SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Occurs when the incoming level
Information security manager
Power surge/over voltage (spike)
Risk appetite
Protective switch covers
2. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Threat assessment
Risk assessment - evaluation and impact analysis
Single sign-on (SSO) product
The database administrator
3. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
Role-based policy
What happened and how the breach was resolved
Data mart
Virus detection
4. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
5. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
People
The data owner
BIA (Business Impact Assessment
Negotiating a local version of the organization standards
6. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
People
Residual risk
Transferred risk
Security risk
7. Ensure that transmitted information can be attributed to the named sender.
Fault-tolerant computer
Attributes and characteristics of the 'desired state'
Digital signatures
Breakeven point of risk reduction and cost
8. Program that hides within or looks like a legit program
MAL wear
Regular review of access control lists
Trojan horse
Methodology used in the assessment
9. Oversees the overall classification management of the information.
The information security officer
MAL wear
Resource dependency assessment
Classification of assets needs
10. Someone who uses the internet or network to destroy or damage computers for political reasons
Total cost of ownership (TCO)
Cyber terrorist
Tailgating
Properly aligned with business goals and objectives
11. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Performing a risk assessment
Script kiddie
Residual risk
Do with the information it collects
12. Primarily reduce risk and are most effective for the protection of information assets.
Key controls
Data owners
What happened and how the breach was resolved
The data owner
13. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Alignment with business strategy
Monitoring processes
Examples of containment defenses
Tie security risks to key business objectives
14. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.
Its ability to reduce or eliminate business risks
Acceptable use policies
Control effectiveness
Key risk indicator (KRI) setup
15. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
The balanced scorecard
Regular review of access control lists
Risk appetite
16. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Virus
Hacker
Tailgating
Digital certificate
17. A notice that guarantees a user or a web site is legitimate
Safeguards over keys
Information contained on the equipment
Virus detection
Digital certificate
18. Most effective for evaluating the degree to which information security objectives are being met.
Skills inventory
Undervoltage (brownout)
Strategic alignment of security with business objectives
The balanced scorecard
19. All within the responsibility of the information security manager.
Platform security - intrusion detection and antivirus controls
Get senior management onboard
Gain unauthorized access to applications
Intrusion detection system (IDS)
20. The most important characteristic of good security policies is that they be ____________________.
Protective switch covers
Skills inventory
Developing an information security baseline
Aligned with organizational goals
21. Information security governance models are highly dependent on the _____________________.
include security responsibilities in a job description
Identify the vulnerable systems and apply compensating controls
Encryption key management
Overall organizational structure
22. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Asset classification
Logon banners
Cyber terrorist
Digital signatures
23. Provides process needs but not impact.
Cyber terrorist
Monitoring processes
Compliance with the organization's information security requirements
Resource dependency assessment
24. Awareness - training and physical security defenses.
Malicious software and spyware
Examples of containment defenses
Well-defined roles and responsibilities
Cyber terrorist
25. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Logon banners
Fault-tolerant computer
Security code reviews for the entire software application
Undervoltage (brownout)
26. It is easier to manage and control a _________________.
Trojan horse
Role-based policy
Identify the vulnerable systems and apply compensating controls
Centralized structure
27. An information security manager has to impress upon the human resources department the need for _____________________.
Biometric access control systems
Data owners
Security awareness training for all employees
Single sign-on (SSO) product
28. A repository of historical data organized by subject to support decision makers in the org
Trojan horse
Data warehouse
Service level agreements (SLAs)
Reduce risk to an acceptable level
29. Whenever personal data are transferred across national boundaries; ________________________ are required.
Monitoring processes
Trusted source
The awareness and agreement of the data subjects
include security responsibilities in a job description
30. Without _____________________ - there cannot be accountability.
Platform security - intrusion detection and antivirus controls
Retention of business records
Well-defined roles and responsibilities
Resource dependency assessment
31. Same intent as a cracker but does not have the technical skills and knowledge
Cyber terrorist
Script kiddie
include security responsibilities in a job description
Defined objectives
32. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Role-based access control
Consensus on risks and controls
Access control matrix
Single sign-on (SSO) product
33. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Requirements of the data owners
Role-based access control
Aligned with organizational goals
BIA (Business Impact Assessment
34. A function of the session keys distributed by the PKI.
Attributes and characteristics of the 'desired state'
Confidentiality
Baseline standard and then develop additional standards
Biometric access control systems
35. A method for analyzing and reducing a relational database to its most streamlined form
Normalization
Risk appetite
Get senior management onboard
Baseline standard and then develop additional standards
36. Has to be integrated into the requirements of every software application's design.
Protective switch covers
Reduce risk to an acceptable level
Encryption key management
Two-factor authentication
37. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Single sign-on (SSO) product
Data mart
MAL wear
Residual risk would be reduced by a greater amount
38. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
What happened and how the breach was resolved
Two-factor authentication
Classification of assets needs
Data isolation
39. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
Transmit e-mail messages
Centralization of information security management
All personnel
Data warehouse
40. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Methodology used in the assessment
Identify the relevant systems and processes
Biometric access control systems
The data owner
41. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Detection defenses
Baseline standard and then develop additional standards
Calculating the value of the information or asset
Do with the information it collects
42. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
The information security officer
Defining and ratifying the classification structure of information assets
Reduce risk to an acceptable level
Key risk indicator (KRI) setup
43. Provide metrics to which outsourcing firms can be held accountable.
Service level agreements (SLAs)
Platform security - intrusion detection and antivirus controls
Information security manager
Data classification
44. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Gap analysis
Script kiddie
Creation of a business continuity plan
Digital certificate
45. The MOST important element of an information security strategy.
Defined objectives
Residual risk would be reduced by a greater amount
Data mart
Nondisclosure agreement (NDA)
46. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Public key infrastructure (PKI)
Role-based access control
Centralized structure
47. Someone who accesses a computer or network illegally
Hacker
Its ability to reduce or eliminate business risks
The authentication process is broken
Annually or whenever there is a significant change
48. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
49. Should be a standard requirement for the service provider.
Performing a risk assessment
Process of introducing changes to systems
Annually or whenever there is a significant change
Background check
50. S small warehouse - designed for the end-user needs in a strategic business unit
Gain unauthorized access to applications
Risk appetite
Data mart
Data isolation
