SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Most effective for evaluating the degree to which information security objectives are being met.
The awareness and agreement of the data subjects
Examples of containment defenses
The balanced scorecard
The information security officer
2. Programs that act without a user's knowledge and deliberately alter a computer's operations
MAL wear
Breakeven point of risk reduction and cost
Cost of control
Background check
3. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
The information security officer
Nondisclosure agreement (NDA)
Return on security investment (ROSI)
Assess the risks to the business operation
4. Applications cannot access data associated with other apps
The balanced scorecard
Data isolation
Regular review of access control lists
Decentralization
5. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Security risk
Lack of change management
Impractical and is often cost-prohibitive
Power surge/over voltage (spike)
6. BEST option to improve accountability for a system administrator is to _____________________.
Malicious software and spyware
include security responsibilities in a job description
Trusted source
Calculating the value of the information or asset
7. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Safeguards over keys
Data owners
SWOT analysis
Residual risk
8. Uses security metrics to measure the performance of the information security program.
Information security manager
Impractical and is often cost-prohibitive
Developing an information security baseline
Performing a risk assessment
9. Information security governance models are highly dependent on the _____________________.
Normalization
Overall organizational structure
Centralization of information security management
What happened and how the breach was resolved
10. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Identify the vulnerable systems and apply compensating controls
Audit objectives
Identify the relevant systems and processes
Defining and ratifying the classification structure of information assets
11. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Two-factor authentication
The data custodian
Data classification
Defined objectives
12. Without _____________________ - there cannot be accountability.
Digital certificate
Tailgating
Well-defined roles and responsibilities
Control risk
13. The data owner is responsible for _______________________.
Reduce risk to an acceptable level
Prioritization
Applying the proper classification to the data
Return on security investment (ROSI)
14. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Do with the information it collects
Gap analysis
Lack of change management
Defining high-level business security requirements
15. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.
Platform security - intrusion detection and antivirus controls
Defining and ratifying the classification structure of information assets
Its ability to reduce or eliminate business risks
Total cost of ownership (TCO)
16. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Stress testing
SWOT analysis
Cost of control
Certificate authority (CA)
17. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
Internal risk assessment
Phishing
All personnel
Cracker
18. Has to be integrated into the requirements of every software application's design.
Encryption key management
Continuous monitoring control initiatives
Tailgating
Aligned with organizational goals
19. A risk assessment should be conducted _________________.
Annually or whenever there is a significant change
Encryption key management
Phishing
Defined objectives
20. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Annually or whenever there is a significant change
Proficiency testing
Residual risk
What happened and how the breach was resolved
21. Responsible for securing the information.
Total cost of ownership (TCO)
Virus
Aligned with organizational goals
The data custodian
22. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Risk management and the requirements of the organization
Baseline standard and then develop additional standards
Risk assessment - evaluation and impact analysis
Creation of a business continuity plan
23. The primary role of the information security manager in the process of information classification within the organization.
Overall organizational structure
Defining and ratifying the classification structure of information assets
Waterfall chart
Acceptable use policies
24. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Key risk indicator (KRI) setup
Classification of assets needs
Security baselines
Patch management
25. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Creation of a business continuity plan
Platform security - intrusion detection and antivirus controls
Phishing
Cracker
26. Provides process needs but not impact.
Resource dependency assessment
Data owners
Conduct a risk assessment
The database administrator
27. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
Its ability to reduce or eliminate business risks
Identify the relevant systems and processes
What happened and how the breach was resolved
Creation of a business continuity plan
28. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Cyber extortionist
Trojan horse
Vulnerability assessment
Properly aligned with business goals and objectives
29. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Trusted source
Gap analysis
Properly aligned with business goals and objectives
OBusiness case development
30. Provide metrics to which outsourcing firms can be held accountable.
Properly aligned with business goals and objectives
Service level agreements (SLAs)
Virus detection
Continuous monitoring control initiatives
31. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
The information security officer
Single sign-on (SSO) product
Threat assessment
Performing a risk assessment
32. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Two-factor authentication
Data owners
Transmit e-mail messages
Control risk
33. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Centralization of information security management
The data custodian
Negotiating a local version of the organization standards
Role-based policy
34. Occurs when the electrical supply drops
Undervoltage (brownout)
Phishing
People
Equal error rate (EER)
35. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Cyber terrorist
Properly aligned with business goals and objectives
Control effectiveness
Rule-based access control
36. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Support the business objectives of the organization
Knowledge management
Centralization of information security management
Residual risk
37. Same intent as a cracker but does not have the technical skills and knowledge
Script kiddie
Key risk indicator (KRI) setup
Resource dependency assessment
Confidentiality
38. Focuses on identifying vulnerabilities.
Penetration testing
Cracker
Comparison of cost of achievement
Hacker
39. A notice that guarantees a user or a web site is legitimate
Defined objectives
Digital certificate
Overall organizational structure
Applying the proper classification to the data
40. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Developing an information security baseline
Spoofing attacks
Countermeasure cost-benefit analysis
Digital signatures
41. It is easier to manage and control a _________________.
SWOT analysis
Penetration testing
Risk appetite
Centralized structure
42. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Aligned with organizational goals
Assess the risks to the business operation
MAL wear
Baseline standard and then develop additional standards
43. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Control risk
Encryption
Data warehouse
Requirements of the data owners
44. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Data mart
Single sign-on (SSO) product
Access control matrix
Two-factor authentication
45. Accesses a computer or network illegally
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Notifications and opt-out provisions
Cracker
Tie security risks to key business objectives
46. The most important characteristic of good security policies is that they be ____________________.
Data warehouse
Alignment with business strategy
Aligned with organizational goals
SWOT analysis
47. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
The information security officer
Data isolation
Virus
Intrusion detection system (IDS)
48. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Internal risk assessment
Conduct a risk assessment
Information security manager
Worm
49. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Intrusion detection system (IDS)
Deeper level of analysis
Phishing
Background check
50. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Detection defenses
Trojan horse
Identify the relevant systems and processes
Role-based access control
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests