SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A risk assessment should be conducted _________________.
Annually or whenever there is a significant change
Nondisclosure agreement (NDA)
Identify the relevant systems and processes
Transferred risk
2. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Residual risk would be reduced by a greater amount
Proficiency testing
Defining high-level business security requirements
Control effectiveness
3. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Aligned with organizational goals
Knowledge management
Cross-site scripting attacks
Lack of change management
4. New security ulnerabilities should be managed through a ________________.
Identify the relevant systems and processes
Patch management process
The data custodian
Platform security - intrusion detection and antivirus controls
5. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Cross-site scripting attacks
Identify the relevant systems and processes
Continuous monitoring control initiatives
Rule-based access control
6. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Baseline standard and then develop additional standards
Tie security risks to key business objectives
People
Security code reviews for the entire software application
7. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Prioritization
Continuous monitoring control initiatives
Single sign-on (SSO) product
The board of directors and senior management
8. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Multinational organization
The balanced scorecard
Exceptions to policy
Conduct a risk assessment
9. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Data warehouse
Assess the risks to the business operation
Digital certificate
Decentralization
10. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Comparison of cost of achievement
Threat assessment
Alignment with business strategy
Cracker
11. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Annually or whenever there is a significant change
Negotiating a local version of the organization standards
Decentralization
Regular review of access control lists
12. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Spoofing attacks
Asset classification
Classification of assets needs
Increase business value and confidence
13. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Script kiddie
Performing a risk assessment
Increase business value and confidence
14. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Data owners
Regulatory compliance
Two-factor authentication
Spoofing attacks
15. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Encryption
Creation of a business continuity plan
Deeper level of analysis
Information contained on the equipment
16. The primary role of the information security manager in the process of information classification within the organization.
0-day vulnerabilities
Centralization of information security management
Defining and ratifying the classification structure of information assets
Rule-based access control
17. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Data isolation
Alignment with business strategy
Phishing
Decentralization
18. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Do with the information it collects
Role-based policy
Patch management process
Control effectiveness
19. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Centralized structure
Detection defenses
Vulnerability assessment
The board of directors and senior management
20. Uses security metrics to measure the performance of the information security program.
MAL wear
SWOT analysis
Intrusion detection system (IDS)
Information security manager
21. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
0-day vulnerabilities
Methodology used in the assessment
Access control matrix
Cost of control
22. Should PRIMARILY be based on regulatory and legal requirements.
Retention of business records
Data isolation
Gap analysis
Assess the risks to the business operation
23. All within the responsibility of the information security manager.
Platform security - intrusion detection and antivirus controls
Trusted source
Use of security metrics
OBusiness case development
24. Someone who uses the internet or network to destroy or damage computers for political reasons
Regulatory compliance
Normalization
Process of introducing changes to systems
Cyber terrorist
25. Should be determined from the risk assessment results.
Data owners
Gain unauthorized access to applications
Audit objectives
Prioritization
26. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Examples of containment defenses
BIA (Business Impact Assessment
Negotiating a local version of the organization standards
IP address packet filtering
27. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Key risk indicator (KRI) setup
Security baselines
Resource dependency assessment
Acceptable use policies
28. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Risk assessment - evaluation and impact analysis
Annual loss expectancy (ALE)calculations
The data custodian
Knowledge management
29. Provide metrics to which outsourcing firms can be held accountable.
Gap analysis
Malicious software and spyware
Service level agreements (SLAs)
Regular review of access control lists
30. Provides strong online authentication.
Public key infrastructure (PKI)
Requirements of the data owners
Safeguards over keys
The awareness and agreement of the data subjects
31. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Total cost of ownership (TCO)
Normalization
Identify the vulnerable systems and apply compensating controls
Developing an information security baseline
32. Most effective for evaluating the degree to which information security objectives are being met.
The balanced scorecard
Multinational organization
What happened and how the breach was resolved
Data owners
33. S small warehouse - designed for the end-user needs in a strategic business unit
Power surge/over voltage (spike)
Data mart
Fault-tolerant computer
The information security officer
34. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Virus detection
Role-based access control
Control risk
Worm
35. Should be a standard requirement for the service provider.
SWOT analysis
Background check
Examples of containment defenses
Knowledge management
36. Carries out the technical administration.
Properly aligned with business goals and objectives
Cyber terrorist
Negotiating a local version of the organization standards
The database administrator
37. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Developing an information security baseline
Equal error rate (EER)
Is willing to accept
Deeper level of analysis
38. Identification and _______________ of business risk enables project managers to address areas with most significance.
Monitoring processes
Prioritization
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Decentralization
39. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
40. Same intent as a cracker but does not have the technical skills and knowledge
include security responsibilities in a job description
Patch management
Prioritization
Script kiddie
41. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Confidentiality
Transmit e-mail messages
Hacker
Comparison of cost of achievement
42. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Do with the information it collects
Knowledge management
The awareness and agreement of the data subjects
Equal error rate (EER)
43. The PRIMARY goal in developing an information security strategy is to: _________________________.
Gain unauthorized access to applications
Regular review of access control lists
Support the business objectives of the organization
Knowledge management
44. When the ________________ is more than the cost of the risk - the risk should be accepted.
Control effectiveness
Developing an information security baseline
Cost of control
Total cost of ownership (TCO)
45. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
What happened and how the breach was resolved
Background check
Performing a risk assessment
Reduce risk to an acceptable level
46. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Logon banners
Assess the risks to the business operation
Vulnerability assessment
Cross-site scripting attacks
47. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Data isolation
Overall organizational structure
Security baselines
Detection defenses
48. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Identify the relevant systems and processes
Risk appetite
Data isolation
Examples of containment defenses
49. A repository of historical data organized by subject to support decision makers in the org
Overall organizational structure
Data warehouse
Trojan horse
The awareness and agreement of the data subjects
50. The MOST important element of an information security strategy.
Requirements of the data owners
Background checks of prospective employees
Owner of the information asset
Defined objectives
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests