SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Encryption
Security baselines
Certificate authority (CA)
Creation of a business continuity plan
2. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Stress testing
Digital signatures
Security risk
Data mart
3. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Tailgating
Centralization of information security management
Get senior management onboard
Normalization
4. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Regular review of access control lists
Lack of change management
Support the business objectives of the organization
Cyber extortionist
5. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Intrusion detection system (IDS)
A network vulnerability assessment
Data mart
Notifications and opt-out provisions
6. A key indicator of performance measurement.
Strategic alignment of security with business objectives
Prioritization
What happened and how the breach was resolved
Annually or whenever there is a significant change
7. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Cross-site scripting attacks
Role-based access control
Data classification
Detection defenses
8. Utility program that detects and protects a personal computer from unauthorized intrusions
Compliance with the organization's information security requirements
Well-defined roles and responsibilities
Regulatory compliance
Personal firewall
9. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
A network vulnerability assessment
Risk assessment - evaluation and impact analysis
IP address packet filtering
Continuous analysis - monitoring and feedback
10. Useful but only with regard to specific technical skills.
Well-defined roles and responsibilities
Proficiency testing
Annual loss expectancy (ALE)calculations
Skills inventory
11. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
12. provides the most effective protection of data on mobile devices.
The awareness and agreement of the data subjects
Encryption
Internal risk assessment
Defined objectives
13. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
The data custodian
Service level agreements (SLAs)
Control risk
Access control matrix
14. Inject malformed input.
Gap analysis
Cross-site scripting attacks
Risk assessment - evaluation and impact analysis
Skills inventory
15. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Resource dependency assessment
Lack of change management
Decentralization
Identify the relevant systems and processes
16. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
17. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Patch management
Acceptable use policies
Key risk indicator (KRI) setup
Cracker
18. The PRIMARY goal in developing an information security strategy is to: _________________________.
Data mart
Support the business objectives of the organization
Virus detection
Internal risk assessment
19. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Transferred risk
Do with the information it collects
Performing a risk assessment
Key controls
20. Used to understand the flow of one process into another.
Security baselines
Support the business objectives of the organization
Trusted source
Waterfall chart
21. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Waterfall chart
Negotiating a local version of the organization standards
Gap analysis
Risk appetite
22. Occurs after the risk assessment process - it does not measure it.
Use of security metrics
Background check
Stress testing
Role-based policy
23. The data owner is responsible for _______________________.
Information contained on the equipment
Gain unauthorized access to applications
Control risk
Applying the proper classification to the data
24. Carries out the technical administration.
Monitoring processes
The database administrator
Information security manager
include security responsibilities in a job description
25. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Encryption of the hard disks
Defined objectives
Transferred risk
Defining high-level business security requirements
26. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
OBusiness case development
Worm
The database administrator
Asset classification
27. Provides strong online authentication.
Role-based policy
Internal risk assessment
Public key infrastructure (PKI)
Impractical and is often cost-prohibitive
28. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Fault-tolerant computer
Well-defined roles and responsibilities
Defining and ratifying the classification structure of information assets
Monitoring processes
29. Awareness - training and physical security defenses.
MAL wear
Examples of containment defenses
Applying the proper classification to the data
Gap analysis
30. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
The information security officer
Requirements of the data owners
Confidentiality
Increase business value and confidence
31. Company or person you believe will not send a virus-infect file knowingly
Penetration testing
Support the business objectives of the organization
Trusted source
Virus
32. Would protect against spoofing an internal address but would not provide strong authentication.
Impractical and is often cost-prohibitive
Data classification
IP address packet filtering
SWOT analysis
33. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Rule-based access control
Internal risk assessment
Penetration testing
BIA (Business Impact Assessment
34. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
People
Normalization
Platform security - intrusion detection and antivirus controls
Virus detection
35. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Transmit e-mail messages
Multinational organization
Penetration testing
Risk assessment - evaluation and impact analysis
36. Most effective for evaluating the degree to which information security objectives are being met.
Data mart
0-day vulnerabilities
Virus
The balanced scorecard
37. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Owner of the information asset
Gap analysis
Risk management and the requirements of the organization
Encryption
38. Focuses on identifying vulnerabilities.
Penetration testing
Logon banners
Overall organizational structure
People
39. Should be performed to identify the risk and determine needed controls.
Alignment with business strategy
Internal risk assessment
Stress testing
Calculating the value of the information or asset
40. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Strategic alignment of security with business objectives
Reduce risk to an acceptable level
Notifications and opt-out provisions
0-day vulnerabilities
41. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Consensus on risks and controls
Encryption of the hard disks
Regular review of access control lists
The board of directors and senior management
42. Has full responsibility over data.
The data owner
Owner of the information asset
Cyber extortionist
Defined objectives
43. Should be determined from the risk assessment results.
Audit objectives
SWOT analysis
Creation of a business continuity plan
Data warehouse
44. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Trusted source
Deeper level of analysis
Cost of control
Two-factor authentication
45. A function of the session keys distributed by the PKI.
Multinational organization
Waterfall chart
Confidentiality
Retention of business records
46. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Tie security risks to key business objectives
Defined objectives
Control risk
Background checks of prospective employees
47. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
What happened and how the breach was resolved
Aligned with organizational goals
Data mart
Annual loss expectancy (ALE)calculations
48. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Safeguards over keys
Strategic alignment of security with business objectives
Residual risk would be reduced by a greater amount
Performing a risk assessment
49. By definition are not previously known and therefore are undetectable.
Classification of assets needs
0-day vulnerabilities
Process of introducing changes to systems
Defining and ratifying the classification structure of information assets
50. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
Total cost of ownership (TCO)
OBusiness case development
Worm
Internal risk assessment