SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Gap analysis
Security baselines
People
Biometric access control systems
2. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
3. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Total cost of ownership (TCO)
Security baselines
MAL wear
Centralization of information security management
4. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Get senior management onboard
Continuous analysis - monitoring and feedback
Single sign-on (SSO) product
Patch management process
5. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Classification of assets needs
Data owners
Spoofing attacks
Return on security investment (ROSI)
6. Provides strong online authentication.
Is willing to accept
Strategic alignment of security with business objectives
Intrusion detection system (IDS)
Public key infrastructure (PKI)
7. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Service level agreements (SLAs)
Identify the relevant systems and processes
Do with the information it collects
Get senior management onboard
8. Utility program that detects and protects a personal computer from unauthorized intrusions
Script kiddie
Personal firewall
Power surge/over voltage (spike)
Consensus on risks and controls
9. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Classification of assets needs
Information contained on the equipment
Retention of business records
Certificate authority (CA)
10. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Lack of change management
Identify the relevant systems and processes
The authentication process is broken
Transferred risk
11. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Script kiddie
Process of introducing changes to systems
Control effectiveness
Gain unauthorized access to applications
12. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Digital signatures
Key risk indicator (KRI) setup
Risk assessment - evaluation and impact analysis
OBusiness case development
13. Occurs when the incoming level
Access control matrix
Lack of change management
Trojan horse
Power surge/over voltage (spike)
14. Oversees the overall classification management of the information.
Internal risk assessment
Hacker
Control risk
The information security officer
15. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Conduct a risk assessment
Equal error rate (EER)
Creation of a business continuity plan
Asset classification
16. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Retention of business records
Role-based access control
Lack of change management
Countermeasure cost-benefit analysis
17. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Encryption of the hard disks
Security code reviews for the entire software application
Spoofing attacks
Role-based access control
18. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Gap analysis
Strategic alignment of security with business objectives
Data isolation
Comparison of cost of achievement
19. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Data classification
Do with the information it collects
Tie security risks to key business objectives
Background checks of prospective employees
20. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Two-factor authentication
Encryption
Safeguards over keys
What happened and how the breach was resolved
21. The most important characteristic of good security policies is that they be ____________________.
Aligned with organizational goals
Virus
Fault-tolerant computer
Cryptographic secure sockets layer (SSL) implementations and short key lengths
22. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Continuous monitoring control initiatives
Control effectiveness
Key controls
Control risk
23. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Data mart
Logon banners
Data warehouse
Inherent risk
24. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
25. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Tie security risks to key business objectives
Virus detection
Return on security investment (ROSI)
Gain unauthorized access to applications
26. It is easier to manage and control a _________________.
Centralized structure
include security responsibilities in a job description
Trojan horse
Digital certificate
27. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Total cost of ownership (TCO)
Examples of containment defenses
Phishing
Retention of business records
28. Someone who accesses a computer or network illegally
Hacker
Data mart
Waterfall chart
Normalization
29. Uses security metrics to measure the performance of the information security program.
Normalization
Information security manager
Background check
Transmit e-mail messages
30. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Monitoring processes
Transmit e-mail messages
Nondisclosure agreement (NDA)
All personnel
31. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Assess the risks to the business operation
Inherent risk
Alignment with business strategy
Data mart
32. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Decentralization
Knowledge management
Background check
Security risk
33. The best measure for preventing the unauthorized disclosure of confidential information.
Encryption
Acceptable use policies
Security code reviews for the entire software application
The board of directors and senior management
34. Company or person you believe will not send a virus-infect file knowingly
Detection defenses
Trusted source
include security responsibilities in a job description
Proficiency testing
35. Ensures that there are no scalability problems.
Defined objectives
Defining and ratifying the classification structure of information assets
Spoofing attacks
Stress testing
36. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Transferred risk
Background check
Single sign-on (SSO) product
OBusiness case development
37. ecurity design flaws require a ____________________.
Deeper level of analysis
Owner of the information asset
Aligned with organizational goals
Cost of control
38. The data owner is responsible for _______________________.
Encryption
Applying the proper classification to the data
Regular review of access control lists
Requirements of the data owners
39. Should PRIMARILY be based on regulatory and legal requirements.
Decentralization
Risk appetite
Background check
Retention of business records
40. Without _____________________ - there cannot be accountability.
Well-defined roles and responsibilities
Platform security - intrusion detection and antivirus controls
Requirements of the data owners
The balanced scorecard
41. BEST option to improve accountability for a system administrator is to _____________________.
Alignment with business strategy
Role-based access control
Rule-based access control
include security responsibilities in a job description
42. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Trusted source
Public key infrastructure (PKI)
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Script kiddie
43. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Skills inventory
Role-based policy
Patch management
Assess the risks to the business operation
44. Occurs when the electrical supply drops
Role-based access control
Deeper level of analysis
Undervoltage (brownout)
Comparison of cost of achievement
45. A method for analyzing and reducing a relational database to its most streamlined form
Normalization
Virus
Cracker
Information security manager
46. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Calculating the value of the information or asset
Encryption
Negotiating a local version of the organization standards
Defining and ratifying the classification structure of information assets
47. Would protect against spoofing an internal address but would not provide strong authentication.
Digital signatures
Tie security risks to key business objectives
IP address packet filtering
Risk appetite
48. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Transferred risk
Fault-tolerant computer
Confidentiality
Baseline standard and then develop additional standards
49. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
Protective switch covers
Compliance with the organization's information security requirements
Get senior management onboard
The awareness and agreement of the data subjects
50. Accesses a computer or network illegally
Undervoltage (brownout)
Cracker
Strategic alignment of security with business objectives
Fault-tolerant computer