SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Digital signatures
Rule-based access control
Virus
Data mart
2. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Audit objectives
Role-based access control
Malicious software and spyware
Decentralization
3. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Well-defined roles and responsibilities
Multinational organization
Identify the vulnerable systems and apply compensating controls
Information contained on the equipment
4. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
5. BEST option to improve accountability for a system administrator is to _____________________.
Defining high-level business security requirements
Examples of containment defenses
include security responsibilities in a job description
Power surge/over voltage (spike)
6. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Proficiency testing
Tailgating
Residual risk
Key risk indicator (KRI) setup
7. Should be performed to identify the risk and determine needed controls.
Internal risk assessment
Data warehouse
Breakeven point of risk reduction and cost
Gap analysis
8. Whenever personal data are transferred across national boundaries; ________________________ are required.
The awareness and agreement of the data subjects
0-day vulnerabilities
Personal firewall
Use of security metrics
9. Primarily reduce risk and are most effective for the protection of information assets.
Access control matrix
Key controls
Exceptions to policy
Methodology used in the assessment
10. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Conduct a risk assessment
Transferred risk
Process of introducing changes to systems
Biometric access control systems
11. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Key controls
Single sign-on (SSO) product
Conduct a risk assessment
Performing a risk assessment
12. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
MAL wear
Certificate authority (CA)
Gap analysis
Biometric access control systems
13. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Asset classification
Worm
Its ability to reduce or eliminate business risks
Stress testing
14. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Logon banners
BIA (Business Impact Assessment
Cyber extortionist
Access control matrix
15. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Platform security - intrusion detection and antivirus controls
Skills inventory
People
Asset classification
16. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Transmit e-mail messages
Tailgating
Trusted source
The awareness and agreement of the data subjects
17. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Single sign-on (SSO) product
Strategic alignment of security with business objectives
Is willing to accept
Phishing
18. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Lack of change management
Process of introducing changes to systems
Nondisclosure agreement (NDA)
Intrusion detection system (IDS)
19. Carries out the technical administration.
Nondisclosure agreement (NDA)
SWOT analysis
Malicious software and spyware
The database administrator
20. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Assess the risks to the business operation
Patch management
Control effectiveness
Information security manager
21. To identify known vulnerabilities based on common misconfigurations and missing updates.
A network vulnerability assessment
The database administrator
OBusiness case development
BIA (Business Impact Assessment
22. Risk should be reduced to a level that an organization _____________.
Background checks of prospective employees
Is willing to accept
Identify the vulnerable systems and apply compensating controls
Waterfall chart
23. The most important characteristic of good security policies is that they be ____________________.
Aligned with organizational goals
Compliance with the organization's information security requirements
Do with the information it collects
Service level agreements (SLAs)
24. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Penetration testing
The data custodian
BIA (Business Impact Assessment
Developing an information security baseline
25. All within the responsibility of the information security manager.
Access control matrix
Digital signatures
Role-based policy
Platform security - intrusion detection and antivirus controls
26. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Cross-site scripting attacks
Role-based policy
Data classification
Two-factor authentication
27. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Access control matrix
Vulnerability assessment
Equal error rate (EER)
Residual risk would be reduced by a greater amount
28. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Internal risk assessment
The authentication process is broken
Security code reviews for the entire software application
Regulatory compliance
29. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Its ability to reduce or eliminate business risks
Rule-based access control
Tie security risks to key business objectives
Knowledge management
30. Awareness - training and physical security defenses.
Key controls
Key risk indicator (KRI) setup
Examples of containment defenses
The awareness and agreement of the data subjects
31. Should be a standard requirement for the service provider.
Security awareness training for all employees
Regulatory compliance
Background check
Compliance with the organization's information security requirements
32. Focuses on identifying vulnerabilities.
Total cost of ownership (TCO)
Penetration testing
Strategic alignment of security with business objectives
Cross-site scripting attacks
33. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Penetration testing
Regular review of access control lists
Gap analysis
Annual loss expectancy (ALE)calculations
34. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Biometric access control systems
Identify the vulnerable systems and apply compensating controls
Gain unauthorized access to applications
Exceptions to policy
35. The job of the information security officer on a management team is to ___________________.
Tie security risks to key business objectives
Risk management and the requirements of the organization
Assess the risks to the business operation
Defining and ratifying the classification structure of information assets
36. By definition are not previously known and therefore are undetectable.
Service level agreements (SLAs)
0-day vulnerabilities
Compliance with the organization's information security requirements
Decentralization
37. A risk assessment should be conducted _________________.
Multinational organization
Get senior management onboard
Annually or whenever there is a significant change
Data classification
38. Identification and _______________ of business risk enables project managers to address areas with most significance.
Virus detection
Prioritization
Undervoltage (brownout)
Cyber terrorist
39. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
People
Compliance with the organization's information security requirements
Deeper level of analysis
Service level agreements (SLAs)
40. Computer that has duplicate components so it can continue to operate when one of its main components fail
Control effectiveness
Identify the vulnerable systems and apply compensating controls
Data isolation
Fault-tolerant computer
41. Company or person you believe will not send a virus-infect file knowingly
Trusted source
Attributes and characteristics of the 'desired state'
Stress testing
Deeper level of analysis
42. Should PRIMARILY be based on regulatory and legal requirements.
Security code reviews for the entire software application
Personal firewall
Retention of business records
Defining high-level business security requirements
43. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Safeguards over keys
Do with the information it collects
0-day vulnerabilities
Reduce risk to an acceptable level
44. Needs to define the access rules - which is troublesome and error prone in large organizations.
Rule-based access control
Creation of a business continuity plan
Digital certificate
Virus
45. A notice that guarantees a user or a web site is legitimate
Well-defined roles and responsibilities
Digital certificate
Breakeven point of risk reduction and cost
Examples of containment defenses
46. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Encryption
Identify the relevant systems and processes
Conduct a risk assessment
Tie security risks to key business objectives
47. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Biometric access control systems
Control risk
Background checks of prospective employees
Security code reviews for the entire software application
48. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Information contained on the equipment
Phishing
Notifications and opt-out provisions
Cross-site scripting attacks
49. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Regular review of access control lists
Nondisclosure agreement (NDA)
Transmit e-mail messages
Threat assessment
50. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Role-based policy
Penetration testing
Total cost of ownership (TCO)
Negotiating a local version of the organization standards
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests