Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing






2. Ensure that transmitted information can be attributed to the named sender.






3. Has to be integrated into the requirements of every software application's design.






4. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.






5. Accesses a computer or network illegally






6. Same intent as a cracker but does not have the technical skills and knowledge






7. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.






8. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance






9. provides the most effective protection of data on mobile devices.






10. Should PRIMARILY be based on regulatory and legal requirements.






11. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.






12. Identification and _______________ of business risk enables project managers to address areas with most significance.






13. BEST option to improve accountability for a system administrator is to _____________________.






14. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.






15. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.






16. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.






17. Computer that has duplicate components so it can continue to operate when one of its main components fail






18. When defining the information classification policy - the ___________________ need to be identified.






19. ecurity design flaws require a ____________________.






20. Would protect against spoofing an internal address but would not provide strong authentication.






21. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.






22. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree






23. The MOST important element of an information security strategy.






24. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.






25. Primarily reduce risk and are most effective for the protection of information assets.






26. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'






27. A method for analyzing and reducing a relational database to its most streamlined form






28. Oversees the overall classification management of the information.






29. An information security manager has to impress upon the human resources department the need for _____________________.






30. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.






31. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i






32. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.






33. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.






34. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network






35. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .






36. Someone who accesses a computer or network illegally






37. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.






38. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.






39. Company or person you believe will not send a virus-infect file knowingly






40. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.






41. Provide metrics to which outsourcing firms can be held accountable.






42. Has full responsibility over data.






43. Utility program that detects and protects a personal computer from unauthorized intrusions






44. A notice that guarantees a user or a web site is legitimate






45. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm






46. Someone who uses the internet or network to destroy or damage computers for political reasons






47. Occurs when the electrical supply drops






48. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.






49. A function of the session keys distributed by the PKI.






50. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests