SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Access control matrix
Tie security risks to key business objectives
Do with the information it collects
Confidentiality
2. Would protect against spoofing an internal address but would not provide strong authentication.
Patch management
Audit objectives
Security awareness training for all employees
IP address packet filtering
3. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Tie security risks to key business objectives
Residual risk
Security baselines
Asset classification
4. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Confidentiality
Centralization of information security management
Encryption of the hard disks
Cyber terrorist
5. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
include security responsibilities in a job description
Equal error rate (EER)
Information contained on the equipment
Gain unauthorized access to applications
6. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Skills inventory
Waterfall chart
Risk assessment - evaluation and impact analysis
Stress testing
7. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Return on security investment (ROSI)
Centralized structure
Personal firewall
Decentralization
8. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Owner of the information asset
Risk management and the requirements of the organization
Key risk indicator (KRI) setup
Threat assessment
9. Applications cannot access data associated with other apps
Data isolation
Aligned with organizational goals
Platform security - intrusion detection and antivirus controls
Cyber terrorist
10. Someone who accesses a computer or network illegally
Hacker
Defining and ratifying the classification structure of information assets
Tailgating
Background checks of prospective employees
11. An information security manager has to impress upon the human resources department the need for _____________________.
Fault-tolerant computer
The data owner
Security awareness training for all employees
Inherent risk
12. Company or person you believe will not send a virus-infect file knowingly
Trusted source
People
Logon banners
Attributes and characteristics of the 'desired state'
13. Carries out the technical administration.
The database administrator
Requirements of the data owners
Multinational organization
Decentralization
14. A Successful risk management should lead to a ________________.
Use of security metrics
Breakeven point of risk reduction and cost
Platform security - intrusion detection and antivirus controls
Two-factor authentication
15. Oversees the overall classification management of the information.
Control effectiveness
Encryption of the hard disks
The information security officer
Protective switch covers
16. Occurs after the risk assessment process - it does not measure it.
Use of security metrics
Identify the relevant systems and processes
Data mart
Developing an information security baseline
17. Responsible for securing the information.
Transmit e-mail messages
The awareness and agreement of the data subjects
Proficiency testing
The data custodian
18. A function of the session keys distributed by the PKI.
Proficiency testing
Confidentiality
Acceptable use policies
Tailgating
19. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Centralization of information security management
Breakeven point of risk reduction and cost
Notifications and opt-out provisions
Gap analysis
20. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
21. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Service level agreements (SLAs)
Security risk
The balanced scorecard
Methodology used in the assessment
22. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Requirements of the data owners
Trusted source
Its ability to reduce or eliminate business risks
Intrusion detection system (IDS)
23. Provides strong online authentication.
Public key infrastructure (PKI)
Calculating the value of the information or asset
Personal firewall
Data mart
24. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
The data owner
Intrusion detection system (IDS)
Worm
Total cost of ownership (TCO)
25. Has full responsibility over data.
Overall organizational structure
Safeguards over keys
The data owner
Risk appetite
26. ecurity design flaws require a ____________________.
Deeper level of analysis
Encryption of the hard disks
Certificate authority (CA)
Calculating the value of the information or asset
27. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Data owners
Residual risk would be reduced by a greater amount
Access control matrix
Aligned with organizational goals
28. All within the responsibility of the information security manager.
Platform security - intrusion detection and antivirus controls
Knowledge management
Safeguards over keys
Cryptographic secure sockets layer (SSL) implementations and short key lengths
29. New security ulnerabilities should be managed through a ________________.
All personnel
Patch management process
Security awareness training for all employees
Examples of containment defenses
30. Occurs when the electrical supply drops
Reduce risk to an acceptable level
SWOT analysis
Digital certificate
Undervoltage (brownout)
31. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Detection defenses
Cross-site scripting attacks
Logon banners
Risk management and the requirements of the organization
32. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Protective switch covers
Properly aligned with business goals and objectives
SWOT analysis
Baseline standard and then develop additional standards
33. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
The database administrator
Certificate authority (CA)
Detection defenses
Confidentiality
34. A notice that guarantees a user or a web site is legitimate
Exceptions to policy
Aligned with organizational goals
Service level agreements (SLAs)
Digital certificate
35. Information security governance models are highly dependent on the _____________________.
Overall organizational structure
Security baselines
Monitoring processes
Process of introducing changes to systems
36. Culture has a significant impact on how information security will be implemented in a ______________________.
Protective switch covers
Multinational organization
Risk appetite
Is willing to accept
37. Whenever personal data are transferred across national boundaries; ________________________ are required.
Deeper level of analysis
Single sign-on (SSO) product
Countermeasure cost-benefit analysis
The awareness and agreement of the data subjects
38. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Skills inventory
Owner of the information asset
Internal risk assessment
Properly aligned with business goals and objectives
39. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Security risk
Skills inventory
Resource dependency assessment
Monitoring processes
40. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Data mart
Decentralization
Intrusion detection system (IDS)
Data classification
41. The information security manager needs to prioritize the controls based on ________________________.
Audit objectives
Transferred risk
Risk management and the requirements of the organization
Gain unauthorized access to applications
42. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Acceptable use policies
Classification of assets needs
Conduct a risk assessment
Cryptographic secure sockets layer (SSL) implementations and short key lengths
43. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Spoofing attacks
Conduct a risk assessment
Data owners
Internal risk assessment
44. The MOST important element of an information security strategy.
Data owners
Defined objectives
Developing an information security baseline
Transferred risk
45. Inject malformed input.
Encryption
Control effectiveness
All personnel
Cross-site scripting attacks
46. Same intent as a cracker but does not have the technical skills and knowledge
Performing a risk assessment
Script kiddie
Skills inventory
Biometric access control systems
47. A repository of historical data organized by subject to support decision makers in the org
Worm
People
Support the business objectives of the organization
Data warehouse
48. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Role-based policy
Applying the proper classification to the data
Gain unauthorized access to applications
Regular review of access control lists
49. Focuses on identifying vulnerabilities.
Identify the relevant systems and processes
Fault-tolerant computer
Penetration testing
Power surge/over voltage (spike)
50. A risk assessment should be conducted _________________.
Data owners
Support the business objectives of the organization
Annually or whenever there is a significant change
The awareness and agreement of the data subjects