SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Provides process needs but not impact.
Resource dependency assessment
Properly aligned with business goals and objectives
Information contained on the equipment
Inherent risk
2. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Transmit e-mail messages
Two-factor authentication
Data warehouse
Cryptographic secure sockets layer (SSL) implementations and short key lengths
3. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Tie security risks to key business objectives
Virus
OBusiness case development
Digital signatures
4. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
The data owner
Continuous monitoring control initiatives
Countermeasure cost-benefit analysis
SWOT analysis
5. provides the most effective protection of data on mobile devices.
Security awareness training for all employees
Encryption
A network vulnerability assessment
IP address packet filtering
6. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Data isolation
Gain unauthorized access to applications
Exceptions to policy
Background checks of prospective employees
7. It is easier to manage and control a _________________.
Gain unauthorized access to applications
Centralized structure
Threat assessment
Examples of containment defenses
8. A key indicator of performance measurement.
Strategic alignment of security with business objectives
Residual risk would be reduced by a greater amount
All personnel
Increase business value and confidence
9. Reducing risk to a level too small to measure is _______________.
Role-based access control
Impractical and is often cost-prohibitive
Cyber extortionist
Regular review of access control lists
10. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Negotiating a local version of the organization standards
Defining high-level business security requirements
Use of security metrics
Trojan horse
11. A notice that guarantees a user or a web site is legitimate
Digital certificate
Threat assessment
Virus
Lack of change management
12. Applications cannot access data associated with other apps
Methodology used in the assessment
Data isolation
Continuous monitoring control initiatives
Virus detection
13. ecurity design flaws require a ____________________.
Security baselines
Increase business value and confidence
Deeper level of analysis
Defining and ratifying the classification structure of information assets
14. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Role-based access control
Proficiency testing
Comparison of cost of achievement
Residual risk would be reduced by a greater amount
15. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Increase business value and confidence
People
Do with the information it collects
Use of security metrics
16. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Public key infrastructure (PKI)
Compliance with the organization's information security requirements
Skills inventory
Regular review of access control lists
17. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Trojan horse
Key controls
Nondisclosure agreement (NDA)
Developing an information security baseline
18. Inject malformed input.
Alignment with business strategy
Security baselines
Do with the information it collects
Cross-site scripting attacks
19. Same intent as a cracker but does not have the technical skills and knowledge
Control effectiveness
Performing a risk assessment
Cyber extortionist
Script kiddie
20. The most important characteristic of good security policies is that they be ____________________.
Aligned with organizational goals
Acceptable use policies
Defining high-level business security requirements
Calculating the value of the information or asset
21. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Cyber terrorist
Conduct a risk assessment
Phishing
Digital signatures
22. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.
Its ability to reduce or eliminate business risks
Decentralization
Conduct a risk assessment
Lack of change management
23. Primarily reduce risk and are most effective for the protection of information assets.
Risk assessment - evaluation and impact analysis
Equal error rate (EER)
Virus detection
Key controls
24. Carries out the technical administration.
The database administrator
Inherent risk
Negotiating a local version of the organization standards
Reduce risk to an acceptable level
25. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Aligned with organizational goals
Safeguards over keys
Biometric access control systems
Virus
26. A repository of historical data organized by subject to support decision makers in the org
Conduct a risk assessment
Data warehouse
Acceptable use policies
Data owners
27. Risk should be reduced to a level that an organization _____________.
Attributes and characteristics of the 'desired state'
Is willing to accept
Resource dependency assessment
Well-defined roles and responsibilities
28. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Waterfall chart
Protective switch covers
Public key infrastructure (PKI)
MAL wear
29. Useful but only with regard to specific technical skills.
Phishing
Malicious software and spyware
Defined objectives
Proficiency testing
30. Occurs after the risk assessment process - it does not measure it.
Use of security metrics
Vulnerability assessment
Cross-site scripting attacks
Tie security risks to key business objectives
31. The data owner is responsible for _______________________.
Gain unauthorized access to applications
Security code reviews for the entire software application
Applying the proper classification to the data
Tie security risks to key business objectives
32. Company or person you believe will not send a virus-infect file knowingly
Audit objectives
Fault-tolerant computer
SWOT analysis
Trusted source
33. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Return on security investment (ROSI)
Monitoring processes
Protective switch covers
Tie security risks to key business objectives
34. Used to understand the flow of one process into another.
Penetration testing
Rule-based access control
Trusted source
Waterfall chart
35. Information security governance models are highly dependent on the _____________________.
Vulnerability assessment
Lack of change management
Overall organizational structure
Key risk indicator (KRI) setup
36. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
37. Computer that has duplicate components so it can continue to operate when one of its main components fail
Power surge/over voltage (spike)
Public key infrastructure (PKI)
Fault-tolerant computer
BIA (Business Impact Assessment
38. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Waterfall chart
Negotiating a local version of the organization standards
Well-defined roles and responsibilities
Intrusion detection system (IDS)
39. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Internal risk assessment
Strategic alignment of security with business objectives
Well-defined roles and responsibilities
Security code reviews for the entire software application
40. S small warehouse - designed for the end-user needs in a strategic business unit
Data mart
Equal error rate (EER)
Digital certificate
Platform security - intrusion detection and antivirus controls
41. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Patch management
Its ability to reduce or eliminate business risks
Penetration testing
Normalization
42. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Process of introducing changes to systems
Residual risk would be reduced by a greater amount
Hacker
Stress testing
43. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Proficiency testing
Worm
Gain unauthorized access to applications
Data isolation
44. The best measure for preventing the unauthorized disclosure of confidential information.
Background checks of prospective employees
Acceptable use policies
Security code reviews for the entire software application
Transmit e-mail messages
45. Provides strong online authentication.
Public key infrastructure (PKI)
Script kiddie
Biometric access control systems
Risk management and the requirements of the organization
46. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Impractical and is often cost-prohibitive
The awareness and agreement of the data subjects
Transferred risk
Continuous monitoring control initiatives
47. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
Waterfall chart
Decentralization
Tie security risks to key business objectives
OBusiness case development
48. Should be determined from the risk assessment results.
Trojan horse
Malicious software and spyware
Annually or whenever there is a significant change
Audit objectives
49. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Undervoltage (brownout)
Total cost of ownership (TCO)
Information contained on the equipment
Role-based policy
50. Awareness - training and physical security defenses.
Data isolation
Resource dependency assessment
Examples of containment defenses
Access control matrix