SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The MOST important element of an information security strategy.
Monitoring processes
Penetration testing
Cracker
Defined objectives
2. A method for analyzing and reducing a relational database to its most streamlined form
Information security manager
Normalization
Prioritization
Well-defined roles and responsibilities
3. Focuses on identifying vulnerabilities.
Public key infrastructure (PKI)
Creation of a business continuity plan
Penetration testing
Assess the risks to the business operation
4. Applications cannot access data associated with other apps
Its ability to reduce or eliminate business risks
Data isolation
Information contained on the equipment
include security responsibilities in a job description
5. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Reduce risk to an acceptable level
Overall organizational structure
Spoofing attacks
All personnel
6. A Successful risk management should lead to a ________________.
Internal risk assessment
Breakeven point of risk reduction and cost
Intrusion detection system (IDS)
Information contained on the equipment
7. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Background check
Alignment with business strategy
Detection defenses
Service level agreements (SLAs)
8. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Encryption
Biometric access control systems
Defined objectives
Cost of control
9. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Data owners
People
Biometric access control systems
Data classification
10. Program that hides within or looks like a legit program
Encryption
Skills inventory
Service level agreements (SLAs)
Trojan horse
11. Computer that has duplicate components so it can continue to operate when one of its main components fail
Fault-tolerant computer
Regular review of access control lists
Centralization of information security management
0-day vulnerabilities
12. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Two-factor authentication
Hacker
Baseline standard and then develop additional standards
Alignment with business strategy
13. Without _____________________ - there cannot be accountability.
Control risk
Negotiating a local version of the organization standards
Well-defined roles and responsibilities
Overall organizational structure
14. Useful but only with regard to specific technical skills.
Assess the risks to the business operation
Exceptions to policy
Proficiency testing
Owner of the information asset
15. Only valid if assets have first been identified and appropriately valued.
Do with the information it collects
Security code reviews for the entire software application
BIA (Business Impact Assessment
Annual loss expectancy (ALE)calculations
16. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Residual risk
Cost of control
Defining and ratifying the classification structure of information assets
Safeguards over keys
17. Has to be integrated into the requirements of every software application's design.
Service level agreements (SLAs)
Digital certificate
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Encryption key management
18. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Get senior management onboard
Tie security risks to key business objectives
Multinational organization
Countermeasure cost-benefit analysis
19. Company or person you believe will not send a virus-infect file knowingly
Control risk
Trusted source
Knowledge management
Public key infrastructure (PKI)
20. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
Background checks of prospective employees
Identify the vulnerable systems and apply compensating controls
What happened and how the breach was resolved
Audit objectives
21. Reducing risk to a level too small to measure is _______________.
Background check
Patch management process
Impractical and is often cost-prohibitive
Key risk indicator (KRI) setup
22. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.
Two-factor authentication
Its ability to reduce or eliminate business risks
0-day vulnerabilities
Overall organizational structure
23. The primary role of the information security manager in the process of information classification within the organization.
Calculating the value of the information or asset
Centralization of information security management
Security code reviews for the entire software application
Defining and ratifying the classification structure of information assets
24. Occurs when the electrical supply drops
Two-factor authentication
Role-based access control
Continuous analysis - monitoring and feedback
Undervoltage (brownout)
25. Involves the correction of software weaknesses and would necessarily follow change management procedures.
The data custodian
Patch management
People
Inherent risk
26. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Developing an information security baseline
The data owner
Defining high-level business security requirements
Internal risk assessment
27. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
28. ecurity design flaws require a ____________________.
Acceptable use policies
Deeper level of analysis
Its ability to reduce or eliminate business risks
What happened and how the breach was resolved
29. Provide metrics to which outsourcing firms can be held accountable.
Owner of the information asset
Strategic alignment of security with business objectives
Prioritization
Service level agreements (SLAs)
30. BEST option to improve accountability for a system administrator is to _____________________.
include security responsibilities in a job description
Detection defenses
Compliance with the organization's information security requirements
Centralized structure
31. Needs to define the access rules - which is troublesome and error prone in large organizations.
Regulatory compliance
Centralized structure
Residual risk would be reduced by a greater amount
Rule-based access control
32. A notice that guarantees a user or a web site is legitimate
Cracker
Digital certificate
Compliance with the organization's information security requirements
Retention of business records
33. The best measure for preventing the unauthorized disclosure of confidential information.
Acceptable use policies
Proficiency testing
Strategic alignment of security with business objectives
Applying the proper classification to the data
34. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Centralization of information security management
Transferred risk
Continuous monitoring control initiatives
Information security manager
35. The PRIMARY goal in developing an information security strategy is to: _________________________.
Power surge/over voltage (spike)
Support the business objectives of the organization
Breakeven point of risk reduction and cost
Trusted source
36. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Centralized structure
Service level agreements (SLAs)
Reduce risk to an acceptable level
Lack of change management
37. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Control effectiveness
Properly aligned with business goals and objectives
Biometric access control systems
Exceptions to policy
38. A key indicator of performance measurement.
Strategic alignment of security with business objectives
The information security officer
Waterfall chart
A network vulnerability assessment
39. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Gap analysis
People
Comparison of cost of achievement
Decentralization
40. provides the most effective protection of data on mobile devices.
Encryption
Negotiating a local version of the organization standards
Annually or whenever there is a significant change
The awareness and agreement of the data subjects
41. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Tie security risks to key business objectives
Reduce risk to an acceptable level
Gain unauthorized access to applications
Role-based policy
42. The data owner is responsible for _______________________.
Baseline standard and then develop additional standards
Encryption key management
Audit objectives
Applying the proper classification to the data
43. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Cost of control
Equal error rate (EER)
Defining high-level business security requirements
Proficiency testing
44. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Information contained on the equipment
Defining high-level business security requirements
The awareness and agreement of the data subjects
Key risk indicator (KRI) setup
45. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Threat assessment
Logon banners
Waterfall chart
Regular review of access control lists
46. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Increase business value and confidence
Residual risk
Normalization
Trojan horse
47. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Data owners
Defining high-level business security requirements
Aligned with organizational goals
Personal firewall
48. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Platform security - intrusion detection and antivirus controls
Attributes and characteristics of the 'desired state'
Residual risk would be reduced by a greater amount
Control effectiveness
49. Information security governance models are highly dependent on the _____________________.
Calculating the value of the information or asset
Overall organizational structure
Security baselines
Trusted source
50. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Consensus on risks and controls
Spoofing attacks
Protective switch covers
Security awareness training for all employees
