SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Trusted source
Attributes and characteristics of the 'desired state'
Skills inventory
The balanced scorecard
2. Provides process needs but not impact.
Resource dependency assessment
Risk assessment - evaluation and impact analysis
Overall organizational structure
Penetration testing
3. Normally addressed through antivirus and antispyware policies.
Malicious software and spyware
Security risk
Support the business objectives of the organization
Patch management process
4. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
5. Responsible for securing the information.
The data custodian
Decentralization
Continuous monitoring control initiatives
Risk management and the requirements of the organization
6. Whenever personal data are transferred across national boundaries; ________________________ are required.
Information contained on the equipment
The awareness and agreement of the data subjects
Gain unauthorized access to applications
Well-defined roles and responsibilities
7. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
Residual risk
Encryption
Risk appetite
Skills inventory
8. Oversees the overall classification management of the information.
Vulnerability assessment
Risk appetite
Virus
The information security officer
9. Should PRIMARILY be based on regulatory and legal requirements.
Identify the vulnerable systems and apply compensating controls
Spoofing attacks
Retention of business records
Background check
10. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Role-based access control
Stress testing
Equal error rate (EER)
Process of introducing changes to systems
11. Provide metrics to which outsourcing firms can be held accountable.
Security code reviews for the entire software application
Intrusion detection system (IDS)
Service level agreements (SLAs)
Background check
12. Only valid if assets have first been identified and appropriately valued.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Residual risk would be reduced by a greater amount
Annual loss expectancy (ALE)calculations
Alignment with business strategy
13. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Control risk
Return on security investment (ROSI)
Key risk indicator (KRI) setup
The board of directors and senior management
14. Culture has a significant impact on how information security will be implemented in a ______________________.
Intrusion detection system (IDS)
Multinational organization
Cracker
Platform security - intrusion detection and antivirus controls
15. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Cyber extortionist
include security responsibilities in a job description
Protective switch covers
Negotiating a local version of the organization standards
16. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Negotiating a local version of the organization standards
The awareness and agreement of the data subjects
Cryptographic secure sockets layer (SSL) implementations and short key lengths
People
17. All within the responsibility of the information security manager.
Annual loss expectancy (ALE)calculations
Regulatory compliance
Platform security - intrusion detection and antivirus controls
Public key infrastructure (PKI)
18. Identification and _______________ of business risk enables project managers to address areas with most significance.
BIA (Business Impact Assessment
Prioritization
Negotiating a local version of the organization standards
Compliance with the organization's information security requirements
19. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Patch management
All personnel
Protective switch covers
The database administrator
20. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Cyber terrorist
Defining high-level business security requirements
Continuous monitoring control initiatives
Residual risk
21. Used to understand the flow of one process into another.
Worm
Total cost of ownership (TCO)
include security responsibilities in a job description
Waterfall chart
22. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Security awareness training for all employees
Exceptions to policy
What happened and how the breach was resolved
Risk appetite
23. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Personal firewall
Support the business objectives of the organization
Virus detection
Single sign-on (SSO) product
24. ecurity design flaws require a ____________________.
Patch management process
Deeper level of analysis
The authentication process is broken
Tailgating
25. Program that hides within or looks like a legit program
Conduct a risk assessment
Centralization of information security management
Service level agreements (SLAs)
Trojan horse
26. Reducing risk to a level too small to measure is _______________.
Developing an information security baseline
Get senior management onboard
Retention of business records
Impractical and is often cost-prohibitive
27. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
Trojan horse
Reduce risk to an acceptable level
SWOT analysis
OBusiness case development
28. S small warehouse - designed for the end-user needs in a strategic business unit
Centralized structure
Vulnerability assessment
Data mart
Detection defenses
29. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Countermeasure cost-benefit analysis
Acceptable use policies
0-day vulnerabilities
Defined objectives
30. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Risk management and the requirements of the organization
Information contained on the equipment
Notifications and opt-out provisions
Cracker
31. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Single sign-on (SSO) product
Exceptions to policy
Protective switch covers
Developing an information security baseline
32. Focuses on identifying vulnerabilities.
Penetration testing
Virus detection
Encryption
Internal risk assessment
33. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
OBusiness case development
Control risk
Cracker
Owner of the information asset
34. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Notifications and opt-out provisions
Acceptable use policies
Decentralization
Residual risk
35. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Encryption of the hard disks
Exceptions to policy
Knowledge management
Patch management process
36. An information security manager has to impress upon the human resources department the need for _____________________.
Security awareness training for all employees
Get senior management onboard
The information security officer
Compliance with the organization's information security requirements
37. Someone who uses the internet or network to destroy or damage computers for political reasons
Personal firewall
Cyber terrorist
Biometric access control systems
Compliance with the organization's information security requirements
38. Provides strong online authentication.
Public key infrastructure (PKI)
What happened and how the breach was resolved
Data mart
Cyber extortionist
39. New security ulnerabilities should be managed through a ________________.
Patch management process
Data warehouse
Continuous monitoring control initiatives
Transmit e-mail messages
40. Ensure that transmitted information can be attributed to the named sender.
Nondisclosure agreement (NDA)
Digital signatures
Knowledge management
Personal firewall
41. Accesses a computer or network illegally
Cracker
Security awareness training for all employees
OBusiness case development
BIA (Business Impact Assessment
42. A function of the session keys distributed by the PKI.
Service level agreements (SLAs)
Confidentiality
Personal firewall
Virus detection
43. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Security code reviews for the entire software application
Properly aligned with business goals and objectives
Platform security - intrusion detection and antivirus controls
Risk assessment - evaluation and impact analysis
44. Utility program that detects and protects a personal computer from unauthorized intrusions
Personal firewall
Security baselines
Undervoltage (brownout)
Prioritization
45. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Data warehouse
Continuous monitoring control initiatives
Key risk indicator (KRI) setup
Undervoltage (brownout)
46. When the ________________ is more than the cost of the risk - the risk should be accepted.
People
include security responsibilities in a job description
Data warehouse
Cost of control
47. Carries out the technical administration.
The database administrator
Asset classification
Safeguards over keys
include security responsibilities in a job description
48. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.
Attributes and characteristics of the 'desired state'
Data isolation
Its ability to reduce or eliminate business risks
Countermeasure cost-benefit analysis
49. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
All personnel
Background checks of prospective employees
Undervoltage (brownout)
The authentication process is broken
50. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Key risk indicator (KRI) setup
Worm
Monitoring processes
Centralized structure