SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
Creation of a business continuity plan
Background check
Regular review of access control lists
All personnel
2. Has full responsibility over data.
Compliance with the organization's information security requirements
Background checks of prospective employees
Multinational organization
The data owner
3. Without _____________________ - there cannot be accountability.
Well-defined roles and responsibilities
Defining high-level business security requirements
Negotiating a local version of the organization standards
Role-based access control
4. The job of the information security officer on a management team is to ___________________.
Assess the risks to the business operation
Methodology used in the assessment
Trojan horse
Data isolation
5. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
MAL wear
Security baselines
SWOT analysis
Two-factor authentication
6. Cannot be minimized
Monitoring processes
Inherent risk
Annually or whenever there is a significant change
Skills inventory
7. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Performing a risk assessment
Equal error rate (EER)
Increase business value and confidence
The awareness and agreement of the data subjects
8. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Single sign-on (SSO) product
The authentication process is broken
Security baselines
Internal risk assessment
9. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
10. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Negotiating a local version of the organization standards
Centralization of information security management
Methodology used in the assessment
Hacker
11. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
The authentication process is broken
Encryption key management
Data isolation
Inherent risk
12. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Role-based policy
Creation of a business continuity plan
Security code reviews for the entire software application
Single sign-on (SSO) product
13. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Vulnerability assessment
Attributes and characteristics of the 'desired state'
Countermeasure cost-benefit analysis
Logon banners
14. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Skills inventory
Digital certificate
Do with the information it collects
The database administrator
15. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Equal error rate (EER)
Security code reviews for the entire software application
Resource dependency assessment
Security risk
16. Ensures that there are no scalability problems.
Access control matrix
Stress testing
Baseline standard and then develop additional standards
Safeguards over keys
17. Risk should be reduced to a level that an organization _____________.
Patch management
Total cost of ownership (TCO)
Defining and ratifying the classification structure of information assets
Is willing to accept
18. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Security code reviews for the entire software application
Worm
OBusiness case development
Digital signatures
19. Culture has a significant impact on how information security will be implemented in a ______________________.
Data mart
Creation of a business continuity plan
Get senior management onboard
Multinational organization
20. Someone who uses the internet or network to destroy or damage computers for political reasons
Owner of the information asset
Encryption key management
Cyber terrorist
The authentication process is broken
21. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Skills inventory
The database administrator
Gap analysis
Regular review of access control lists
22. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Background checks of prospective employees
Malicious software and spyware
Annually or whenever there is a significant change
Regulatory compliance
23. The information security manager needs to prioritize the controls based on ________________________.
Applying the proper classification to the data
Data classification
Is willing to accept
Risk management and the requirements of the organization
24. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Comparison of cost of achievement
Worm
What happened and how the breach was resolved
Cost of control
25. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
26. A method for analyzing and reducing a relational database to its most streamlined form
Normalization
Defining high-level business security requirements
Control risk
Annual loss expectancy (ALE)calculations
27. A Successful risk management should lead to a ________________.
Data classification
Breakeven point of risk reduction and cost
Annually or whenever there is a significant change
Compliance with the organization's information security requirements
28. Inject malformed input.
Continuous analysis - monitoring and feedback
SWOT analysis
Patch management
Cross-site scripting attacks
29. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
Virus
Encryption of the hard disks
Deeper level of analysis
Control risk
30. New security ulnerabilities should be managed through a ________________.
Platform security - intrusion detection and antivirus controls
Patch management process
Access control matrix
Gap analysis
31. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Classification of assets needs
Compliance with the organization's information security requirements
Script kiddie
Intrusion detection system (IDS)
32. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Encryption key management
Data isolation
Residual risk
BIA (Business Impact Assessment
33. Applications cannot access data associated with other apps
Security awareness training for all employees
Waterfall chart
Data isolation
Residual risk
34. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Total cost of ownership (TCO)
Trojan horse
Well-defined roles and responsibilities
Control risk
35. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Residual risk
Protective switch covers
Return on security investment (ROSI)
Patch management
36. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
What happened and how the breach was resolved
Threat assessment
All personnel
The database administrator
37. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Tie security risks to key business objectives
Biometric access control systems
Attributes and characteristics of the 'desired state'
Overall organizational structure
38. A repository of historical data organized by subject to support decision makers in the org
Transmit e-mail messages
Overall organizational structure
Skills inventory
Data warehouse
39. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Retention of business records
Patch management
Confidentiality
Asset classification
40. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Is willing to accept
Alignment with business strategy
The board of directors and senior management
Performing a risk assessment
41. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Calculating the value of the information or asset
Protective switch covers
Do with the information it collects
Control effectiveness
42. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Patch management process
Multinational organization
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Notifications and opt-out provisions
43. It is easier to manage and control a _________________.
Centralized structure
Methodology used in the assessment
Applying the proper classification to the data
MAL wear
44. By definition are not previously known and therefore are undetectable.
0-day vulnerabilities
Risk management and the requirements of the organization
Malicious software and spyware
Information security manager
45. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Residual risk would be reduced by a greater amount
Aligned with organizational goals
Data owners
Key risk indicator (KRI) setup
46. A risk assessment should be conducted _________________.
Personal firewall
Annually or whenever there is a significant change
Owner of the information asset
Audit objectives
47. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Patch management
Lack of change management
The awareness and agreement of the data subjects
Nondisclosure agreement (NDA)
48. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Information contained on the equipment
Knowledge management
Spoofing attacks
Creation of a business continuity plan
49. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Transmit e-mail messages
Security risk
Equal error rate (EER)
Notifications and opt-out provisions
50. Ensure that transmitted information can be attributed to the named sender.
Assess the risks to the business operation
Trojan horse
Safeguards over keys
Digital signatures