Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Whenever personal data are transferred across national boundaries; ________________________ are required.






2. Reducing risk to a level too small to measure is _______________.






3. Should be a standard requirement for the service provider.






4. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.






5. The data owner is responsible for _______________________.






6. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.






7. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but






8. Same intent as a cracker but does not have the technical skills and knowledge






9. A function of the session keys distributed by the PKI.






10. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.






11. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.






12. ecurity design flaws require a ____________________.






13. Occurs when the electrical supply drops






14. S small warehouse - designed for the end-user needs in a strategic business unit






15. Utility program that detects and protects a personal computer from unauthorized intrusions






16. Change management controls the _____________________. This is often the point at which a weakness will be introduced.






17. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.






18. Should be determined from the risk assessment results.






19. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -






20. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.






21. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing






22. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.






23. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.






24. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.






25. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process






26. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance






27. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.






28. An information security manager has to impress upon the human resources department the need for _____________________.






29. A repository of historical data organized by subject to support decision makers in the org






30. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.






31. Would protect against spoofing an internal address but would not provide strong authentication.






32. Provides strong online authentication.






33. The BEST justification to convince management to invest in an information security program is that doing so would _________________.






34. Awareness - training and physical security defenses.






35. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability






36. Focuses on identifying vulnerabilities.






37. Involves the correction of software weaknesses and would necessarily follow change management procedures.






38. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e






39. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.






40. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


41. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.






42. The most important characteristic of good security policies is that they be ____________________.






43. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network






44. By definition are not previously known and therefore are undetectable.






45. Needs to define the access rules - which is troublesome and error prone in large organizations.






46. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.






47. Primarily reduce risk and are most effective for the protection of information assets.






48. Someone who accesses a computer or network illegally






49. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.






50. The MOST useful way to describe the objectives in the information security strategy is through ______________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183