SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Is willing to accept
Patch management
Information security manager
include security responsibilities in a job description
2. The job of the information security officer on a management team is to ___________________.
BIA (Business Impact Assessment
Decentralization
Assess the risks to the business operation
Owner of the information asset
3. Accesses a computer or network illegally
Owner of the information asset
0-day vulnerabilities
Cracker
Protective switch covers
4. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Residual risk would be reduced by a greater amount
The authentication process is broken
Trojan horse
Information contained on the equipment
5. All within the responsibility of the information security manager.
Data owners
Undervoltage (brownout)
Identify the vulnerable systems and apply compensating controls
Platform security - intrusion detection and antivirus controls
6. By definition are not previously known and therefore are undetectable.
Decentralization
Continuous monitoring control initiatives
0-day vulnerabilities
Impractical and is often cost-prohibitive
7. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
8. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Inherent risk
Audit objectives
Transmit e-mail messages
Key controls
9. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Conduct a risk assessment
Data isolation
Security code reviews for the entire software application
Tie security risks to key business objectives
10. Whenever personal data are transferred across national boundaries; ________________________ are required.
Security risk
The database administrator
The awareness and agreement of the data subjects
Knowledge management
11. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Is willing to accept
Threat assessment
The database administrator
Spoofing attacks
12. Ensure that transmitted information can be attributed to the named sender.
MAL wear
Negotiating a local version of the organization standards
Digital signatures
Consensus on risks and controls
13. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Continuous monitoring control initiatives
Access control matrix
Return on security investment (ROSI)
Encryption of the hard disks
14. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
Its ability to reduce or eliminate business risks
All personnel
Personal firewall
Deeper level of analysis
15. Applications cannot access data associated with other apps
Single sign-on (SSO) product
The balanced scorecard
Normalization
Data isolation
16. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
The data owner
Breakeven point of risk reduction and cost
Classification of assets needs
Process of introducing changes to systems
17. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
People
SWOT analysis
Control risk
Hacker
18. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Data owners
Well-defined roles and responsibilities
Performing a risk assessment
Inherent risk
19. New security ulnerabilities should be managed through a ________________.
Patch management process
Cost of control
Data isolation
Aligned with organizational goals
20. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Patch management
Reduce risk to an acceptable level
SWOT analysis
Security risk
21. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
OBusiness case development
Cost of control
Cracker
Data classification
22. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Multinational organization
Consensus on risks and controls
Transferred risk
Encryption of the hard disks
23. Would protect against spoofing an internal address but would not provide strong authentication.
IP address packet filtering
Service level agreements (SLAs)
Encryption key management
Tie security risks to key business objectives
24. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Tie security risks to key business objectives
Control effectiveness
Negotiating a local version of the organization standards
Residual risk
25. Primarily reduce risk and are most effective for the protection of information assets.
Reduce risk to an acceptable level
Countermeasure cost-benefit analysis
Developing an information security baseline
Key controls
26. Identification and _______________ of business risk enables project managers to address areas with most significance.
Residual risk would be reduced by a greater amount
Compliance with the organization's information security requirements
Prioritization
Transmit e-mail messages
27. Normally addressed through antivirus and antispyware policies.
Power surge/over voltage (spike)
People
Malicious software and spyware
Notifications and opt-out provisions
28. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Two-factor authentication
Asset classification
Overall organizational structure
Residual risk
29. Provides strong online authentication.
Cracker
Public key infrastructure (PKI)
Well-defined roles and responsibilities
Background checks of prospective employees
30. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Examples of containment defenses
Return on security investment (ROSI)
Information contained on the equipment
Role-based access control
31. provides the most effective protection of data on mobile devices.
Personal firewall
Encryption
Continuous monitoring control initiatives
Role-based access control
32. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Biometric access control systems
Its ability to reduce or eliminate business risks
Script kiddie
Nondisclosure agreement (NDA)
33. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Skills inventory
Lack of change management
Control effectiveness
Rule-based access control
34. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Developing an information security baseline
Baseline standard and then develop additional standards
Use of security metrics
Centralized structure
35. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Phishing
Developing an information security baseline
Lack of change management
Digital signatures
36. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Knowledge management
Background check
Patch management process
Annually or whenever there is a significant change
37. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Information contained on the equipment
Regular review of access control lists
Cracker
Applying the proper classification to the data
38. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Security code reviews for the entire software application
Data warehouse
Transferred risk
Acceptable use policies
39. Only valid if assets have first been identified and appropriately valued.
Power surge/over voltage (spike)
Encryption key management
Cyber terrorist
Annual loss expectancy (ALE)calculations
40. Occurs when the incoming level
Tie security risks to key business objectives
Background check
Power surge/over voltage (spike)
Performing a risk assessment
41. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
Methodology used in the assessment
Information contained on the equipment
Malicious software and spyware
What happened and how the breach was resolved
42. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.
Encryption key management
Digital signatures
Normalization
Regulatory compliance
43. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Encryption key management
Owner of the information asset
Aligned with organizational goals
Regular review of access control lists
44. Should be determined from the risk assessment results.
Internal risk assessment
Negotiating a local version of the organization standards
Audit objectives
Transferred risk
45. Provide metrics to which outsourcing firms can be held accountable.
Baseline standard and then develop additional standards
Service level agreements (SLAs)
Information contained on the equipment
Confidentiality
46. Someone who uses the internet or network to destroy or damage computers for political reasons
Countermeasure cost-benefit analysis
Regulatory compliance
Strategic alignment of security with business objectives
Cyber terrorist
47. A repository of historical data organized by subject to support decision makers in the org
Consensus on risks and controls
Two-factor authentication
Data warehouse
The data owner
48. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
0-day vulnerabilities
Tailgating
Examples of containment defenses
Protective switch covers
49. Risk should be reduced to a level that an organization _____________.
The board of directors and senior management
Risk assessment - evaluation and impact analysis
Is willing to accept
Background checks of prospective employees
50. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Internal risk assessment
Equal error rate (EER)
Digital signatures
The authentication process is broken