SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When defining the information classification policy - the ___________________ need to be identified.
Access control matrix
Data isolation
Defining high-level business security requirements
Requirements of the data owners
2. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Regular review of access control lists
Creation of a business continuity plan
Encryption key management
Methodology used in the assessment
3. A risk assessment should be conducted _________________.
All personnel
Annually or whenever there is a significant change
Alignment with business strategy
Data classification
4. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
Trojan horse
Increase business value and confidence
Control risk
Encryption of the hard disks
5. Programs that act without a user's knowledge and deliberately alter a computer's operations
The data owner
Total cost of ownership (TCO)
MAL wear
Encryption key management
6. Occurs when the incoming level
Decentralization
Power surge/over voltage (spike)
Asset classification
Two-factor authentication
7. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Patch management
Digital signatures
Data warehouse
Background checks of prospective employees
8. The data owner is responsible for _______________________.
Cyber extortionist
Access control matrix
Applying the proper classification to the data
Increase business value and confidence
9. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Requirements of the data owners
Conduct a risk assessment
Strategic alignment of security with business objectives
Inherent risk
10. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Nondisclosure agreement (NDA)
Impractical and is often cost-prohibitive
Residual risk
Encryption
11. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Patch management
Gap analysis
Intrusion detection system (IDS)
Detection defenses
12. Cannot be minimized
Inherent risk
Virus detection
Monitoring processes
Protective switch covers
13. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Script kiddie
Well-defined roles and responsibilities
Lack of change management
Key risk indicator (KRI) setup
14. Focuses on identifying vulnerabilities.
Use of security metrics
Detection defenses
Penetration testing
Phishing
15. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Centralized structure
Alignment with business strategy
Public key infrastructure (PKI)
Creation of a business continuity plan
16. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Worm
Properly aligned with business goals and objectives
Nondisclosure agreement (NDA)
Asset classification
17. A key indicator of performance measurement.
Increase business value and confidence
The authentication process is broken
Strategic alignment of security with business objectives
Control effectiveness
18. Needs to define the access rules - which is troublesome and error prone in large organizations.
Role-based policy
Rule-based access control
Undervoltage (brownout)
Transferred risk
19. The MOST important element of an information security strategy.
Defined objectives
Owner of the information asset
Attributes and characteristics of the 'desired state'
Regulatory compliance
20. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
The awareness and agreement of the data subjects
Virus
Owner of the information asset
The information security officer
21. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Residual risk would be reduced by a greater amount
Do with the information it collects
Data owners
22. Oversees the overall classification management of the information.
Inherent risk
The information security officer
Its ability to reduce or eliminate business risks
Negotiating a local version of the organization standards
23. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Cracker
Hacker
Role-based policy
Knowledge management
24. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Do with the information it collects
Information contained on the equipment
Trojan horse
Spoofing attacks
25. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Deeper level of analysis
Malicious software and spyware
Baseline standard and then develop additional standards
Regulatory compliance
26. Ensures that there are no scalability problems.
Stress testing
Service level agreements (SLAs)
The balanced scorecard
Tie security risks to key business objectives
27. Computer that has duplicate components so it can continue to operate when one of its main components fail
Get senior management onboard
Fault-tolerant computer
Requirements of the data owners
Impractical and is often cost-prohibitive
28. Has to be integrated into the requirements of every software application's design.
Audit objectives
Encryption key management
Rule-based access control
Defining high-level business security requirements
29. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Logon banners
Compliance with the organization's information security requirements
Data warehouse
Service level agreements (SLAs)
30. Only valid if assets have first been identified and appropriately valued.
Annual loss expectancy (ALE)calculations
Defining and ratifying the classification structure of information assets
Security baselines
Threat assessment
31. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Methodology used in the assessment
Gain unauthorized access to applications
Residual risk would be reduced by a greater amount
Waterfall chart
32. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Detection defenses
Data classification
Security code reviews for the entire software application
Centralization of information security management
33. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
SWOT analysis
The authentication process is broken
Asset classification
The board of directors and senior management
34. ecurity design flaws require a ____________________.
Deeper level of analysis
Background checks of prospective employees
Its ability to reduce or eliminate business risks
Phishing
35. Company or person you believe will not send a virus-infect file knowingly
Overall organizational structure
Total cost of ownership (TCO)
Trusted source
Waterfall chart
36. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Script kiddie
Impractical and is often cost-prohibitive
Patch management
Role-based policy
37. Inject malformed input.
Total cost of ownership (TCO)
Cyber terrorist
Acceptable use policies
Cross-site scripting attacks
38. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Safeguards over keys
Script kiddie
Role-based policy
Overall organizational structure
39. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
OBusiness case development
Data mart
Classification of assets needs
Cryptographic secure sockets layer (SSL) implementations and short key lengths
40. Identification and _______________ of business risk enables project managers to address areas with most significance.
Prioritization
0-day vulnerabilities
MAL wear
Service level agreements (SLAs)
41. Risk should be reduced to a level that an organization _____________.
Residual risk
Penetration testing
Is willing to accept
Defining and ratifying the classification structure of information assets
42. A repository of historical data organized by subject to support decision makers in the org
Data warehouse
Spoofing attacks
Phishing
Confidentiality
43. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Information contained on the equipment
Risk assessment - evaluation and impact analysis
Identify the relevant systems and processes
Patch management process
44. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
MAL wear
Do with the information it collects
Threat assessment
Breakeven point of risk reduction and cost
45. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Do with the information it collects
Cryptographic secure sockets layer (SSL) implementations and short key lengths
OBusiness case development
Detection defenses
46. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
47. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Service level agreements (SLAs)
Worm
Hacker
All personnel
48. The most important characteristic of good security policies is that they be ____________________.
BIA (Business Impact Assessment
Aligned with organizational goals
Owner of the information asset
Data owners
49. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Worm
Identify the relevant systems and processes
Information security manager
Logon banners
50. A function of the session keys distributed by the PKI.
Continuous analysis - monitoring and feedback
Confidentiality
Inherent risk
Prioritization