SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
Worm
Cyber terrorist
The authentication process is broken
Security code reviews for the entire software application
2. By definition are not previously known and therefore are undetectable.
Background checks of prospective employees
0-day vulnerabilities
Regulatory compliance
Cracker
3. Ensures that there are no scalability problems.
Stress testing
Fault-tolerant computer
The database administrator
Certificate authority (CA)
4. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Increase business value and confidence
0-day vulnerabilities
Knowledge management
Breakeven point of risk reduction and cost
5. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Creation of a business continuity plan
Support the business objectives of the organization
Continuous analysis - monitoring and feedback
Data owners
6. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Reduce risk to an acceptable level
Increase business value and confidence
Key risk indicator (KRI) setup
Decentralization
7. Accesses a computer or network illegally
Asset classification
Security risk
Cracker
Access control matrix
8. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Overall organizational structure
Cyber terrorist
Logon banners
Security code reviews for the entire software application
9. An information security manager has to impress upon the human resources department the need for _____________________.
Defining high-level business security requirements
Regular review of access control lists
The authentication process is broken
Security awareness training for all employees
10. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Single sign-on (SSO) product
Identify the vulnerable systems and apply compensating controls
Regular review of access control lists
Virus
11. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Certificate authority (CA)
Increase business value and confidence
The board of directors and senior management
Safeguards over keys
12. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Tie security risks to key business objectives
Return on security investment (ROSI)
Internal risk assessment
Threat assessment
13. Should be determined from the risk assessment results.
Properly aligned with business goals and objectives
Audit objectives
Strategic alignment of security with business objectives
include security responsibilities in a job description
14. Risk should be reduced to a level that an organization _____________.
Tie security risks to key business objectives
Background check
Penetration testing
Is willing to accept
15. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Gap analysis
Phishing
Its ability to reduce or eliminate business risks
Use of security metrics
16. All within the responsibility of the information security manager.
Negotiating a local version of the organization standards
Gain unauthorized access to applications
Identify the vulnerable systems and apply compensating controls
Platform security - intrusion detection and antivirus controls
17. Primarily reduce risk and are most effective for the protection of information assets.
Key risk indicator (KRI) setup
Power surge/over voltage (spike)
Classification of assets needs
Key controls
18. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Return on security investment (ROSI)
Waterfall chart
Is willing to accept
Alignment with business strategy
19. New security ulnerabilities should be managed through a ________________.
Owner of the information asset
Patch management process
Security awareness training for all employees
Centralized structure
20. Has to be integrated into the requirements of every software application's design.
Patch management process
Undervoltage (brownout)
Defined objectives
Encryption key management
21. Program that hides within or looks like a legit program
Trojan horse
Continuous monitoring control initiatives
Classification of assets needs
Reduce risk to an acceptable level
22. Someone who accesses a computer or network illegally
The database administrator
Hacker
Worm
Single sign-on (SSO) product
23. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Centralized structure
Attributes and characteristics of the 'desired state'
Risk management and the requirements of the organization
Worm
24. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
25. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Creation of a business continuity plan
Two-factor authentication
Cracker
Encryption key management
26. A Successful risk management should lead to a ________________.
Consensus on risks and controls
Encryption key management
Rule-based access control
Breakeven point of risk reduction and cost
27. It is easier to manage and control a _________________.
Is willing to accept
Centralized structure
Service level agreements (SLAs)
Cryptographic secure sockets layer (SSL) implementations and short key lengths
28. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Data classification
Fault-tolerant computer
Continuous monitoring control initiatives
Background check
29. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Encryption key management
Centralization of information security management
Data owners
Equal error rate (EER)
30. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Threat assessment
Internal risk assessment
Baseline standard and then develop additional standards
Risk assessment - evaluation and impact analysis
31. Used to understand the flow of one process into another.
Tailgating
Owner of the information asset
Comparison of cost of achievement
Waterfall chart
32. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Malicious software and spyware
Background checks of prospective employees
Control risk
Lack of change management
33. S small warehouse - designed for the end-user needs in a strategic business unit
Creation of a business continuity plan
A network vulnerability assessment
Data mart
The board of directors and senior management
34. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Control risk
Owner of the information asset
Residual risk would be reduced by a greater amount
Consensus on risks and controls
35. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Residual risk
Risk assessment - evaluation and impact analysis
Threat assessment
Regulatory compliance
36. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Asset classification
Phishing
Defining high-level business security requirements
The authentication process is broken
37. Should be a standard requirement for the service provider.
Background check
Performing a risk assessment
Annually or whenever there is a significant change
Risk appetite
38. A risk assessment should be conducted _________________.
Waterfall chart
Fault-tolerant computer
Annually or whenever there is a significant change
Malicious software and spyware
39. Programs that act without a user's knowledge and deliberately alter a computer's operations
MAL wear
Virus
Malicious software and spyware
Asset classification
40. A notice that guarantees a user or a web site is legitimate
People
Digital certificate
Data classification
Encryption key management
41. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Trojan horse
Cyber extortionist
The authentication process is broken
Security risk
42. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
43. BEST option to improve accountability for a system administrator is to _____________________.
The balanced scorecard
Security awareness training for all employees
Virus
include security responsibilities in a job description
44. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Cost of control
Data owners
Prioritization
Public key infrastructure (PKI)
45. Occurs after the risk assessment process - it does not measure it.
Use of security metrics
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Do with the information it collects
Get senior management onboard
46. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Malicious software and spyware
Developing an information security baseline
Risk assessment - evaluation and impact analysis
Security risk
47. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Reduce risk to an acceptable level
Security awareness training for all employees
Background checks of prospective employees
Comparison of cost of achievement
48. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Platform security - intrusion detection and antivirus controls
Countermeasure cost-benefit analysis
Use of security metrics
Compliance with the organization's information security requirements
49. Should be performed to identify the risk and determine needed controls.
Nondisclosure agreement (NDA)
Aligned with organizational goals
Internal risk assessment
Control risk
50. The MOST important element of an information security strategy.
Total cost of ownership (TCO)
Knowledge management
Defined objectives
Trojan horse
