SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Get senior management onboard
Comparison of cost of achievement
Attributes and characteristics of the 'desired state'
Power surge/over voltage (spike)
2. A method for analyzing and reducing a relational database to its most streamlined form
include security responsibilities in a job description
Performing a risk assessment
Normalization
SWOT analysis
3. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Safeguards over keys
Key risk indicator (KRI) setup
Virus detection
Spoofing attacks
4. Primarily reduce risk and are most effective for the protection of information assets.
Key controls
Decentralization
Defining and ratifying the classification structure of information assets
Alignment with business strategy
5. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Properly aligned with business goals and objectives
Security awareness training for all employees
Data mart
Malicious software and spyware
6. A key indicator of performance measurement.
Annually or whenever there is a significant change
Defined objectives
Strategic alignment of security with business objectives
Two-factor authentication
7. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Normalization
Monitoring processes
Protective switch covers
Logon banners
8. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Data classification
Protective switch covers
Digital signatures
Prioritization
9. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Inherent risk
Digital signatures
Security baselines
Residual risk would be reduced by a greater amount
10. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Risk assessment - evaluation and impact analysis
Identify the vulnerable systems and apply compensating controls
Biometric access control systems
Security code reviews for the entire software application
11. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
BIA (Business Impact Assessment
Get senior management onboard
Classification of assets needs
Audit objectives
12. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Data isolation
Two-factor authentication
BIA (Business Impact Assessment
The database administrator
13. Company or person you believe will not send a virus-infect file knowingly
Stress testing
Key risk indicator (KRI) setup
Trusted source
Reduce risk to an acceptable level
14. An information security manager has to impress upon the human resources department the need for _____________________.
Security awareness training for all employees
Logon banners
Transmit e-mail messages
Fault-tolerant computer
15. Only valid if assets have first been identified and appropriately valued.
Virus detection
Conduct a risk assessment
Annual loss expectancy (ALE)calculations
Data warehouse
16. All within the responsibility of the information security manager.
Platform security - intrusion detection and antivirus controls
Stress testing
Safeguards over keys
Hacker
17. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
The data owner
0-day vulnerabilities
Power surge/over voltage (spike)
Owner of the information asset
18. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Inherent risk
Total cost of ownership (TCO)
Security code reviews for the entire software application
Cross-site scripting attacks
19. Programs that act without a user's knowledge and deliberately alter a computer's operations
Audit objectives
Acceptable use policies
Platform security - intrusion detection and antivirus controls
MAL wear
20. Has full responsibility over data.
Classification of assets needs
Waterfall chart
Creation of a business continuity plan
The data owner
21. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Background checks of prospective employees
The board of directors and senior management
Rule-based access control
Personal firewall
22. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Confidentiality
Attributes and characteristics of the 'desired state'
Security code reviews for the entire software application
Gain unauthorized access to applications
23. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.
Malicious software and spyware
Regulatory compliance
OBusiness case development
Virus
24. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Biometric access control systems
Data warehouse
Worm
Confidentiality
25. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Tie security risks to key business objectives
Proficiency testing
Annual loss expectancy (ALE)calculations
Acceptable use policies
26. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Role-based policy
Background checks of prospective employees
Return on security investment (ROSI)
The authentication process is broken
27. Information security governance models are highly dependent on the _____________________.
Countermeasure cost-benefit analysis
Personal firewall
Equal error rate (EER)
Overall organizational structure
28. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Security risk
Defined objectives
Asset classification
Undervoltage (brownout)
29. The job of the information security officer on a management team is to ___________________.
Annually or whenever there is a significant change
Phishing
Assess the risks to the business operation
Protective switch covers
30. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Residual risk
Public key infrastructure (PKI)
Notifications and opt-out provisions
Regular review of access control lists
31. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Tie security risks to key business objectives
Transferred risk
Phishing
Defining high-level business security requirements
32. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Single sign-on (SSO) product
Defining and ratifying the classification structure of information assets
Background check
Biometric access control systems
33. A risk assessment should be conducted _________________.
Cracker
Annually or whenever there is a significant change
Encryption key management
Data isolation
34. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Return on security investment (ROSI)
Control effectiveness
Data owners
Cross-site scripting attacks
35. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Examples of containment defenses
Overall organizational structure
Continuous monitoring control initiatives
Asset classification
36. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Reduce risk to an acceptable level
SWOT analysis
Vulnerability assessment
OBusiness case development
37. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Conduct a risk assessment
Patch management
Digital certificate
Identify the relevant systems and processes
38. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
The data custodian
Digital signatures
Creation of a business continuity plan
Performing a risk assessment
39. Oversees the overall classification management of the information.
Multinational organization
Performing a risk assessment
Stress testing
The information security officer
40. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Impractical and is often cost-prohibitive
Control risk
Script kiddie
Decentralization
41. Provides strong online authentication.
Process of introducing changes to systems
Public key infrastructure (PKI)
Virus
Is willing to accept
42. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Annual loss expectancy (ALE)calculations
Owner of the information asset
Comparison of cost of achievement
Conduct a risk assessment
43. Carries out the technical administration.
Audit objectives
Increase business value and confidence
Hacker
The database administrator
44. Should be determined from the risk assessment results.
Information contained on the equipment
Audit objectives
Gain unauthorized access to applications
Malicious software and spyware
45. Needs to define the access rules - which is troublesome and error prone in large organizations.
The information security officer
Calculating the value of the information or asset
Assess the risks to the business operation
Rule-based access control
46. Accesses a computer or network illegally
include security responsibilities in a job description
Vulnerability assessment
Cracker
Data mart
47. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
Hacker
Biometric access control systems
OBusiness case development
Data classification
48. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Defined objectives
Conduct a risk assessment
Role-based access control
Information security manager
49. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Countermeasure cost-benefit analysis
Stress testing
Multinational organization
Cyber extortionist
50. Has to be integrated into the requirements of every software application's design.
Data isolation
Encryption key management
Retention of business records
Data owners
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests