Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.






2. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.






3. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.






4. Provides process needs but not impact.






5. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -






6. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.






7. Company or person you believe will not send a virus-infect file knowingly






8. A function of the session keys distributed by the PKI.






9. Involves the correction of software weaknesses and would necessarily follow change management procedures.






10. Ensures that there are no scalability problems.






11. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.






12. Ensure that transmitted information can be attributed to the named sender.






13. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.






14. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.






15. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.






16. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.






17. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.






18. Inject malformed input.






19. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .






20. All within the responsibility of the information security manager.






21. Only valid if assets have first been identified and appropriately valued.






22. The primary role of the information security manager in the process of information classification within the organization.






23. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.






24. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.






25. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.






26. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree






27. Computer that has duplicate components so it can continue to operate when one of its main components fail






28. Normally addressed through antivirus and antispyware policies.






29. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.






30. The BEST justification to convince management to invest in an information security program is that doing so would _________________.






31. Risk should be reduced to a level that an organization _____________.






32. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network






33. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.






34. Responsible for securing the information.






35. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.






36. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance






37. S small warehouse - designed for the end-user needs in a strategic business unit






38. It is easier to manage and control a _________________.






39. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.






40. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability






41. In order to highlight to management the importance of network security - the security manager should FIRST _______________.






42. The best measure for preventing the unauthorized disclosure of confidential information.






43. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information






44. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.






45. ecurity design flaws require a ____________________.






46. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.






47. Should PRIMARILY be based on regulatory and legal requirements.






48. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.






49. An information security manager has to impress upon the human resources department the need for _____________________.






50. Carries out the technical administration.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests