SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
IP address packet filtering
Detection defenses
The data owner
Virus
2. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Two-factor authentication
Regular review of access control lists
The data owner
Control effectiveness
3. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Patch management
Protective switch covers
Multinational organization
Background check
4. Cannot be minimized
Inherent risk
Security risk
Single sign-on (SSO) product
The authentication process is broken
5. Provides process needs but not impact.
Resource dependency assessment
include security responsibilities in a job description
Transmit e-mail messages
Impractical and is often cost-prohibitive
6. Focuses on identifying vulnerabilities.
Overall organizational structure
Safeguards over keys
The balanced scorecard
Penetration testing
7. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Single sign-on (SSO) product
Classification of assets needs
Security code reviews for the entire software application
Skills inventory
8. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Data classification
Assess the risks to the business operation
Vulnerability assessment
Risk appetite
9. ecurity design flaws require a ____________________.
Lack of change management
The information security officer
Identify the relevant systems and processes
Deeper level of analysis
10. A risk assessment should be conducted _________________.
Consensus on risks and controls
Identify the relevant systems and processes
Annually or whenever there is a significant change
Classification of assets needs
11. To identify known vulnerabilities based on common misconfigurations and missing updates.
A network vulnerability assessment
Do with the information it collects
Spoofing attacks
Inherent risk
12. The primary role of the information security manager in the process of information classification within the organization.
Resource dependency assessment
Transferred risk
Defining and ratifying the classification structure of information assets
Requirements of the data owners
13. Inject malformed input.
Annually or whenever there is a significant change
Attributes and characteristics of the 'desired state'
Cross-site scripting attacks
Fault-tolerant computer
14. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Resource dependency assessment
Encryption of the hard disks
Lack of change management
Internal risk assessment
15. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Conduct a risk assessment
Role-based access control
Monitoring processes
Skills inventory
16. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Tie security risks to key business objectives
Virus
Information security manager
Transmit e-mail messages
17. The information security manager needs to prioritize the controls based on ________________________.
Access control matrix
Rule-based access control
Is willing to accept
Risk management and the requirements of the organization
18. The data owner is responsible for _______________________.
Digital certificate
Applying the proper classification to the data
Audit objectives
Personal firewall
19. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Resource dependency assessment
MAL wear
Safeguards over keys
Its ability to reduce or eliminate business risks
20. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Intrusion detection system (IDS)
Trusted source
Data mart
MAL wear
21. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Cross-site scripting attacks
Gap analysis
All personnel
Knowledge management
22. Should be determined from the risk assessment results.
Audit objectives
Encryption
Continuous monitoring control initiatives
Impractical and is often cost-prohibitive
23. Someone who uses the internet or network to destroy or damage computers for political reasons
The authentication process is broken
Acceptable use policies
Background checks of prospective employees
Cyber terrorist
24. Accesses a computer or network illegally
Asset classification
Cracker
Background check
OBusiness case development
25. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Information security manager
Regular review of access control lists
Confidentiality
Virus
26. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Key controls
Skills inventory
Key risk indicator (KRI) setup
Malicious software and spyware
27. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Developing an information security baseline
Penetration testing
Strategic alignment of security with business objectives
Deeper level of analysis
28. Risk should be reduced to a level that an organization _____________.
The data owner
Service level agreements (SLAs)
Detection defenses
Is willing to accept
29. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Data classification
Fault-tolerant computer
Reduce risk to an acceptable level
Key risk indicator (KRI) setup
30. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Single sign-on (SSO) product
Negotiating a local version of the organization standards
Lack of change management
Creation of a business continuity plan
31. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Use of security metrics
Assess the risks to the business operation
Security code reviews for the entire software application
Alignment with business strategy
32. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
SWOT analysis
Digital signatures
Waterfall chart
Encryption key management
33. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Security baselines
Residual risk
Tie security risks to key business objectives
Fault-tolerant computer
34. Whenever personal data are transferred across national boundaries; ________________________ are required.
Key controls
The data owner
The awareness and agreement of the data subjects
Prioritization
35. The most important characteristic of good security policies is that they be ____________________.
Exceptions to policy
Aligned with organizational goals
Performing a risk assessment
Is willing to accept
36. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Data warehouse
SWOT analysis
Owner of the information asset
The data owner
37. Company or person you believe will not send a virus-infect file knowingly
Prioritization
Multinational organization
Logon banners
Trusted source
38. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Single sign-on (SSO) product
Key controls
Aligned with organizational goals
Get senior management onboard
39. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Acceptable use policies
Waterfall chart
The data custodian
Methodology used in the assessment
40. Would protect against spoofing an internal address but would not provide strong authentication.
IP address packet filtering
Continuous analysis - monitoring and feedback
Information security manager
Vulnerability assessment
41. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Background checks of prospective employees
Cyber extortionist
Gap analysis
Threat assessment
42. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Gain unauthorized access to applications
The data owner
Internal risk assessment
Defined objectives
43. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
Data mart
All personnel
Gap analysis
Alignment with business strategy
44. Programs that act without a user's knowledge and deliberately alter a computer's operations
Worm
MAL wear
Its ability to reduce or eliminate business risks
Protective switch covers
45. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Return on security investment (ROSI)
Information security manager
Virus detection
Countermeasure cost-benefit analysis
46. Ensures that there are no scalability problems.
Access control matrix
Cyber terrorist
Centralized structure
Stress testing
47. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Information contained on the equipment
Single sign-on (SSO) product
Certificate authority (CA)
Alignment with business strategy
48. Identification and _______________ of business risk enables project managers to address areas with most significance.
The awareness and agreement of the data subjects
Prioritization
Script kiddie
Use of security metrics
49. Has full responsibility over data.
The balanced scorecard
Total cost of ownership (TCO)
The data owner
Hacker
50. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Tie security risks to key business objectives
Encryption of the hard disks
Owner of the information asset
Protective switch covers
