Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Occurs after the risk assessment process - it does not measure it.






2. Accesses a computer or network illegally






3. Provides strong online authentication.






4. Has to be integrated into the requirements of every software application's design.






5. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.






6. Someone who accesses a computer or network illegally






7. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.






8. All within the responsibility of the information security manager.






9. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.






10. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.






11. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.






12. Someone who uses the internet or network to destroy or damage computers for political reasons






13. The information security manager needs to prioritize the controls based on ________________________.






14. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.






15. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.






16. Would protect against spoofing an internal address but would not provide strong authentication.






17. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.






18. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.






19. Information security governance models are highly dependent on the _____________________.






20. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.






21. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.






22. The best measure and will involve reviewing the entire source code to detect all instances of back doors.






23. Identification and _______________ of business risk enables project managers to address areas with most significance.






24. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.






25. Inject malformed input.






26. provides the most effective protection of data on mobile devices.






27. Programs that act without a user's knowledge and deliberately alter a computer's operations






28. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.






29. Should be a standard requirement for the service provider.






30. The data owner is responsible for _______________________.






31. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the






32. Ensure that transmitted information can be attributed to the named sender.






33. Carries out the technical administration.






34. Occurs when the electrical supply drops






35. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.






36. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.






37. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.






38. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.






39. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.






40. Should PRIMARILY be based on regulatory and legal requirements.






41. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but






42. A risk assessment should be conducted _________________.






43. A notice that guarantees a user or a web site is legitimate






44. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.






45. It is more efficient to establish a ___________________for locations that must meet specific requirements.






46. A Successful risk management should lead to a ________________.






47. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'






48. Change management controls the _____________________. This is often the point at which a weakness will be introduced.






49. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are






50. Ensures that there are no scalability problems.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests