SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Compliance with the organization's information security requirements
Information security manager
Biometric access control systems
Cryptographic secure sockets layer (SSL) implementations and short key lengths
2. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Lack of change management
What happened and how the breach was resolved
Creation of a business continuity plan
Increase business value and confidence
3. Provides strong online authentication.
Malicious software and spyware
Total cost of ownership (TCO)
Defining high-level business security requirements
Public key infrastructure (PKI)
4. Should PRIMARILY be based on regulatory and legal requirements.
IP address packet filtering
Retention of business records
Increase business value and confidence
Confidentiality
5. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Risk management and the requirements of the organization
Key controls
Total cost of ownership (TCO)
Digital signatures
6. A repository of historical data organized by subject to support decision makers in the org
Rule-based access control
Data warehouse
Information contained on the equipment
Digital signatures
7. Awareness - training and physical security defenses.
Two-factor authentication
Examples of containment defenses
Risk appetite
Audit objectives
8. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
IP address packet filtering
Background checks of prospective employees
Risk management and the requirements of the organization
Tie security risks to key business objectives
9. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
The board of directors and senior management
Single sign-on (SSO) product
BIA (Business Impact Assessment
Security risk
10. Provide metrics to which outsourcing firms can be held accountable.
Well-defined roles and responsibilities
Cyber extortionist
Service level agreements (SLAs)
Retention of business records
11. Oversees the overall classification management of the information.
Lack of change management
The information security officer
Decentralization
Knowledge management
12. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Tie security risks to key business objectives
Data warehouse
Public key infrastructure (PKI)
Security risk
13. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
BIA (Business Impact Assessment
Trusted source
Is willing to accept
Owner of the information asset
14. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Encryption key management
Trusted source
Prioritization
Patch management
15. New security ulnerabilities should be managed through a ________________.
Multinational organization
Patch management process
The database administrator
Undervoltage (brownout)
16. Ensure that transmitted information can be attributed to the named sender.
Digital signatures
Methodology used in the assessment
Retention of business records
Access control matrix
17. Normally addressed through antivirus and antispyware policies.
Examples of containment defenses
include security responsibilities in a job description
Defining high-level business security requirements
Malicious software and spyware
18. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Strategic alignment of security with business objectives
Reduce risk to an acceptable level
Asset classification
Knowledge management
19. Occurs when the incoming level
Power surge/over voltage (spike)
Proficiency testing
Role-based policy
Creation of a business continuity plan
20. Whenever personal data are transferred across national boundaries; ________________________ are required.
Information security manager
The awareness and agreement of the data subjects
0-day vulnerabilities
Risk appetite
21. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Comparison of cost of achievement
Safeguards over keys
Tie security risks to key business objectives
Information contained on the equipment
22. Without _____________________ - there cannot be accountability.
Intrusion detection system (IDS)
Well-defined roles and responsibilities
Process of introducing changes to systems
Cost of control
23. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Annual loss expectancy (ALE)calculations
Vulnerability assessment
Encryption key management
Data isolation
24. Should be determined from the risk assessment results.
Audit objectives
Overall organizational structure
Information security manager
Defined objectives
25. provides the most effective protection of data on mobile devices.
Encryption
Single sign-on (SSO) product
Overall organizational structure
Increase business value and confidence
26. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Intrusion detection system (IDS)
Identify the vulnerable systems and apply compensating controls
Data classification
Defining high-level business security requirements
27. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Well-defined roles and responsibilities
Total cost of ownership (TCO)
Data isolation
Tailgating
28. Only valid if assets have first been identified and appropriately valued.
Overall organizational structure
Well-defined roles and responsibilities
Threat assessment
Annual loss expectancy (ALE)calculations
29. Accesses a computer or network illegally
Digital certificate
Background check
Public key infrastructure (PKI)
Cracker
30. Reducing risk to a level too small to measure is _______________.
Impractical and is often cost-prohibitive
Cyber terrorist
Single sign-on (SSO) product
Waterfall chart
31. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
Data mart
Residual risk
Skills inventory
OBusiness case development
32. By definition are not previously known and therefore are undetectable.
Role-based access control
Encryption
The awareness and agreement of the data subjects
0-day vulnerabilities
33. It is easier to manage and control a _________________.
Centralized structure
Proficiency testing
Classification of assets needs
Defining and ratifying the classification structure of information assets
34. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Lack of change management
Retention of business records
Encryption
Single sign-on (SSO) product
35. A key indicator of performance measurement.
Retention of business records
Strategic alignment of security with business objectives
The database administrator
Methodology used in the assessment
36. The MOST important element of an information security strategy.
MAL wear
Cyber terrorist
Defined objectives
Malicious software and spyware
37. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Calculating the value of the information or asset
Reduce risk to an acceptable level
include security responsibilities in a job description
Phishing
38. A method for analyzing and reducing a relational database to its most streamlined form
Normalization
Background checks of prospective employees
Cross-site scripting attacks
Use of security metrics
39. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Fault-tolerant computer
Examples of containment defenses
Penetration testing
People
40. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Monitoring processes
Patch management process
Personal firewall
Notifications and opt-out provisions
41. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Total cost of ownership (TCO)
Transferred risk
include security responsibilities in a job description
Reduce risk to an acceptable level
42. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Resource dependency assessment
Tailgating
Proficiency testing
Detection defenses
43. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Process of introducing changes to systems
Retention of business records
Defining high-level business security requirements
The balanced scorecard
44. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Defining high-level business security requirements
SWOT analysis
Vulnerability assessment
Data warehouse
45. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Centralization of information security management
Strategic alignment of security with business objectives
Annually or whenever there is a significant change
Methodology used in the assessment
46. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Phishing
Rule-based access control
Script kiddie
Skills inventory
47. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Malicious software and spyware
Total cost of ownership (TCO)
Use of security metrics
Creation of a business continuity plan
48. Should be a standard requirement for the service provider.
MAL wear
Background check
The authentication process is broken
Cyber terrorist
49. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Equal error rate (EER)
The data custodian
Annually or whenever there is a significant change
Role-based policy
50. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Gain unauthorized access to applications
Residual risk
Developing an information security baseline
Breakeven point of risk reduction and cost