SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Vulnerability assessment
Developing an information security baseline
Inherent risk
Get senior management onboard
2. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Skills inventory
A network vulnerability assessment
Transferred risk
Prioritization
3. All within the responsibility of the information security manager.
The data custodian
Script kiddie
Is willing to accept
Platform security - intrusion detection and antivirus controls
4. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Encryption of the hard disks
Virus detection
Control effectiveness
Regular review of access control lists
5. Has to be integrated into the requirements of every software application's design.
Data classification
Comparison of cost of achievement
Consensus on risks and controls
Encryption key management
6. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Return on security investment (ROSI)
Waterfall chart
SWOT analysis
Control risk
7. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Vulnerability assessment
Single sign-on (SSO) product
Information contained on the equipment
BIA (Business Impact Assessment
8. Provides strong online authentication.
Continuous monitoring control initiatives
Trusted source
Threat assessment
Public key infrastructure (PKI)
9. Inject malformed input.
Performing a risk assessment
Encryption
Public key infrastructure (PKI)
Cross-site scripting attacks
10. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
The information security officer
Detection defenses
Security awareness training for all employees
What happened and how the breach was resolved
11. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Risk assessment - evaluation and impact analysis
The board of directors and senior management
Knowledge management
Patch management
12. Programs that act without a user's knowledge and deliberately alter a computer's operations
Support the business objectives of the organization
Background check
MAL wear
Identify the relevant systems and processes
13. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Owner of the information asset
Script kiddie
Cracker
Stress testing
14. Awareness - training and physical security defenses.
Information security manager
Virus detection
Phishing
Examples of containment defenses
15. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Monitoring processes
Power surge/over voltage (spike)
Vulnerability assessment
Undervoltage (brownout)
16. Information security governance models are highly dependent on the _____________________.
Centralization of information security management
Tailgating
Overall organizational structure
Intrusion detection system (IDS)
17. Useful but only with regard to specific technical skills.
Biometric access control systems
Proficiency testing
Security code reviews for the entire software application
Confidentiality
18. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Impractical and is often cost-prohibitive
Data owners
Detection defenses
Process of introducing changes to systems
19. Program that hides within or looks like a legit program
Trojan horse
Security baselines
Requirements of the data owners
Countermeasure cost-benefit analysis
20. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Fault-tolerant computer
Threat assessment
Continuous monitoring control initiatives
Notifications and opt-out provisions
21. Applications cannot access data associated with other apps
Impractical and is often cost-prohibitive
Defined objectives
Process of introducing changes to systems
Data isolation
22. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Baseline standard and then develop additional standards
Role-based policy
Background checks of prospective employees
Intrusion detection system (IDS)
23. A key indicator of performance measurement.
People
Strategic alignment of security with business objectives
include security responsibilities in a job description
Data warehouse
24. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Equal error rate (EER)
Normalization
Key controls
Conduct a risk assessment
25. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Performing a risk assessment
Stress testing
Cracker
Normalization
26. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Identify the relevant systems and processes
Data warehouse
Script kiddie
Creation of a business continuity plan
27. Should be a standard requirement for the service provider.
Risk appetite
Increase business value and confidence
Background check
Do with the information it collects
28. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Resource dependency assessment
Acceptable use policies
Residual risk
Comparison of cost of achievement
29. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
The balanced scorecard
Data classification
Consensus on risks and controls
Developing an information security baseline
30. The most important characteristic of good security policies is that they be ____________________.
Examples of containment defenses
Patch management process
Aligned with organizational goals
Strategic alignment of security with business objectives
31. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Assess the risks to the business operation
include security responsibilities in a job description
Transferred risk
Exceptions to policy
32. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Digital signatures
Return on security investment (ROSI)
Notifications and opt-out provisions
Worm
33. Only valid if assets have first been identified and appropriately valued.
Conduct a risk assessment
Annual loss expectancy (ALE)calculations
Risk appetite
Data mart
34. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
35. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
The database administrator
Logon banners
People
Digital signatures
36. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Key risk indicator (KRI) setup
Owner of the information asset
BIA (Business Impact Assessment
Residual risk
37. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Alignment with business strategy
Safeguards over keys
Cross-site scripting attacks
Script kiddie
38. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Countermeasure cost-benefit analysis
Overall organizational structure
Encryption key management
Two-factor authentication
39. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Return on security investment (ROSI)
The board of directors and senior management
Internal risk assessment
Owner of the information asset
40. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Decentralization
Applying the proper classification to the data
Annual loss expectancy (ALE)calculations
Exceptions to policy
41. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Negotiating a local version of the organization standards
Asset classification
Platform security - intrusion detection and antivirus controls
Gap analysis
42. Needs to define the access rules - which is troublesome and error prone in large organizations.
Personal firewall
Trojan horse
Service level agreements (SLAs)
Rule-based access control
43. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Return on security investment (ROSI)
Properly aligned with business goals and objectives
Reduce risk to an acceptable level
Two-factor authentication
44. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Developing an information security baseline
Defining high-level business security requirements
Malicious software and spyware
Phishing
45. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Centralization of information security management
Properly aligned with business goals and objectives
Skills inventory
Identify the vulnerable systems and apply compensating controls
46. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
The authentication process is broken
Data mart
Security code reviews for the entire software application
Information contained on the equipment
47. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
Defined objectives
Get senior management onboard
Security baselines
OBusiness case development
48. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Residual risk
Vulnerability assessment
Regulatory compliance
Cyber extortionist
49. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Asset classification
Phishing
Proficiency testing
Tie security risks to key business objectives
50. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Strategic alignment of security with business objectives
Data classification
Patch management process
Vulnerability assessment
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests