SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Key risk indicator (KRI) setup
Continuous analysis - monitoring and feedback
Fault-tolerant computer
Transmit e-mail messages
2. Focuses on identifying vulnerabilities.
Confidentiality
Security baselines
Penetration testing
Encryption of the hard disks
3. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Developing an information security baseline
The board of directors and senior management
Virus
include security responsibilities in a job description
4. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Do with the information it collects
Annually or whenever there is a significant change
Safeguards over keys
Trusted source
5. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Owner of the information asset
Normalization
Baseline standard and then develop additional standards
The database administrator
6. To identify known vulnerabilities based on common misconfigurations and missing updates.
Countermeasure cost-benefit analysis
A network vulnerability assessment
Decentralization
Applying the proper classification to the data
7. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Get senior management onboard
Residual risk would be reduced by a greater amount
Malicious software and spyware
A network vulnerability assessment
8. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Cost of control
Breakeven point of risk reduction and cost
Lack of change management
Well-defined roles and responsibilities
9. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
What happened and how the breach was resolved
Annually or whenever there is a significant change
People
Encryption
10. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
The board of directors and senior management
BIA (Business Impact Assessment
Background check
Encryption
11. Cannot be minimized
Skills inventory
Use of security metrics
Inherent risk
Information security manager
12. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Return on security investment (ROSI)
Encryption
The data owner
Virus
13. Should be a standard requirement for the service provider.
Certificate authority (CA)
Background check
Assess the risks to the business operation
Patch management process
14. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Phishing
Developing an information security baseline
Risk assessment - evaluation and impact analysis
Notifications and opt-out provisions
15. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Protective switch covers
Negotiating a local version of the organization standards
Decentralization
Defining and ratifying the classification structure of information assets
16. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
IP address packet filtering
Defined objectives
Get senior management onboard
Encryption of the hard disks
17. All within the responsibility of the information security manager.
Platform security - intrusion detection and antivirus controls
The awareness and agreement of the data subjects
Digital certificate
Encryption
18. Ensures that there are no scalability problems.
Stress testing
Encryption of the hard disks
Applying the proper classification to the data
Data classification
19. provides the most effective protection of data on mobile devices.
Performing a risk assessment
Background checks of prospective employees
Encryption
What happened and how the breach was resolved
20. Needs to define the access rules - which is troublesome and error prone in large organizations.
Increase business value and confidence
Deeper level of analysis
Rule-based access control
Normalization
21. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Intrusion detection system (IDS)
Defining high-level business security requirements
Background checks of prospective employees
Security awareness training for all employees
22. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Deeper level of analysis
Control risk
The data owner
Control effectiveness
23. Carries out the technical administration.
Virus detection
Applying the proper classification to the data
Rule-based access control
The database administrator
24. A risk assessment should be conducted _________________.
Aligned with organizational goals
Annually or whenever there is a significant change
Support the business objectives of the organization
Control effectiveness
25. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Data warehouse
Virus
Intrusion detection system (IDS)
Digital certificate
26. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Single sign-on (SSO) product
Performing a risk assessment
The authentication process is broken
Owner of the information asset
27. Whenever personal data are transferred across national boundaries; ________________________ are required.
Two-factor authentication
The awareness and agreement of the data subjects
Safeguards over keys
Monitoring processes
28. Primarily reduce risk and are most effective for the protection of information assets.
The database administrator
Cross-site scripting attacks
Key controls
Process of introducing changes to systems
29. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
30. A key indicator of performance measurement.
Single sign-on (SSO) product
Cyber terrorist
Strategic alignment of security with business objectives
Cryptographic secure sockets layer (SSL) implementations and short key lengths
31. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Transferred risk
Transmit e-mail messages
Retention of business records
Two-factor authentication
32. Information security governance models are highly dependent on the _____________________.
The data custodian
Information contained on the equipment
Overall organizational structure
OBusiness case development
33. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Gap analysis
A network vulnerability assessment
Return on security investment (ROSI)
Properly aligned with business goals and objectives
34. Applications cannot access data associated with other apps
Baseline standard and then develop additional standards
Well-defined roles and responsibilities
SWOT analysis
Data isolation
35. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Comparison of cost of achievement
Creation of a business continuity plan
Personal firewall
The balanced scorecard
36. Used to understand the flow of one process into another.
Fault-tolerant computer
Waterfall chart
Worm
The board of directors and senior management
37. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Worm
Biometric access control systems
Its ability to reduce or eliminate business risks
Safeguards over keys
38. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
Encryption of the hard disks
The authentication process is broken
Annual loss expectancy (ALE)calculations
Digital signatures
39. When defining the information classification policy - the ___________________ need to be identified.
Trojan horse
Requirements of the data owners
Cyber extortionist
Classification of assets needs
40. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
Get senior management onboard
Residual risk
Service level agreements (SLAs)
Risk assessment - evaluation and impact analysis
41. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Background checks of prospective employees
Prioritization
Defining high-level business security requirements
Encryption key management
42. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Encryption
The board of directors and senior management
Spoofing attacks
Countermeasure cost-benefit analysis
43. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Attributes and characteristics of the 'desired state'
Monitoring processes
Knowledge management
Trusted source
44. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Logon banners
Defining and ratifying the classification structure of information assets
Tie security risks to key business objectives
Security risk
45. The primary role of the information security manager in the process of information classification within the organization.
Encryption of the hard disks
Impractical and is often cost-prohibitive
Public key infrastructure (PKI)
Defining and ratifying the classification structure of information assets
46. Should be performed to identify the risk and determine needed controls.
Applying the proper classification to the data
Internal risk assessment
Normalization
The awareness and agreement of the data subjects
47. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Audit objectives
Conduct a risk assessment
Penetration testing
Increase business value and confidence
48. Occurs after the risk assessment process - it does not measure it.
Use of security metrics
include security responsibilities in a job description
Creation of a business continuity plan
Patch management
49. Someone who uses the internet or network to destroy or damage computers for political reasons
Key risk indicator (KRI) setup
Cracker
Cyber terrorist
Defined objectives
50. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Multinational organization
Defined objectives
Retention of business records
Security code reviews for the entire software application