Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Company or person you believe will not send a virus-infect file knowingly






2. The job of the information security officer on a management team is to ___________________.






3. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process






4. Ensure that transmitted information can be attributed to the named sender.






5. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information






6. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works






7. The best measure for preventing the unauthorized disclosure of confidential information.






8. S small warehouse - designed for the end-user needs in a strategic business unit






9. Provides process needs but not impact.






10. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.






11. Oversees the overall classification management of the information.






12. Whenever personal data are transferred across national boundaries; ________________________ are required.






13. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.






14. Someone who accesses a computer or network illegally






15. Uses security metrics to measure the performance of the information security program.






16. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


17. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.






18. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.






19. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.






20. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'






21. Applications cannot access data associated with other apps






22. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance






23. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.






24. A function of the session keys distributed by the PKI.






25. The MOST useful way to describe the objectives in the information security strategy is through ______________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


26. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the






27. A risk assessment should be conducted _________________.






28. Without _____________________ - there cannot be accountability.






29. The BEST justification to convince management to invest in an information security program is that doing so would _________________.






30. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.






31. Same intent as a cracker but does not have the technical skills and knowledge






32. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.






33. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.






34. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.






35. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.






36. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.






37. In order to highlight to management the importance of network security - the security manager should FIRST _______________.






38. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.






39. The primary role of the information security manager in the process of information classification within the organization.






40. BEST option to improve accountability for a system administrator is to _____________________.






41. Has to be integrated into the requirements of every software application's design.






42. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.






43. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.






44. Primarily reduce risk and are most effective for the protection of information assets.






45. Should PRIMARILY be based on regulatory and legal requirements.






46. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.






47. When defining the information classification policy - the ___________________ need to be identified.






48. The most important characteristic of good security policies is that they be ____________________.






49. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.






50. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.