SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
The balanced scorecard
Waterfall chart
Countermeasure cost-benefit analysis
All personnel
2. Provides strong online authentication.
MAL wear
Public key infrastructure (PKI)
Data warehouse
Properly aligned with business goals and objectives
3. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Risk management and the requirements of the organization
Methodology used in the assessment
Properly aligned with business goals and objectives
Residual risk would be reduced by a greater amount
4. When defining the information classification policy - the ___________________ need to be identified.
Data isolation
IP address packet filtering
Internal risk assessment
Requirements of the data owners
5. Culture has a significant impact on how information security will be implemented in a ______________________.
SWOT analysis
Its ability to reduce or eliminate business risks
All personnel
Multinational organization
6. Useful but only with regard to specific technical skills.
Proficiency testing
Monitoring processes
Identify the vulnerable systems and apply compensating controls
Script kiddie
7. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Cyber terrorist
The authentication process is broken
Gap analysis
Biometric access control systems
8. The data owner is responsible for _______________________.
Return on security investment (ROSI)
Applying the proper classification to the data
Skills inventory
include security responsibilities in a job description
9. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Audit objectives
Alignment with business strategy
Two-factor authentication
Power surge/over voltage (spike)
10. Only valid if assets have first been identified and appropriately valued.
Annual loss expectancy (ALE)calculations
Aligned with organizational goals
Annually or whenever there is a significant change
Methodology used in the assessment
11. BEST option to improve accountability for a system administrator is to _____________________.
Assess the risks to the business operation
Classification of assets needs
include security responsibilities in a job description
Threat assessment
12. The job of the information security officer on a management team is to ___________________.
Assess the risks to the business operation
Continuous monitoring control initiatives
Virus detection
Its ability to reduce or eliminate business risks
13. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Rule-based access control
Calculating the value of the information or asset
What happened and how the breach was resolved
Alignment with business strategy
14. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Alignment with business strategy
Risk assessment - evaluation and impact analysis
Tailgating
Encryption
15. All within the responsibility of the information security manager.
Platform security - intrusion detection and antivirus controls
Patch management
Gain unauthorized access to applications
Cost of control
16. Occurs after the risk assessment process - it does not measure it.
Use of security metrics
Do with the information it collects
Risk appetite
Information contained on the equipment
17. It is easier to manage and control a _________________.
Background checks of prospective employees
Assess the risks to the business operation
Centralized structure
Retention of business records
18. The MOST important element of an information security strategy.
Patch management
Decentralization
Defined objectives
Digital signatures
19. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Cyber terrorist
Impractical and is often cost-prohibitive
include security responsibilities in a job description
Protective switch covers
20. Responsible for securing the information.
Spoofing attacks
Calculating the value of the information or asset
The data custodian
Gap analysis
21. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Encryption
Countermeasure cost-benefit analysis
Notifications and opt-out provisions
Virus
22. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Waterfall chart
Detection defenses
Encryption key management
Cost of control
23. New security ulnerabilities should be managed through a ________________.
Patch management process
Centralized structure
Owner of the information asset
Properly aligned with business goals and objectives
24. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Information contained on the equipment
Role-based access control
Methodology used in the assessment
The database administrator
25. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Biometric access control systems
IP address packet filtering
Process of introducing changes to systems
Monitoring processes
26. When the ________________ is more than the cost of the risk - the risk should be accepted.
Centralized structure
Deeper level of analysis
Cost of control
Platform security - intrusion detection and antivirus controls
27. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Properly aligned with business goals and objectives
0-day vulnerabilities
Cyber extortionist
SWOT analysis
28. Ensures that there are no scalability problems.
Patch management process
Stress testing
Personal firewall
Proficiency testing
29. A notice that guarantees a user or a web site is legitimate
Use of security metrics
Applying the proper classification to the data
Digital certificate
Hacker
30. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Identify the relevant systems and processes
Monitoring processes
Background check
Acceptable use policies
31. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Transferred risk
Key controls
Tie security risks to key business objectives
Retention of business records
32. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Malicious software and spyware
Equal error rate (EER)
Logon banners
SWOT analysis
33. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Breakeven point of risk reduction and cost
Requirements of the data owners
Biometric access control systems
Background checks of prospective employees
34. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Access control matrix
The data custodian
Attributes and characteristics of the 'desired state'
Creation of a business continuity plan
35. Focuses on identifying vulnerabilities.
Penetration testing
Skills inventory
The awareness and agreement of the data subjects
Virus detection
36. An information security manager has to impress upon the human resources department the need for _____________________.
Security awareness training for all employees
Skills inventory
Consensus on risks and controls
Baseline standard and then develop additional standards
37. Should be a standard requirement for the service provider.
Certificate authority (CA)
Background check
Skills inventory
Data classification
38. Most effective for evaluating the degree to which information security objectives are being met.
The balanced scorecard
Two-factor authentication
include security responsibilities in a job description
All personnel
39. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Data isolation
Reduce risk to an acceptable level
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Acceptable use policies
40. The best measure for preventing the unauthorized disclosure of confidential information.
Attributes and characteristics of the 'desired state'
The data custodian
Certificate authority (CA)
Acceptable use policies
41. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Control risk
Defined objectives
Acceptable use policies
Negotiating a local version of the organization standards
42. Carries out the technical administration.
Spoofing attacks
Calculating the value of the information or asset
Certificate authority (CA)
The database administrator
43. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Decentralization
MAL wear
Encryption
BIA (Business Impact Assessment
44. Cannot be minimized
Inherent risk
Penetration testing
What happened and how the breach was resolved
Background check
45. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Internal risk assessment
Threat assessment
Countermeasure cost-benefit analysis
Rule-based access control
46. Occurs when the incoming level
Malicious software and spyware
MAL wear
Multinational organization
Power surge/over voltage (spike)
47. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Public key infrastructure (PKI)
Encryption
Risk appetite
Process of introducing changes to systems
48. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Defining high-level business security requirements
Cyber extortionist
The board of directors and senior management
Calculating the value of the information or asset
49. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
50. A key indicator of performance measurement.
Strategic alignment of security with business objectives
The information security officer
Cyber terrorist
Regulatory compliance
