SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Knowledge management
Conduct a risk assessment
Compliance with the organization's information security requirements
Monitoring processes
2. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Classification of assets needs
Performing a risk assessment
Information security manager
Return on security investment (ROSI)
3. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Undervoltage (brownout)
Virus detection
Compliance with the organization's information security requirements
Control risk
4. Provides process needs but not impact.
Resource dependency assessment
The authentication process is broken
Countermeasure cost-benefit analysis
Get senior management onboard
5. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Impractical and is often cost-prohibitive
Is willing to accept
Gap analysis
Normalization
6. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.
Baseline standard and then develop additional standards
Regulatory compliance
Security risk
Process of introducing changes to systems
7. Company or person you believe will not send a virus-infect file knowingly
Trusted source
Role-based access control
Proficiency testing
Encryption of the hard disks
8. A function of the session keys distributed by the PKI.
Skills inventory
Confidentiality
Well-defined roles and responsibilities
Increase business value and confidence
9. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Support the business objectives of the organization
Patch management
Cross-site scripting attacks
Logon banners
10. Ensures that there are no scalability problems.
Continuous monitoring control initiatives
Single sign-on (SSO) product
Stress testing
Data warehouse
11. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Virus
Regular review of access control lists
Security baselines
Do with the information it collects
12. Ensure that transmitted information can be attributed to the named sender.
Digital signatures
Platform security - intrusion detection and antivirus controls
Hacker
Equal error rate (EER)
13. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Detection defenses
Skills inventory
Virus
Multinational organization
14. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Countermeasure cost-benefit analysis
Internal risk assessment
Confidentiality
0-day vulnerabilities
15. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Platform security - intrusion detection and antivirus controls
Logon banners
Nondisclosure agreement (NDA)
Decentralization
16. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Nondisclosure agreement (NDA)
Protective switch covers
Encryption of the hard disks
Cross-site scripting attacks
17. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.
Platform security - intrusion detection and antivirus controls
Its ability to reduce or eliminate business risks
People
Tailgating
18. Inject malformed input.
Cross-site scripting attacks
Encryption of the hard disks
Transferred risk
The information security officer
19. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Return on security investment (ROSI)
Equal error rate (EER)
Total cost of ownership (TCO)
Cross-site scripting attacks
20. All within the responsibility of the information security manager.
Platform security - intrusion detection and antivirus controls
Multinational organization
Data classification
Protective switch covers
21. Only valid if assets have first been identified and appropriately valued.
Deeper level of analysis
Transmit e-mail messages
Annual loss expectancy (ALE)calculations
Background checks of prospective employees
22. The primary role of the information security manager in the process of information classification within the organization.
Defining and ratifying the classification structure of information assets
Performing a risk assessment
Protective switch covers
The balanced scorecard
23. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Internal risk assessment
Background checks of prospective employees
Knowledge management
Decentralization
24. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Spoofing attacks
Performing a risk assessment
Role-based access control
Key controls
25. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Information contained on the equipment
Cracker
Negotiating a local version of the organization standards
Encryption key management
26. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Logon banners
Countermeasure cost-benefit analysis
Penetration testing
Skills inventory
27. Computer that has duplicate components so it can continue to operate when one of its main components fail
The balanced scorecard
Fault-tolerant computer
Requirements of the data owners
Intrusion detection system (IDS)
28. Normally addressed through antivirus and antispyware policies.
Knowledge management
Decentralization
Malicious software and spyware
Prioritization
29. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Spoofing attacks
Worm
Asset classification
Consensus on risks and controls
30. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Increase business value and confidence
Platform security - intrusion detection and antivirus controls
Assess the risks to the business operation
All personnel
31. Risk should be reduced to a level that an organization _____________.
Regulatory compliance
Is willing to accept
Security baselines
Gain unauthorized access to applications
32. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Notifications and opt-out provisions
Worm
Platform security - intrusion detection and antivirus controls
Vulnerability assessment
33. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Aligned with organizational goals
Cyber terrorist
Is willing to accept
Certificate authority (CA)
34. Responsible for securing the information.
Use of security metrics
Single sign-on (SSO) product
The data custodian
SWOT analysis
35. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
All personnel
Support the business objectives of the organization
Encryption
Notifications and opt-out provisions
36. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Exceptions to policy
Comparison of cost of achievement
Owner of the information asset
Audit objectives
37. S small warehouse - designed for the end-user needs in a strategic business unit
Developing an information security baseline
Data mart
Owner of the information asset
Background check
38. It is easier to manage and control a _________________.
Monitoring processes
People
Centralized structure
Background check
39. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Two-factor authentication
All personnel
Control effectiveness
Vulnerability assessment
40. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Calculating the value of the information or asset
The awareness and agreement of the data subjects
Security risk
Retention of business records
41. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
What happened and how the breach was resolved
Increase business value and confidence
Conduct a risk assessment
The awareness and agreement of the data subjects
42. The best measure for preventing the unauthorized disclosure of confidential information.
Key risk indicator (KRI) setup
MAL wear
Acceptable use policies
Stress testing
43. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Phishing
Prioritization
Lack of change management
Asset classification
44. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Safeguards over keys
Single sign-on (SSO) product
Prioritization
Residual risk
45. ecurity design flaws require a ____________________.
Deeper level of analysis
Access control matrix
Internal risk assessment
Centralization of information security management
46. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Identify the relevant systems and processes
Cryptographic secure sockets layer (SSL) implementations and short key lengths
The board of directors and senior management
Residual risk would be reduced by a greater amount
47. Should PRIMARILY be based on regulatory and legal requirements.
Retention of business records
Return on security investment (ROSI)
Information contained on the equipment
Calculating the value of the information or asset
48. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
All personnel
Transmit e-mail messages
SWOT analysis
Data isolation
49. An information security manager has to impress upon the human resources department the need for _____________________.
Key risk indicator (KRI) setup
Security awareness training for all employees
Identify the relevant systems and processes
Stress testing
50. Carries out the technical administration.
Exceptions to policy
The database administrator
Assess the risks to the business operation
Classification of assets needs
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests