SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Key risk indicator (KRI) setup
Access control matrix
Notifications and opt-out provisions
Decentralization
2. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
Patch management
Strategic alignment of security with business objectives
All personnel
Platform security - intrusion detection and antivirus controls
3. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Annually or whenever there is a significant change
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Protective switch covers
Retention of business records
4. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Fault-tolerant computer
Developing an information security baseline
Impractical and is often cost-prohibitive
Its ability to reduce or eliminate business risks
5. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
0-day vulnerabilities
Annual loss expectancy (ALE)calculations
Performing a risk assessment
Control effectiveness
6. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
7. Culture has a significant impact on how information security will be implemented in a ______________________.
Lack of change management
Defined objectives
Risk management and the requirements of the organization
Multinational organization
8. The PRIMARY goal in developing an information security strategy is to: _________________________.
Two-factor authentication
Role-based access control
Support the business objectives of the organization
Trusted source
9. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Role-based access control
Waterfall chart
Cracker
Continuous analysis - monitoring and feedback
10. All within the responsibility of the information security manager.
Information security manager
Trojan horse
Spoofing attacks
Platform security - intrusion detection and antivirus controls
11. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Confidentiality
Defining and ratifying the classification structure of information assets
Threat assessment
Attributes and characteristics of the 'desired state'
12. Useful but only with regard to specific technical skills.
Creation of a business continuity plan
Data warehouse
Defining and ratifying the classification structure of information assets
Proficiency testing
13. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Cost of control
Encryption
Gain unauthorized access to applications
Negotiating a local version of the organization standards
14. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Regular review of access control lists
Examples of containment defenses
IP address packet filtering
Vulnerability assessment
15. To identify known vulnerabilities based on common misconfigurations and missing updates.
Do with the information it collects
Stress testing
Role-based access control
A network vulnerability assessment
16. The most important characteristic of good security policies is that they be ____________________.
Acceptable use policies
Aligned with organizational goals
Protective switch covers
Cryptographic secure sockets layer (SSL) implementations and short key lengths
17. Someone who accesses a computer or network illegally
Hacker
Data mart
Compliance with the organization's information security requirements
Negotiating a local version of the organization standards
18. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Protective switch covers
Tailgating
Encryption of the hard disks
19. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Impractical and is often cost-prohibitive
Script kiddie
Tie security risks to key business objectives
Comparison of cost of achievement
20. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Centralization of information security management
Properly aligned with business goals and objectives
0-day vulnerabilities
Alignment with business strategy
21. Occurs when the incoming level
Properly aligned with business goals and objectives
Trusted source
Security risk
Power surge/over voltage (spike)
22. Identification and _______________ of business risk enables project managers to address areas with most significance.
Regulatory compliance
Compliance with the organization's information security requirements
The information security officer
Prioritization
23. A notice that guarantees a user or a web site is legitimate
Methodology used in the assessment
Digital certificate
Internal risk assessment
Risk appetite
24. The primary role of the information security manager in the process of information classification within the organization.
Defining and ratifying the classification structure of information assets
Virus detection
Phishing
Increase business value and confidence
25. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
The data custodian
Conduct a risk assessment
Risk management and the requirements of the organization
Single sign-on (SSO) product
26. ecurity design flaws require a ____________________.
The data owner
OBusiness case development
Deeper level of analysis
Centralized structure
27. A function of the session keys distributed by the PKI.
Confidentiality
Defining high-level business security requirements
Service level agreements (SLAs)
Personal firewall
28. Accesses a computer or network illegally
Cracker
Prioritization
Data owners
Strategic alignment of security with business objectives
29. Ensure that transmitted information can be attributed to the named sender.
Gap analysis
Return on security investment (ROSI)
Creation of a business continuity plan
Digital signatures
30. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Baseline standard and then develop additional standards
BIA (Business Impact Assessment
The authentication process is broken
Key controls
31. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Data mart
Monitoring processes
Power surge/over voltage (spike)
Regulatory compliance
32. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
BIA (Business Impact Assessment
Background checks of prospective employees
Return on security investment (ROSI)
People
33. Company or person you believe will not send a virus-infect file knowingly
Residual risk
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Trusted source
Classification of assets needs
34. When defining the information classification policy - the ___________________ need to be identified.
Audit objectives
Penetration testing
Requirements of the data owners
Deeper level of analysis
35. S small warehouse - designed for the end-user needs in a strategic business unit
Impractical and is often cost-prohibitive
Examples of containment defenses
Data mart
Reduce risk to an acceptable level
36. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Exceptions to policy
Cyber terrorist
Skills inventory
Centralized structure
37. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
Baseline standard and then develop additional standards
Risk management and the requirements of the organization
Exceptions to policy
Risk appetite
38. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Cracker
Breakeven point of risk reduction and cost
Resource dependency assessment
Do with the information it collects
39. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Role-based policy
Normalization
Residual risk would be reduced by a greater amount
Centralization of information security management
40. A key indicator of performance measurement.
Strategic alignment of security with business objectives
Impractical and is often cost-prohibitive
Retention of business records
Annually or whenever there is a significant change
41. The data owner is responsible for _______________________.
Key controls
Inherent risk
Applying the proper classification to the data
Logon banners
42. Occurs when the electrical supply drops
People
Role-based policy
Stress testing
Undervoltage (brownout)
43. A Successful risk management should lead to a ________________.
Power surge/over voltage (spike)
Breakeven point of risk reduction and cost
Examples of containment defenses
Annual loss expectancy (ALE)calculations
44. Cannot be minimized
The data owner
Its ability to reduce or eliminate business risks
Vulnerability assessment
Inherent risk
45. A risk assessment should be conducted _________________.
Defining and ratifying the classification structure of information assets
Encryption
Internal risk assessment
Annually or whenever there is a significant change
46. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Monitoring processes
Methodology used in the assessment
Defining high-level business security requirements
Biometric access control systems
47. Needs to define the access rules - which is troublesome and error prone in large organizations.
Rule-based access control
Total cost of ownership (TCO)
Identify the relevant systems and processes
Do with the information it collects
48. A repository of historical data organized by subject to support decision makers in the org
Data warehouse
Use of security metrics
Two-factor authentication
Hacker
49. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Intrusion detection system (IDS)
Internal risk assessment
Prioritization
Total cost of ownership (TCO)
50. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Impractical and is often cost-prohibitive
Control risk
Countermeasure cost-benefit analysis
Residual risk