SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
The authentication process is broken
Developing an information security baseline
Creation of a business continuity plan
Cyber extortionist
2. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
All personnel
OBusiness case development
Defining high-level business security requirements
Centralization of information security management
3. ecurity design flaws require a ____________________.
Deeper level of analysis
Centralized structure
The balanced scorecard
Knowledge management
4. The data owner is responsible for _______________________.
Penetration testing
Applying the proper classification to the data
Performing a risk assessment
Impractical and is often cost-prohibitive
5. The most important characteristic of good security policies is that they be ____________________.
Nondisclosure agreement (NDA)
Calculating the value of the information or asset
Aligned with organizational goals
Requirements of the data owners
6. Applications cannot access data associated with other apps
Penetration testing
Data isolation
Virus
Background check
7. The information security manager needs to prioritize the controls based on ________________________.
Annually or whenever there is a significant change
Vulnerability assessment
Internal risk assessment
Risk management and the requirements of the organization
8. A key indicator of performance measurement.
Cross-site scripting attacks
Strategic alignment of security with business objectives
Security baselines
Audit objectives
9. Uses security metrics to measure the performance of the information security program.
Background checks of prospective employees
Tie security risks to key business objectives
Information security manager
Decentralization
10. Most effective for evaluating the degree to which information security objectives are being met.
Key risk indicator (KRI) setup
The balanced scorecard
MAL wear
Access control matrix
11. Ensure that transmitted information can be attributed to the named sender.
Digital signatures
Centralization of information security management
Creation of a business continuity plan
Safeguards over keys
12. Program that hides within or looks like a legit program
Service level agreements (SLAs)
Methodology used in the assessment
Trojan horse
Get senior management onboard
13. Should PRIMARILY be based on regulatory and legal requirements.
Consensus on risks and controls
Defined objectives
Role-based policy
Retention of business records
14. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Performing a risk assessment
The awareness and agreement of the data subjects
Information contained on the equipment
Spoofing attacks
15. When the ________________ is more than the cost of the risk - the risk should be accepted.
Digital certificate
Assess the risks to the business operation
Cost of control
Fault-tolerant computer
16. Culture has a significant impact on how information security will be implemented in a ______________________.
Continuous analysis - monitoring and feedback
Multinational organization
Skills inventory
Gain unauthorized access to applications
17. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Data warehouse
Support the business objectives of the organization
Negotiating a local version of the organization standards
Tie security risks to key business objectives
18. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Decentralization
Regular review of access control lists
Virus
Power surge/over voltage (spike)
19. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Residual risk
Trusted source
Data isolation
Inherent risk
20. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Rule-based access control
Support the business objectives of the organization
Prioritization
Security baselines
21. Awareness - training and physical security defenses.
Asset classification
Examples of containment defenses
Do with the information it collects
Cryptographic secure sockets layer (SSL) implementations and short key lengths
22. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Asset classification
Well-defined roles and responsibilities
Total cost of ownership (TCO)
Equal error rate (EER)
23. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Attributes and characteristics of the 'desired state'
Security awareness training for all employees
Spoofing attacks
Skills inventory
24. provides the most effective protection of data on mobile devices.
Strategic alignment of security with business objectives
Threat assessment
The authentication process is broken
Encryption
25. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Is willing to accept
Security code reviews for the entire software application
Centralized structure
Gap analysis
26. Identification and _______________ of business risk enables project managers to address areas with most significance.
Breakeven point of risk reduction and cost
Intrusion detection system (IDS)
Prioritization
Negotiating a local version of the organization standards
27. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Detection defenses
Performing a risk assessment
Countermeasure cost-benefit analysis
Calculating the value of the information or asset
28. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Access control matrix
MAL wear
Security awareness training for all employees
Consensus on risks and controls
29. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Increase business value and confidence
Multinational organization
Service level agreements (SLAs)
Detection defenses
30. Needs to define the access rules - which is troublesome and error prone in large organizations.
Rule-based access control
Cross-site scripting attacks
Control effectiveness
Get senior management onboard
31. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Attributes and characteristics of the 'desired state'
The data owner
Support the business objectives of the organization
Creation of a business continuity plan
32. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Security risk
Background check
Examples of containment defenses
Data classification
33. The PRIMARY goal in developing an information security strategy is to: _________________________.
Hacker
Certificate authority (CA)
The balanced scorecard
Support the business objectives of the organization
34. Someone who accesses a computer or network illegally
Two-factor authentication
Security code reviews for the entire software application
Hacker
Baseline standard and then develop additional standards
35. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Key controls
MAL wear
Proficiency testing
Developing an information security baseline
36. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Do with the information it collects
Continuous monitoring control initiatives
Biometric access control systems
Intrusion detection system (IDS)
37. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Control risk
Risk assessment - evaluation and impact analysis
Lack of change management
Owner of the information asset
38. Should be a standard requirement for the service provider.
Digital signatures
Trojan horse
Continuous analysis - monitoring and feedback
Background check
39. New security ulnerabilities should be managed through a ________________.
Alignment with business strategy
Patch management process
Information security manager
Transmit e-mail messages
40. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Creation of a business continuity plan
The information security officer
The authentication process is broken
Virus
41. Reducing risk to a level too small to measure is _______________.
Service level agreements (SLAs)
Encryption key management
Impractical and is often cost-prohibitive
Vulnerability assessment
42. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Trojan horse
Exceptions to policy
Key risk indicator (KRI) setup
Tailgating
43. S small warehouse - designed for the end-user needs in a strategic business unit
Regular review of access control lists
Comparison of cost of achievement
Continuous analysis - monitoring and feedback
Data mart
44. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Power surge/over voltage (spike)
Performing a risk assessment
0-day vulnerabilities
Properly aligned with business goals and objectives
45. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Attributes and characteristics of the 'desired state'
Monitoring processes
The board of directors and senior management
Cryptographic secure sockets layer (SSL) implementations and short key lengths
46. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Data classification
SWOT analysis
Alignment with business strategy
Aligned with organizational goals
47. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Multinational organization
Regulatory compliance
Biometric access control systems
Properly aligned with business goals and objectives
48. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Monitoring processes
Detection defenses
Logon banners
Risk assessment - evaluation and impact analysis
49. Occurs when the electrical supply drops
Undervoltage (brownout)
Inherent risk
Risk management and the requirements of the organization
The board of directors and senior management
50. Responsible for securing the information.
Threat assessment
Cyber terrorist
The data custodian
Virus detection
