ___________________ need to be identified.
Requirements of the data owners
Data isolation
Detection defenses
Transmit e-mail messages
19. ecurity design flaws require a ____________________.
Deeper level of analysis
include security responsibilities in a job description
Consensus on risks and controls
Monitoring processes
20. Would protect against spoofing an internal address but would not provide strong authentication.
IP address packet filtering
What happened and how the breach was resolved
Return on security investment (ROSI)
Countermeasure cost-benefit analysis
21. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Role-based access control
Residual risk
Risk management and the requirements of the organization
Power surge/over voltage (spike)
22. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Internal risk assessment
Exceptions to policy
Continuous analysis - monitoring and feedback
Logon banners
23. The MOST important element of an information security strategy.
Defined objectives
Rule-based access control
Lack of change management
Overall organizational structure
24. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Trusted source
Exceptions to policy
Notifications and opt-out provisions
Role-based policy
25. Primarily reduce risk and are most effective for the protection of information assets.
Power surge/over voltage (spike)
Key controls
Transmit e-mail messages
Service level agreements (SLAs)
26. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Alignment with business strategy
Security baselines
Asset classification
Security code reviews for the entire software application
27. A method for analyzing and reducing a relational database to its most streamlined form
Waterfall chart
Increase business value and confidence
Countermeasure cost-benefit analysis
Normalization
28. Oversees the overall classification management of the information.
Waterfall chart
The information security officer
Defining high-level business security requirements
Assess the risks to the business operation
29. An information security manager has to impress upon the human resources department the need for _____________________.
Get senior management onboard
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Security awareness training for all employees
Key controls
30. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Two-factor authentication
Return on security investment (ROSI)
Is willing to accept
Resource dependency assessment
31. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
What happened and how the breach was resolved
The information security officer
Protective switch covers
Personal firewall
32. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Defining high-level business security requirements
Annually or whenever there is a significant change
Countermeasure cost-benefit analysis
Data owners
33. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Cost of control
The data owner
Undervoltage (brownout)
Role-based policy
34. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Worm
Nondisclosure agreement (NDA)
The board of directors and senior management
Process of introducing changes to systems
35. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Deeper level of analysis
Normalization
Assess the risks to the business operation
Total cost of ownership (TCO)
36. Someone who accesses a computer or network illegally
Regular review of access control lists
Security risk
Hacker
Asset classification
37. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
OBusiness case development
Data classification
Key risk indicator (KRI) setup
Encryption of the hard disks
38. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
The information security officer
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Detection defenses
Examples of containment defenses
39. Company or person you believe will not send a virus-infect file knowingly
Virus detection
OBusiness case development
Trusted source
Return on security investment (ROSI)
40. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Undervoltage (brownout)
Key controls
Countermeasure cost-benefit analysis
Do with the information it collects
41. Provide metrics to which outsourcing firms can be held accountable.
Service level agreements (SLAs)
Encryption key management
Normalization
Protective switch covers
42. Has full responsibility over data.
Prioritization
The data owner
Platform security - intrusion detection and antivirus controls
Process of introducing changes to systems
43. Utility program that detects and protects a personal computer from unauthorized intrusions
Protective switch covers
The information security officer
Cross-site scripting attacks
Personal firewall
44. A notice that guarantees a user or a web site is legitimate
Digital certificate
Acceptable use policies
Single sign-on (SSO) product
Platform security - intrusion detection and antivirus controls
45. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
Get senior management onboard
Knowledge management
Annually or whenever there is a significant change
Two-factor authentication
46. Someone who uses the internet or network to destroy or damage computers for political reasons
Transmit e-mail messages
Comparison of cost of achievement
Data owners
Cyber terrorist
47. Occurs when the electrical supply drops
Undervoltage (brownout)
Platform security - intrusion detection and antivirus controls
Its ability to reduce or eliminate business risks
Stress testing
48. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Worm
Calculating the value of the information or asset
Tie security risks to key business objectives
Nondisclosure agreement (NDA)
49. A function of the session keys distributed by the PKI.
Nondisclosure agreement (NDA)
Control risk
Phishing
Confidentiality
50. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Centralization of information security management
Gain unauthorized access to applications
Intrusion detection system (IDS)
Waterfall chart
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests