SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Total cost of ownership (TCO)
Defining high-level business security requirements
Key risk indicator (KRI) setup
The data custodian
2. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Residual risk
The awareness and agreement of the data subjects
The authentication process is broken
Continuous analysis - monitoring and feedback
3. A repository of historical data organized by subject to support decision makers in the org
Access control matrix
Data warehouse
Skills inventory
Cyber terrorist
4. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Acceptable use policies
Identify the vulnerable systems and apply compensating controls
Classification of assets needs
Centralization of information security management
5. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Cyber extortionist
Vulnerability assessment
Increase business value and confidence
Tie security risks to key business objectives
6. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Knowledge management
A network vulnerability assessment
Digital signatures
Impractical and is often cost-prohibitive
7. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Is willing to accept
Centralization of information security management
Vulnerability assessment
Return on security investment (ROSI)
8. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
BIA (Business Impact Assessment
Tie security risks to key business objectives
Increase business value and confidence
Support the business objectives of the organization
9. Has full responsibility over data.
The data owner
Risk appetite
Virus detection
Comparison of cost of achievement
10. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
Negotiating a local version of the organization standards
Continuous monitoring control initiatives
What happened and how the breach was resolved
The balanced scorecard
11. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Trusted source
Its ability to reduce or eliminate business risks
The information security officer
Skills inventory
12. Carries out the technical administration.
Asset classification
Security risk
The database administrator
Personal firewall
13. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Exceptions to policy
The authentication process is broken
include security responsibilities in a job description
Alignment with business strategy
14. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
15. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Get senior management onboard
Countermeasure cost-benefit analysis
Residual risk would be reduced by a greater amount
Background check
16. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
The authentication process is broken
Single sign-on (SSO) product
Centralization of information security management
Exceptions to policy
17. It is easier to manage and control a _________________.
Information contained on the equipment
Undervoltage (brownout)
Centralized structure
Control risk
18. An information security manager has to impress upon the human resources department the need for _____________________.
Calculating the value of the information or asset
Is willing to accept
Personal firewall
Security awareness training for all employees
19. The most important characteristic of good security policies is that they be ____________________.
Aligned with organizational goals
Digital signatures
Asset classification
Annually or whenever there is a significant change
20. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Security code reviews for the entire software application
Annually or whenever there is a significant change
Worm
Security baselines
21. Needs to define the access rules - which is troublesome and error prone in large organizations.
The database administrator
Rule-based access control
Virus detection
Overall organizational structure
22. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Notifications and opt-out provisions
Requirements of the data owners
Nondisclosure agreement (NDA)
Identify the vulnerable systems and apply compensating controls
23. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Centralization of information security management
Proficiency testing
Return on security investment (ROSI)
24. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Security code reviews for the entire software application
OBusiness case development
Cyber terrorist
The authentication process is broken
25. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
MAL wear
Gap analysis
Increase business value and confidence
Prioritization
26. The best measure for preventing the unauthorized disclosure of confidential information.
Continuous analysis - monitoring and feedback
Public key infrastructure (PKI)
Acceptable use policies
Defining high-level business security requirements
27. The PRIMARY goal in developing an information security strategy is to: _________________________.
What happened and how the breach was resolved
Patch management
Virus
Support the business objectives of the organization
28. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
The board of directors and senior management
Monitoring processes
MAL wear
SWOT analysis
29. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Control risk
Two-factor authentication
Vulnerability assessment
Creation of a business continuity plan
30. Accesses a computer or network illegally
include security responsibilities in a job description
Inherent risk
Calculating the value of the information or asset
Cracker
31. When defining the information classification policy - the ___________________ need to be identified.
Requirements of the data owners
Key risk indicator (KRI) setup
Risk assessment - evaluation and impact analysis
The data custodian
32. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Public key infrastructure (PKI)
Support the business objectives of the organization
Script kiddie
Gain unauthorized access to applications
33. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Monitoring processes
Detection defenses
Risk appetite
Aligned with organizational goals
34. The job of the information security officer on a management team is to ___________________.
Identify the relevant systems and processes
Assess the risks to the business operation
The data owner
Comparison of cost of achievement
35. Most effective for evaluating the degree to which information security objectives are being met.
The balanced scorecard
Safeguards over keys
Continuous analysis - monitoring and feedback
Spoofing attacks
36. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Patch management
Rule-based access control
Encryption
Baseline standard and then develop additional standards
37. Has to be integrated into the requirements of every software application's design.
Data isolation
Encryption key management
Identify the relevant systems and processes
Logon banners
38. All within the responsibility of the information security manager.
Defined objectives
Tie security risks to key business objectives
Platform security - intrusion detection and antivirus controls
Assess the risks to the business operation
39. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
OBusiness case development
Vulnerability assessment
Defining high-level business security requirements
Cross-site scripting attacks
40. Useful but only with regard to specific technical skills.
Proficiency testing
Calculating the value of the information or asset
Waterfall chart
Notifications and opt-out provisions
41. S small warehouse - designed for the end-user needs in a strategic business unit
Threat assessment
Data mart
Logon banners
Role-based policy
42. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Defining and ratifying the classification structure of information assets
Access control matrix
Audit objectives
Data warehouse
43. Used to understand the flow of one process into another.
Owner of the information asset
Data owners
IP address packet filtering
Waterfall chart
44. A Successful risk management should lead to a ________________.
Breakeven point of risk reduction and cost
Deeper level of analysis
Acceptable use policies
Asset classification
45. A key indicator of performance measurement.
Strategic alignment of security with business objectives
Normalization
Patch management process
Logon banners
46. Normally addressed through antivirus and antispyware policies.
Normalization
Personal firewall
BIA (Business Impact Assessment
Malicious software and spyware
47. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Calculating the value of the information or asset
Data classification
Increase business value and confidence
Two-factor authentication
48. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Conduct a risk assessment
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Cyber terrorist
Developing an information security baseline
49. The information security manager needs to prioritize the controls based on ________________________.
Risk management and the requirements of the organization
Deeper level of analysis
Logon banners
Internal risk assessment
50. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
Cyber extortionist
Background checks of prospective employees
Properly aligned with business goals and objectives
All personnel