SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Identification and _______________ of business risk enables project managers to address areas with most significance.
Defining and ratifying the classification structure of information assets
Comparison of cost of achievement
Prioritization
Access control matrix
2. Occurs when the incoming level
Regular review of access control lists
Annual loss expectancy (ALE)calculations
Power surge/over voltage (spike)
The data owner
3. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
4. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Methodology used in the assessment
Overall organizational structure
Public key infrastructure (PKI)
Confidentiality
5. A function of the session keys distributed by the PKI.
The information security officer
Proficiency testing
include security responsibilities in a job description
Confidentiality
6. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Countermeasure cost-benefit analysis
Get senior management onboard
Transferred risk
All personnel
7. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Defining and ratifying the classification structure of information assets
Logon banners
Baseline standard and then develop additional standards
Cost of control
8. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Data warehouse
Performing a risk assessment
Gap analysis
Cryptographic secure sockets layer (SSL) implementations and short key lengths
9. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.
Penetration testing
The balanced scorecard
Notifications and opt-out provisions
Its ability to reduce or eliminate business risks
10. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Skills inventory
Cryptographic secure sockets layer (SSL) implementations and short key lengths
The board of directors and senior management
Threat assessment
11. All within the responsibility of the information security manager.
Role-based access control
Defining and ratifying the classification structure of information assets
Platform security - intrusion detection and antivirus controls
Comparison of cost of achievement
12. Focuses on identifying vulnerabilities.
Resource dependency assessment
Transmit e-mail messages
Penetration testing
Platform security - intrusion detection and antivirus controls
13. Should be a standard requirement for the service provider.
Background check
MAL wear
Assess the risks to the business operation
Use of security metrics
14. The primary role of the information security manager in the process of information classification within the organization.
Data owners
Detection defenses
Transferred risk
Defining and ratifying the classification structure of information assets
15. Has full responsibility over data.
Conduct a risk assessment
Public key infrastructure (PKI)
Cross-site scripting attacks
The data owner
16. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Detection defenses
Applying the proper classification to the data
Continuous analysis - monitoring and feedback
SWOT analysis
17. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Patch management process
Residual risk
Access control matrix
Lack of change management
18. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Continuous analysis - monitoring and feedback
Encryption key management
Control effectiveness
Gap analysis
19. Risk should be reduced to a level that an organization _____________.
Is willing to accept
Cross-site scripting attacks
Certificate authority (CA)
Residual risk
20. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Notifications and opt-out provisions
OBusiness case development
Strategic alignment of security with business objectives
Information contained on the equipment
21. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Digital certificate
Use of security metrics
Monitoring processes
Key controls
22. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
People
Transmit e-mail messages
The board of directors and senior management
Defined objectives
23. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Overall organizational structure
People
Risk management and the requirements of the organization
Regulatory compliance
24. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Classification of assets needs
The authentication process is broken
Patch management process
Protective switch covers
25. Most effective for evaluating the degree to which information security objectives are being met.
Information security manager
The balanced scorecard
Acceptable use policies
Monitoring processes
26. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Inherent risk
Methodology used in the assessment
Control effectiveness
Its ability to reduce or eliminate business risks
27. BEST option to improve accountability for a system administrator is to _____________________.
The information security officer
Regular review of access control lists
include security responsibilities in a job description
Equal error rate (EER)
28. The PRIMARY goal in developing an information security strategy is to: _________________________.
Its ability to reduce or eliminate business risks
Decentralization
Data classification
Support the business objectives of the organization
29. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Consensus on risks and controls
Role-based policy
Waterfall chart
Data warehouse
30. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Comparison of cost of achievement
Detection defenses
Information contained on the equipment
Key risk indicator (KRI) setup
31. ecurity design flaws require a ____________________.
Defining high-level business security requirements
Tie security risks to key business objectives
Deeper level of analysis
Properly aligned with business goals and objectives
32. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Personal firewall
Logon banners
Role-based access control
Identify the vulnerable systems and apply compensating controls
33. Cannot be minimized
Gap analysis
Centralized structure
Inherent risk
Key risk indicator (KRI) setup
34. Used to understand the flow of one process into another.
Regulatory compliance
Gain unauthorized access to applications
Centralized structure
Waterfall chart
35. Should be performed to identify the risk and determine needed controls.
Penetration testing
Internal risk assessment
Proficiency testing
Platform security - intrusion detection and antivirus controls
36. A repository of historical data organized by subject to support decision makers in the org
Negotiating a local version of the organization standards
Worm
Regulatory compliance
Data warehouse
37. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Security risk
Intrusion detection system (IDS)
Exceptions to policy
Internal risk assessment
38. Awareness - training and physical security defenses.
Examples of containment defenses
Impractical and is often cost-prohibitive
The data owner
Cryptographic secure sockets layer (SSL) implementations and short key lengths
39. S small warehouse - designed for the end-user needs in a strategic business unit
Deeper level of analysis
Data mart
Internal risk assessment
IP address packet filtering
40. Uses security metrics to measure the performance of the information security program.
Information security manager
Single sign-on (SSO) product
Regular review of access control lists
Total cost of ownership (TCO)
41. Computer that has duplicate components so it can continue to operate when one of its main components fail
Regulatory compliance
Access control matrix
MAL wear
Fault-tolerant computer
42. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Requirements of the data owners
Single sign-on (SSO) product
Resource dependency assessment
include security responsibilities in a job description
43. Ensures that there are no scalability problems.
Access control matrix
Patch management
Stress testing
Lack of change management
44. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Tailgating
Inherent risk
Data warehouse
Asset classification
45. Carries out the technical administration.
Encryption of the hard disks
Retention of business records
Security baselines
The database administrator
46. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Regular review of access control lists
Cyber extortionist
Biometric access control systems
Two-factor authentication
47. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Annual loss expectancy (ALE)calculations
Skills inventory
Attributes and characteristics of the 'desired state'
Owner of the information asset
48. Program that hides within or looks like a legit program
Centralized structure
Control risk
Patch management process
Trojan horse
49. Primarily reduce risk and are most effective for the protection of information assets.
Owner of the information asset
Regular review of access control lists
Key controls
Risk assessment - evaluation and impact analysis
50. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Reduce risk to an acceptable level
Lack of change management
IP address packet filtering
Protective switch covers
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests