SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Two-factor authentication
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Script kiddie
Intrusion detection system (IDS)
2. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Reduce risk to an acceptable level
Risk management and the requirements of the organization
Well-defined roles and responsibilities
Data mart
3. Normally addressed through antivirus and antispyware policies.
Total cost of ownership (TCO)
Malicious software and spyware
include security responsibilities in a job description
Countermeasure cost-benefit analysis
4. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Two-factor authentication
Notifications and opt-out provisions
Script kiddie
Continuous monitoring control initiatives
5. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
MAL wear
Security code reviews for the entire software application
Knowledge management
Overall organizational structure
6. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Worm
Notifications and opt-out provisions
Information contained on the equipment
Retention of business records
7. Culture has a significant impact on how information security will be implemented in a ______________________.
Role-based access control
Multinational organization
Decentralization
Hacker
8. Should PRIMARILY be based on regulatory and legal requirements.
Audit objectives
Retention of business records
Continuous monitoring control initiatives
Tie security risks to key business objectives
9. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Security code reviews for the entire software application
Centralized structure
Key risk indicator (KRI) setup
Threat assessment
10. All within the responsibility of the information security manager.
Platform security - intrusion detection and antivirus controls
Consensus on risks and controls
Gain unauthorized access to applications
Transferred risk
11. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Tailgating
Annually or whenever there is a significant change
The data custodian
Developing an information security baseline
12. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
13. Computer that has duplicate components so it can continue to operate when one of its main components fail
Encryption
Fault-tolerant computer
Spoofing attacks
Conduct a risk assessment
14. Responsible for securing the information.
Overall organizational structure
Vulnerability assessment
The data custodian
What happened and how the breach was resolved
15. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Breakeven point of risk reduction and cost
Proficiency testing
Control effectiveness
16. Company or person you believe will not send a virus-infect file knowingly
Trusted source
Key controls
Encryption key management
Calculating the value of the information or asset
17. Should be determined from the risk assessment results.
Security awareness training for all employees
Identify the relevant systems and processes
Audit objectives
Exceptions to policy
18. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.
Regulatory compliance
Support the business objectives of the organization
Data owners
Residual risk would be reduced by a greater amount
19. Identification and _______________ of business risk enables project managers to address areas with most significance.
Prioritization
Spoofing attacks
Overall organizational structure
Equal error rate (EER)
20. Focuses on identifying vulnerabilities.
Security awareness training for all employees
Penetration testing
Gain unauthorized access to applications
Information contained on the equipment
21. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Patch management
Residual risk would be reduced by a greater amount
Well-defined roles and responsibilities
Identify the vulnerable systems and apply compensating controls
22. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Lack of change management
Comparison of cost of achievement
Information contained on the equipment
Control risk
23. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Platform security - intrusion detection and antivirus controls
MAL wear
Cyber terrorist
Security risk
24. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
The authentication process is broken
include security responsibilities in a job description
Multinational organization
The data custodian
25. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
The authentication process is broken
Owner of the information asset
Notifications and opt-out provisions
Classification of assets needs
26. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
All personnel
Total cost of ownership (TCO)
Acceptable use policies
Countermeasure cost-benefit analysis
27. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Data mart
Waterfall chart
Prioritization
Owner of the information asset
28. S small warehouse - designed for the end-user needs in a strategic business unit
Data mart
Penetration testing
SWOT analysis
Cyber terrorist
29. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
30. The most important characteristic of good security policies is that they be ____________________.
Aligned with organizational goals
Cyber extortionist
Skills inventory
Well-defined roles and responsibilities
31. By definition are not previously known and therefore are undetectable.
Centralization of information security management
Baseline standard and then develop additional standards
Data classification
0-day vulnerabilities
32. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Annual loss expectancy (ALE)calculations
Requirements of the data owners
Nondisclosure agreement (NDA)
Gap analysis
33. Would protect against spoofing an internal address but would not provide strong authentication.
Continuous monitoring control initiatives
Performing a risk assessment
IP address packet filtering
Virus detection
34. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
A network vulnerability assessment
Logon banners
Knowledge management
Background checks of prospective employees
35. Ensures that there are no scalability problems.
Defining high-level business security requirements
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Stress testing
Defined objectives
36. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Biometric access control systems
Examples of containment defenses
Confidentiality
Breakeven point of risk reduction and cost
37. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Fault-tolerant computer
Security risk
The board of directors and senior management
Transmit e-mail messages
38. Inject malformed input.
Deeper level of analysis
Platform security - intrusion detection and antivirus controls
Cross-site scripting attacks
Trusted source
39. The best measure for preventing the unauthorized disclosure of confidential information.
Defining high-level business security requirements
Conduct a risk assessment
Two-factor authentication
Acceptable use policies
40. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Virus
Encryption
Baseline standard and then develop additional standards
Performing a risk assessment
41. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Certificate authority (CA)
Decentralization
The balanced scorecard
Safeguards over keys
42. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Residual risk
Data owners
Continuous monitoring control initiatives
All personnel
43. Cannot be minimized
Lack of change management
Inherent risk
Centralized structure
The information security officer
44. BEST option to improve accountability for a system administrator is to _____________________.
include security responsibilities in a job description
Penetration testing
Is willing to accept
Encryption
45. A Successful risk management should lead to a ________________.
Regular review of access control lists
Breakeven point of risk reduction and cost
Encryption of the hard disks
Single sign-on (SSO) product
46. A repository of historical data organized by subject to support decision makers in the org
The board of directors and senior management
Use of security metrics
Requirements of the data owners
Data warehouse
47. Has to be integrated into the requirements of every software application's design.
Deeper level of analysis
Defined objectives
Risk management and the requirements of the organization
Encryption key management
48. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Residual risk
Encryption
Comparison of cost of achievement
Resource dependency assessment
49. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Certificate authority (CA)
All personnel
Continuous analysis - monitoring and feedback
Reduce risk to an acceptable level
50. To identify known vulnerabilities based on common misconfigurations and missing updates.
Key risk indicator (KRI) setup
A network vulnerability assessment
Encryption of the hard disks
Continuous analysis - monitoring and feedback