SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Increase business value and confidence
Annual loss expectancy (ALE)calculations
Security code reviews for the entire software application
Breakeven point of risk reduction and cost
2. A function of the session keys distributed by the PKI.
Confidentiality
Worm
Cyber extortionist
People
3. The information security manager needs to prioritize the controls based on ________________________.
Process of introducing changes to systems
Cross-site scripting attacks
Risk management and the requirements of the organization
Internal risk assessment
4. Accesses a computer or network illegally
The data owner
Support the business objectives of the organization
Cracker
BIA (Business Impact Assessment
5. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Lack of change management
Classification of assets needs
Risk management and the requirements of the organization
Security awareness training for all employees
6. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Identify the vulnerable systems and apply compensating controls
Exceptions to policy
All personnel
Certificate authority (CA)
7. A repository of historical data organized by subject to support decision makers in the org
Reduce risk to an acceptable level
Data warehouse
Use of security metrics
Cost of control
8. Uses security metrics to measure the performance of the information security program.
People
Equal error rate (EER)
Public key infrastructure (PKI)
Information security manager
9. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Logon banners
SWOT analysis
Return on security investment (ROSI)
Continuous monitoring control initiatives
10. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Risk management and the requirements of the organization
Support the business objectives of the organization
Cyber terrorist
Countermeasure cost-benefit analysis
11. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Asset classification
Cyber terrorist
Power surge/over voltage (spike)
Creation of a business continuity plan
12. Whenever personal data are transferred across national boundaries; ________________________ are required.
Trusted source
The awareness and agreement of the data subjects
Control effectiveness
Role-based policy
13. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Support the business objectives of the organization
Tie security risks to key business objectives
Multinational organization
Is willing to accept
14. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
All personnel
Identify the relevant systems and processes
Public key infrastructure (PKI)
Annual loss expectancy (ALE)calculations
15. Computer that has duplicate components so it can continue to operate when one of its main components fail
Patch management
Fault-tolerant computer
0-day vulnerabilities
Multinational organization
16. BEST option to improve accountability for a system administrator is to _____________________.
Undervoltage (brownout)
The balanced scorecard
include security responsibilities in a job description
The data owner
17. Primarily reduce risk and are most effective for the protection of information assets.
Methodology used in the assessment
Multinational organization
Intrusion detection system (IDS)
Key controls
18. Identification and _______________ of business risk enables project managers to address areas with most significance.
Negotiating a local version of the organization standards
Continuous monitoring control initiatives
Prioritization
SWOT analysis
19. A method for analyzing and reducing a relational database to its most streamlined form
Normalization
Platform security - intrusion detection and antivirus controls
Defining and ratifying the classification structure of information assets
The awareness and agreement of the data subjects
20. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Developing an information security baseline
Get senior management onboard
Centralization of information security management
Security baselines
21. Occurs after the risk assessment process - it does not measure it.
Use of security metrics
Data classification
Risk management and the requirements of the organization
Patch management process
22. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Data mart
Tailgating
Vulnerability assessment
Patch management
23. A key indicator of performance measurement.
Applying the proper classification to the data
Internal risk assessment
Cyber extortionist
Strategic alignment of security with business objectives
24. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Calculating the value of the information or asset
Centralization of information security management
SWOT analysis
MAL wear
25. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Access control matrix
Confidentiality
Continuous monitoring control initiatives
Alignment with business strategy
26. Should PRIMARILY be based on regulatory and legal requirements.
Developing an information security baseline
Information security manager
The data custodian
Retention of business records
27. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Process of introducing changes to systems
Patch management
Skills inventory
Countermeasure cost-benefit analysis
28. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Centralization of information security management
A network vulnerability assessment
Equal error rate (EER)
Strategic alignment of security with business objectives
29. Applications cannot access data associated with other apps
Data isolation
Cost of control
The awareness and agreement of the data subjects
Tie security risks to key business objectives
30. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
SWOT analysis
Is willing to accept
Control effectiveness
Annual loss expectancy (ALE)calculations
31. It is easier to manage and control a _________________.
Centralized structure
Information security manager
Identify the relevant systems and processes
Cyber extortionist
32. Useful but only with regard to specific technical skills.
Service level agreements (SLAs)
Defining and ratifying the classification structure of information assets
Proficiency testing
Role-based access control
33. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Security awareness training for all employees
Security baselines
Do with the information it collects
Security code reviews for the entire software application
34. Provides process needs but not impact.
Do with the information it collects
Resource dependency assessment
The database administrator
Encryption of the hard disks
35. Occurs when the incoming level
The awareness and agreement of the data subjects
Tie security risks to key business objectives
Power surge/over voltage (spike)
Waterfall chart
36. Programs that act without a user's knowledge and deliberately alter a computer's operations
MAL wear
Threat assessment
The data owner
Process of introducing changes to systems
37. The best measure for preventing the unauthorized disclosure of confidential information.
Methodology used in the assessment
The board of directors and senior management
Gap analysis
Acceptable use policies
38. provides the most effective protection of data on mobile devices.
Annually or whenever there is a significant change
Vulnerability assessment
Encryption
What happened and how the breach was resolved
39. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
The awareness and agreement of the data subjects
Classification of assets needs
Tailgating
Data owners
40. ecurity design flaws require a ____________________.
Information security manager
Normalization
Deeper level of analysis
Platform security - intrusion detection and antivirus controls
41. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Information contained on the equipment
Spoofing attacks
Asset classification
Performing a risk assessment
42. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Logon banners
Phishing
Defined objectives
Role-based access control
43. Carries out the technical administration.
Inherent risk
Information contained on the equipment
The database administrator
Penetration testing
44. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
OBusiness case development
Encryption key management
People
Detection defenses
45. New security ulnerabilities should be managed through a ________________.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Continuous monitoring control initiatives
Patch management process
Control risk
46. The job of the information security officer on a management team is to ___________________.
Assess the risks to the business operation
Aligned with organizational goals
Deeper level of analysis
Monitoring processes
47. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Risk appetite
Power surge/over voltage (spike)
Data owners
Control risk
48. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Intrusion detection system (IDS)
Strategic alignment of security with business objectives
Security awareness training for all employees
Undervoltage (brownout)
49. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Information contained on the equipment
Risk assessment - evaluation and impact analysis
Transmit e-mail messages
Single sign-on (SSO) product
50. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
Lack of change management
Worm
Encryption of the hard disks
Annual loss expectancy (ALE)calculations
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests