Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Identification and _______________ of business risk enables project managers to address areas with most significance.






2. Occurs when the incoming level






3. The MOST useful way to describe the objectives in the information security strategy is through ______________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


4. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.






5. A function of the session keys distributed by the PKI.






6. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.






7. It is more efficient to establish a ___________________for locations that must meet specific requirements.






8. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.






9. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.






10. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.






11. All within the responsibility of the information security manager.






12. Focuses on identifying vulnerabilities.






13. Should be a standard requirement for the service provider.






14. The primary role of the information security manager in the process of information classification within the organization.






15. Has full responsibility over data.






16. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.






17. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.






18. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -






19. Risk should be reduced to a level that an organization _____________.






20. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are






21. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.






22. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.






23. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e






24. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.






25. Most effective for evaluating the degree to which information security objectives are being met.






26. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.






27. BEST option to improve accountability for a system administrator is to _____________________.






28. The PRIMARY goal in developing an information security strategy is to: _________________________.






29. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.






30. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.






31. ecurity design flaws require a ____________________.






32. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.






33. Cannot be minimized






34. Used to understand the flow of one process into another.






35. Should be performed to identify the risk and determine needed controls.






36. A repository of historical data organized by subject to support decision makers in the org






37. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.






38. Awareness - training and physical security defenses.






39. S small warehouse - designed for the end-user needs in a strategic business unit






40. Uses security metrics to measure the performance of the information security program.






41. Computer that has duplicate components so it can continue to operate when one of its main components fail






42. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process






43. Ensures that there are no scalability problems.






44. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.






45. Carries out the technical administration.






46. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.






47. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.






48. Program that hides within or looks like a legit program






49. Primarily reduce risk and are most effective for the protection of information assets.






50. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests