SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Conduct a risk assessment
Role-based policy
Vulnerability assessment
Cost of control
2. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Background check
All personnel
Detection defenses
Well-defined roles and responsibilities
3. A repository of historical data organized by subject to support decision makers in the org
Attributes and characteristics of the 'desired state'
Data warehouse
Breakeven point of risk reduction and cost
Return on security investment (ROSI)
4. The data owner is responsible for _______________________.
Applying the proper classification to the data
Audit objectives
Information contained on the equipment
Total cost of ownership (TCO)
5. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Multinational organization
Worm
Developing an information security baseline
Regular review of access control lists
6. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Lack of change management
Patch management
Conduct a risk assessment
OBusiness case development
7. Inject malformed input.
Is willing to accept
Cross-site scripting attacks
Notifications and opt-out provisions
Personal firewall
8. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Single sign-on (SSO) product
Total cost of ownership (TCO)
Aligned with organizational goals
Negotiating a local version of the organization standards
9. provides the most effective protection of data on mobile devices.
Two-factor authentication
Encryption
Worm
Digital certificate
10. Should be a standard requirement for the service provider.
Rule-based access control
The balanced scorecard
Applying the proper classification to the data
Background check
11. Risk should be reduced to a level that an organization _____________.
SWOT analysis
Encryption of the hard disks
Conduct a risk assessment
Is willing to accept
12. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
All personnel
Cost of control
Examples of containment defenses
Increase business value and confidence
13. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Asset classification
Skills inventory
Cyber extortionist
Security risk
14. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Detection defenses
Security risk
Owner of the information asset
Access control matrix
15. BEST option to improve accountability for a system administrator is to _____________________.
include security responsibilities in a job description
Use of security metrics
Virus
MAL wear
16. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Deeper level of analysis
Requirements of the data owners
Biometric access control systems
Performing a risk assessment
17. The most important characteristic of good security policies is that they be ____________________.
Strategic alignment of security with business objectives
Aligned with organizational goals
Data owners
Return on security investment (ROSI)
18. The MOST important element of an information security strategy.
Defining and ratifying the classification structure of information assets
Role-based policy
SWOT analysis
Defined objectives
19. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Spoofing attacks
Centralized structure
Encryption of the hard disks
Monitoring processes
20. By definition are not previously known and therefore are undetectable.
Transferred risk
Confidentiality
0-day vulnerabilities
Background checks of prospective employees
21. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Identify the relevant systems and processes
Aligned with organizational goals
Information contained on the equipment
Trusted source
22. Occurs after the risk assessment process - it does not measure it.
Undervoltage (brownout)
Exceptions to policy
Waterfall chart
Use of security metrics
23. Occurs when the incoming level
Power surge/over voltage (spike)
Exceptions to policy
Two-factor authentication
Confidentiality
24. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Audit objectives
Its ability to reduce or eliminate business risks
Vulnerability assessment
Examples of containment defenses
25. Oversees the overall classification management of the information.
Centralization of information security management
Data warehouse
Cryptographic secure sockets layer (SSL) implementations and short key lengths
The information security officer
26. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Tailgating
Digital certificate
Encryption key management
Protective switch covers
27. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Alignment with business strategy
Background checks of prospective employees
OBusiness case development
Data isolation
28. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Encryption
Reduce risk to an acceptable level
Properly aligned with business goals and objectives
Impractical and is often cost-prohibitive
29. The job of the information security officer on a management team is to ___________________.
Assess the risks to the business operation
Data mart
IP address packet filtering
Proficiency testing
30. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
include security responsibilities in a job description
Security baselines
SWOT analysis
Monitoring processes
31. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Role-based policy
Requirements of the data owners
Multinational organization
Continuous analysis - monitoring and feedback
32. A risk assessment should be conducted _________________.
Encryption key management
Calculating the value of the information or asset
Annually or whenever there is a significant change
Tailgating
33. A method for analyzing and reducing a relational database to its most streamlined form
Encryption of the hard disks
Resource dependency assessment
Normalization
Information security manager
34. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Equal error rate (EER)
Key risk indicator (KRI) setup
Encryption of the hard disks
Digital certificate
35. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Access control matrix
Do with the information it collects
Asset classification
Classification of assets needs
36. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Cyber terrorist
BIA (Business Impact Assessment
Security code reviews for the entire software application
People
37. A function of the session keys distributed by the PKI.
Confidentiality
Script kiddie
Total cost of ownership (TCO)
Acceptable use policies
38. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Properly aligned with business goals and objectives
Information security manager
Role-based access control
Protective switch covers
39. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Logon banners
Data classification
A network vulnerability assessment
Residual risk
40. Ensure that transmitted information can be attributed to the named sender.
Increase business value and confidence
Security risk
Digital signatures
Single sign-on (SSO) product
41. ecurity design flaws require a ____________________.
Is willing to accept
Tailgating
Overall organizational structure
Deeper level of analysis
42. Focuses on identifying vulnerabilities.
BIA (Business Impact Assessment
Two-factor authentication
Penetration testing
Proficiency testing
43. Culture has a significant impact on how information security will be implemented in a ______________________.
Script kiddie
Multinational organization
Alignment with business strategy
Encryption of the hard disks
44. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Worm
Safeguards over keys
Lack of change management
Cross-site scripting attacks
45. Cannot be minimized
Safeguards over keys
Transferred risk
Consensus on risks and controls
Inherent risk
46. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
OBusiness case development
Phishing
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Role-based access control
47. Applications cannot access data associated with other apps
Data isolation
Tie security risks to key business objectives
Cyber terrorist
Examples of containment defenses
48. The PRIMARY goal in developing an information security strategy is to: _________________________.
Hacker
What happened and how the breach was resolved
Support the business objectives of the organization
Two-factor authentication
49. Information security governance models are highly dependent on the _____________________.
Defining high-level business security requirements
Retention of business records
Overall organizational structure
Return on security investment (ROSI)
50. A Successful risk management should lead to a ________________.
Calculating the value of the information or asset
The database administrator
Breakeven point of risk reduction and cost
Internal risk assessment
