Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Involves the correction of software weaknesses and would necessarily follow change management procedures.






2. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.






3. A risk assessment should be conducted _________________.






4. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are






5. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.






6. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.






7. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.






8. It is more efficient to establish a ___________________for locations that must meet specific requirements.






9. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.






10. A Successful risk management should lead to a ________________.






11. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.






12. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process






13. The best measure and will involve reviewing the entire source code to detect all instances of back doors.






14. Applications cannot access data associated with other apps






15. Normally addressed through antivirus and antispyware policies.






16. Would protect against spoofing an internal address but would not provide strong authentication.






17. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.






18. New security ulnerabilities should be managed through a ________________.






19. Has full responsibility over data.






20. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree






21. Occurs after the risk assessment process - it does not measure it.






22. Change management controls the _____________________. This is often the point at which a weakness will be introduced.






23. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.






24. Provides process needs but not impact.






25. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.






26. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.






27. The BEST justification to convince management to invest in an information security program is that doing so would _________________.






28. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.






29. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.






30. By definition are not previously known and therefore are undetectable.






31. Used to understand the flow of one process into another.






32. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.






33. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm






34. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.






35. Inject malformed input.






36. Should PRIMARILY be based on regulatory and legal requirements.






37. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee






38. In order to highlight to management the importance of network security - the security manager should FIRST _______________.






39. Company or person you believe will not send a virus-infect file knowingly






40. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.






41. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.






42. Primarily reduce risk and are most effective for the protection of information assets.






43. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.






44. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but






45. Useful but only with regard to specific technical skills.






46. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.






47. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.






48. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.






49. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .






50. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests