SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A key indicator of performance measurement.
Strategic alignment of security with business objectives
Multinational organization
Protective switch covers
Encryption of the hard disks
2. Focuses on identifying vulnerabilities.
Overall organizational structure
Penetration testing
Its ability to reduce or eliminate business risks
Lack of change management
3. Identification and _______________ of business risk enables project managers to address areas with most significance.
The authentication process is broken
Prioritization
Support the business objectives of the organization
Control effectiveness
4. Oversees the overall classification management of the information.
Performing a risk assessment
Continuous monitoring control initiatives
The information security officer
Key risk indicator (KRI) setup
5. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Gain unauthorized access to applications
Classification of assets needs
Information security manager
Audit objectives
6. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Increase business value and confidence
Acceptable use policies
All personnel
Nondisclosure agreement (NDA)
7. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
OBusiness case development
Applying the proper classification to the data
Cracker
Knowledge management
8. Used to understand the flow of one process into another.
Gain unauthorized access to applications
Is willing to accept
Waterfall chart
Classification of assets needs
9. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Data classification
Phishing
Identify the vulnerable systems and apply compensating controls
Tie security risks to key business objectives
10. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Data warehouse
Worm
include security responsibilities in a job description
Cyber terrorist
11. Should be a standard requirement for the service provider.
Encryption
Countermeasure cost-benefit analysis
Penetration testing
Background check
12. The most important characteristic of good security policies is that they be ____________________.
Key risk indicator (KRI) setup
Aligned with organizational goals
Key controls
Safeguards over keys
13. Accesses a computer or network illegally
Cracker
Background checks of prospective employees
Undervoltage (brownout)
Residual risk
14. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Confidentiality
Alignment with business strategy
Worm
Control risk
15. A method for analyzing and reducing a relational database to its most streamlined form
0-day vulnerabilities
Monitoring processes
Performing a risk assessment
Normalization
16. Provide metrics to which outsourcing firms can be held accountable.
Compliance with the organization's information security requirements
Risk management and the requirements of the organization
Service level agreements (SLAs)
Undervoltage (brownout)
17. Ensures that there are no scalability problems.
MAL wear
Stress testing
Trusted source
IP address packet filtering
18. S small warehouse - designed for the end-user needs in a strategic business unit
Service level agreements (SLAs)
IP address packet filtering
Digital certificate
Data mart
19. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
Cryptographic secure sockets layer (SSL) implementations and short key lengths
What happened and how the breach was resolved
Data warehouse
The data custodian
20. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Risk assessment - evaluation and impact analysis
Annually or whenever there is a significant change
The balanced scorecard
Virus
21. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Security baselines
Comparison of cost of achievement
Creation of a business continuity plan
The data custodian
22. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Nondisclosure agreement (NDA)
Applying the proper classification to the data
Key risk indicator (KRI) setup
Defined objectives
23. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Biometric access control systems
Alignment with business strategy
Its ability to reduce or eliminate business risks
Spoofing attacks
24. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Retention of business records
Internal risk assessment
Consensus on risks and controls
Security code reviews for the entire software application
25. ecurity design flaws require a ____________________.
Strategic alignment of security with business objectives
Detection defenses
Deeper level of analysis
Defined objectives
26. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.
Gap analysis
Patch management process
Threat assessment
Regulatory compliance
27. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Baseline standard and then develop additional standards
Risk assessment - evaluation and impact analysis
Biometric access control systems
Annual loss expectancy (ALE)calculations
28. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
Key controls
All personnel
Control risk
A network vulnerability assessment
29. Awareness - training and physical security defenses.
Multinational organization
Skills inventory
Role-based access control
Examples of containment defenses
30. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Exceptions to policy
Vulnerability assessment
Cyber terrorist
Decentralization
31. Cannot be minimized
Compliance with the organization's information security requirements
Asset classification
Inherent risk
MAL wear
32. Utility program that detects and protects a personal computer from unauthorized intrusions
Equal error rate (EER)
Platform security - intrusion detection and antivirus controls
Breakeven point of risk reduction and cost
Personal firewall
33. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
Get senior management onboard
Total cost of ownership (TCO)
Overall organizational structure
Methodology used in the assessment
34. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Alignment with business strategy
Deeper level of analysis
Consensus on risks and controls
Assess the risks to the business operation
35. Same intent as a cracker but does not have the technical skills and knowledge
Properly aligned with business goals and objectives
Calculating the value of the information or asset
Script kiddie
Comparison of cost of achievement
36. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
37. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Information contained on the equipment
Normalization
Intrusion detection system (IDS)
Cyber extortionist
38. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
People
Annually or whenever there is a significant change
Lack of change management
Protective switch covers
39. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Rule-based access control
Hacker
Owner of the information asset
Developing an information security baseline
40. A Successful risk management should lead to a ________________.
Annual loss expectancy (ALE)calculations
Continuous monitoring control initiatives
Breakeven point of risk reduction and cost
Gain unauthorized access to applications
41. Responsible for securing the information.
Control effectiveness
The data custodian
Equal error rate (EER)
Continuous monitoring control initiatives
42. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Detection defenses
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Support the business objectives of the organization
BIA (Business Impact Assessment
43. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Multinational organization
Tailgating
Increase business value and confidence
44. The PRIMARY goal in developing an information security strategy is to: _________________________.
Encryption key management
Support the business objectives of the organization
Compliance with the organization's information security requirements
The authentication process is broken
45. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Vulnerability assessment
Virus
Owner of the information asset
Gap analysis
46. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
The database administrator
Data mart
Safeguards over keys
Gain unauthorized access to applications
47. Occurs when the incoming level
Logon banners
Power surge/over voltage (spike)
Role-based access control
Return on security investment (ROSI)
48. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
The board of directors and senior management
Trusted source
Threat assessment
Process of introducing changes to systems
49. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Normalization
Cyber extortionist
Assess the risks to the business operation
Protective switch covers
50. A repository of historical data organized by subject to support decision makers in the org
Nondisclosure agreement (NDA)
Classification of assets needs
Data warehouse
Defining and ratifying the classification structure of information assets