SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
What happened and how the breach was resolved
Threat assessment
Resource dependency assessment
The authentication process is broken
2. Uses security metrics to measure the performance of the information security program.
Tailgating
Information security manager
Fault-tolerant computer
MAL wear
3. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Overall organizational structure
Performing a risk assessment
Safeguards over keys
Return on security investment (ROSI)
4. provides the most effective protection of data on mobile devices.
Trojan horse
Comparison of cost of achievement
Power surge/over voltage (spike)
Encryption
5. Provide metrics to which outsourcing firms can be held accountable.
SWOT analysis
Service level agreements (SLAs)
Resource dependency assessment
Skills inventory
6. Should be determined from the risk assessment results.
Hacker
Audit objectives
IP address packet filtering
OBusiness case development
7. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Notifications and opt-out provisions
Consensus on risks and controls
Acceptable use policies
Baseline standard and then develop additional standards
8. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Notifications and opt-out provisions
Is willing to accept
Security awareness training for all employees
Security baselines
9. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Methodology used in the assessment
Gap analysis
Cyber terrorist
Background checks of prospective employees
10. BEST option to improve accountability for a system administrator is to _____________________.
Public key infrastructure (PKI)
include security responsibilities in a job description
Equal error rate (EER)
Undervoltage (brownout)
11. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Patch management
Control risk
MAL wear
Centralized structure
12. Someone who uses the internet or network to destroy or damage computers for political reasons
Control risk
Cyber terrorist
Nondisclosure agreement (NDA)
Multinational organization
13. It is easier to manage and control a _________________.
Retention of business records
Centralized structure
Decentralization
Safeguards over keys
14. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Performing a risk assessment
Applying the proper classification to the data
Stress testing
Control effectiveness
15. Provides process needs but not impact.
Security code reviews for the entire software application
Resource dependency assessment
0-day vulnerabilities
Continuous monitoring control initiatives
16. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Annually or whenever there is a significant change
Cracker
Centralization of information security management
Security risk
17. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Inherent risk
Developing an information security baseline
Digital certificate
Residual risk
18. The best measure for preventing the unauthorized disclosure of confidential information.
Process of introducing changes to systems
Acceptable use policies
Skills inventory
Data owners
19. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
20. Used to understand the flow of one process into another.
Waterfall chart
Role-based policy
Phishing
Residual risk
21. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Multinational organization
Two-factor authentication
Resource dependency assessment
Monitoring processes
22. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Transferred risk
Intrusion detection system (IDS)
Knowledge management
Assess the risks to the business operation
23. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Power surge/over voltage (spike)
Inherent risk
Properly aligned with business goals and objectives
Cryptographic secure sockets layer (SSL) implementations and short key lengths
24. A method for analyzing and reducing a relational database to its most streamlined form
Normalization
Well-defined roles and responsibilities
Owner of the information asset
Regulatory compliance
25. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Control risk
Negotiating a local version of the organization standards
Cyber extortionist
Role-based policy
26. Accesses a computer or network illegally
Hacker
Cracker
Patch management
Proficiency testing
27. Has to be integrated into the requirements of every software application's design.
Use of security metrics
Annual loss expectancy (ALE)calculations
Requirements of the data owners
Encryption key management
28. Company or person you believe will not send a virus-infect file knowingly
Is willing to accept
Trusted source
Hacker
Script kiddie
29. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Transferred risk
Threat assessment
The awareness and agreement of the data subjects
Internal risk assessment
30. Reducing risk to a level too small to measure is _______________.
Role-based policy
MAL wear
Impractical and is often cost-prohibitive
Well-defined roles and responsibilities
31. Occurs when the electrical supply drops
Regulatory compliance
Information contained on the equipment
Encryption of the hard disks
Undervoltage (brownout)
32. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Decentralization
Properly aligned with business goals and objectives
Requirements of the data owners
Conduct a risk assessment
33. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Return on security investment (ROSI)
A network vulnerability assessment
Assess the risks to the business operation
The board of directors and senior management
34. The most important characteristic of good security policies is that they be ____________________.
Decentralization
Hacker
Aligned with organizational goals
Protective switch covers
35. A Successful risk management should lead to a ________________.
Data mart
Applying the proper classification to the data
Breakeven point of risk reduction and cost
The information security officer
36. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Security code reviews for the entire software application
Public key infrastructure (PKI)
Certificate authority (CA)
Stress testing
37. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Lack of change management
The authentication process is broken
Conduct a risk assessment
Creation of a business continuity plan
38. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Logon banners
Consensus on risks and controls
Data mart
Gain unauthorized access to applications
39. Program that hides within or looks like a legit program
Proficiency testing
The database administrator
Trojan horse
Annually or whenever there is a significant change
40. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Virus detection
Safeguards over keys
Information security manager
Transmit e-mail messages
41. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Regular review of access control lists
Acceptable use policies
Methodology used in the assessment
Knowledge management
42. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Classification of assets needs
Transmit e-mail messages
The board of directors and senior management
Gap analysis
43. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Defining high-level business security requirements
Virus
Encryption of the hard disks
Gain unauthorized access to applications
44. Carries out the technical administration.
Acceptable use policies
People
The database administrator
Platform security - intrusion detection and antivirus controls
45. ecurity design flaws require a ____________________.
Phishing
Deeper level of analysis
Increase business value and confidence
Safeguards over keys
46. All within the responsibility of the information security manager.
Classification of assets needs
Proficiency testing
Knowledge management
Platform security - intrusion detection and antivirus controls
47. The data owner is responsible for _______________________.
Attributes and characteristics of the 'desired state'
Data owners
Get senior management onboard
Applying the proper classification to the data
48. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Inherent risk
Information contained on the equipment
Reduce risk to an acceptable level
Cracker
49. Responsible for securing the information.
Virus
Internal risk assessment
The data custodian
Platform security - intrusion detection and antivirus controls
50. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Tie security risks to key business objectives
Rule-based access control
Data classification
Control effectiveness
