SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. It is more efficient to establish a ___________________for locations that must meet specific requirements.
include security responsibilities in a job description
Risk assessment - evaluation and impact analysis
Attributes and characteristics of the 'desired state'
Baseline standard and then develop additional standards
2. A risk assessment should be conducted _________________.
Annually or whenever there is a significant change
A network vulnerability assessment
OBusiness case development
Control risk
3. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Calculating the value of the information or asset
Data owners
include security responsibilities in a job description
Developing an information security baseline
4. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Owner of the information asset
Exceptions to policy
Digital certificate
Baseline standard and then develop additional standards
5. Awareness - training and physical security defenses.
Decentralization
Security awareness training for all employees
Internal risk assessment
Examples of containment defenses
6. Program that hides within or looks like a legit program
Encryption
Security code reviews for the entire software application
Tie security risks to key business objectives
Trojan horse
7. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Well-defined roles and responsibilities
Centralization of information security management
Malicious software and spyware
Skills inventory
8. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Retention of business records
Protective switch covers
Consensus on risks and controls
Residual risk
9. Company or person you believe will not send a virus-infect file knowingly
Identify the relevant systems and processes
Exceptions to policy
Trusted source
Process of introducing changes to systems
10. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Digital certificate
Retention of business records
Notifications and opt-out provisions
Biometric access control systems
11. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Worm
Public key infrastructure (PKI)
Single sign-on (SSO) product
Conduct a risk assessment
12. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Exceptions to policy
include security responsibilities in a job description
Methodology used in the assessment
0-day vulnerabilities
13. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
BIA (Business Impact Assessment
The board of directors and senior management
Audit objectives
Encryption of the hard disks
14. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
15. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Spoofing attacks
Defining high-level business security requirements
Biometric access control systems
Equal error rate (EER)
16. Culture has a significant impact on how information security will be implemented in a ______________________.
Digital signatures
Multinational organization
Methodology used in the assessment
Do with the information it collects
17. Someone who uses the internet or network to destroy or damage computers for political reasons
Impractical and is often cost-prohibitive
Single sign-on (SSO) product
Script kiddie
Cyber terrorist
18. Reducing risk to a level too small to measure is _______________.
Impractical and is often cost-prohibitive
0-day vulnerabilities
Personal firewall
IP address packet filtering
19. Should be a standard requirement for the service provider.
0-day vulnerabilities
Background check
Rule-based access control
Do with the information it collects
20. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
21. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Methodology used in the assessment
Do with the information it collects
The data custodian
Patch management
22. Useful but only with regard to specific technical skills.
Personal firewall
Proficiency testing
Do with the information it collects
Gap analysis
23. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Identify the vulnerable systems and apply compensating controls
People
Defining high-level business security requirements
Encryption of the hard disks
24. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Phishing
A network vulnerability assessment
Security risk
Access control matrix
25. Applications cannot access data associated with other apps
Defining high-level business security requirements
Methodology used in the assessment
Data isolation
Centralization of information security management
26. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Cracker
Penetration testing
Worm
Power surge/over voltage (spike)
27. Should be determined from the risk assessment results.
Inherent risk
Centralized structure
Audit objectives
Examples of containment defenses
28. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
Security code reviews for the entire software application
Risk appetite
Impractical and is often cost-prohibitive
What happened and how the breach was resolved
29. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Patch management process
Calculating the value of the information or asset
Retention of business records
Key controls
30. Ensure that transmitted information can be attributed to the named sender.
Digital signatures
Data warehouse
0-day vulnerabilities
Threat assessment
31. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Classification of assets needs
Properly aligned with business goals and objectives
Cyber extortionist
Risk management and the requirements of the organization
32. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Multinational organization
Continuous analysis - monitoring and feedback
Do with the information it collects
Comparison of cost of achievement
33. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
All personnel
Safeguards over keys
Return on security investment (ROSI)
Intrusion detection system (IDS)
34. A key indicator of performance measurement.
Strategic alignment of security with business objectives
Intrusion detection system (IDS)
Undervoltage (brownout)
Is willing to accept
35. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Continuous monitoring control initiatives
Internal risk assessment
The data custodian
Data owners
36. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Exceptions to policy
Assess the risks to the business operation
Performing a risk assessment
Identify the relevant systems and processes
37. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Compliance with the organization's information security requirements
Continuous monitoring control initiatives
Information contained on the equipment
What happened and how the breach was resolved
38. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Two-factor authentication
Penetration testing
Performing a risk assessment
Role-based access control
39. All within the responsibility of the information security manager.
Well-defined roles and responsibilities
Detection defenses
Platform security - intrusion detection and antivirus controls
Security awareness training for all employees
40. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Internal risk assessment
Process of introducing changes to systems
Acceptable use policies
Monitoring processes
41. Used to understand the flow of one process into another.
Service level agreements (SLAs)
Negotiating a local version of the organization standards
Examples of containment defenses
Waterfall chart
42. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Information security manager
Equal error rate (EER)
Residual risk would be reduced by a greater amount
IP address packet filtering
43. A notice that guarantees a user or a web site is legitimate
Digital certificate
Malicious software and spyware
OBusiness case development
Spoofing attacks
44. Computer that has duplicate components so it can continue to operate when one of its main components fail
Security risk
Calculating the value of the information or asset
Fault-tolerant computer
Inherent risk
45. Occurs when the incoming level
Transmit e-mail messages
Power surge/over voltage (spike)
Protective switch covers
Performing a risk assessment
46. Occurs after the risk assessment process - it does not measure it.
Internal risk assessment
Deeper level of analysis
Use of security metrics
Multinational organization
47. Inject malformed input.
The data custodian
Cross-site scripting attacks
Audit objectives
The data owner
48. Carries out the technical administration.
Encryption
Regular review of access control lists
Prioritization
The database administrator
49. The job of the information security officer on a management team is to ___________________.
include security responsibilities in a job description
Alignment with business strategy
Attributes and characteristics of the 'desired state'
Assess the risks to the business operation
50. Would protect against spoofing an internal address but would not provide strong authentication.
Script kiddie
IP address packet filtering
Worm
The data owner