Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Ensures that there are no scalability problems.






2. Provides process needs but not impact.






3. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.






4. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.






5. Whenever personal data are transferred across national boundaries; ________________________ are required.






6. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.






7. BEST option to improve accountability for a system administrator is to _____________________.






8. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.






9. Program that hides within or looks like a legit program






10. New security ulnerabilities should be managed through a ________________.






11. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.






12. A method for analyzing and reducing a relational database to its most streamlined form






13. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information






14. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but






15. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.






16. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.






17. A function of the session keys distributed by the PKI.






18. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.






19. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing






20. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.






21. Involves the correction of software weaknesses and would necessarily follow change management procedures.






22. The best measure for preventing the unauthorized disclosure of confidential information.






23. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.






24. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.






25. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.






26. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.






27. The most important characteristic of good security policies is that they be ____________________.






28. Occurs when the incoming level






29. The information security manager needs to prioritize the controls based on ________________________.






30. Programs that act without a user's knowledge and deliberately alter a computer's operations






31. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.






32. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.






33. Needs to define the access rules - which is troublesome and error prone in large organizations.






34. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.






35. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.






36. It is easier to manage and control a _________________.






37. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.






38. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.






39. Accesses a computer or network illegally






40. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e






41. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.






42. The data owner is responsible for _______________________.






43. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.






44. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.






45. Reducing risk to a level too small to measure is _______________.






46. Has to be integrated into the requirements of every software application's design.






47. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.






48. Only valid if assets have first been identified and appropriately valued.






49. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance






50. Used to understand the flow of one process into another.