SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Most effective for evaluating the degree to which information security objectives are being met.
Strategic alignment of security with business objectives
The balanced scorecard
Audit objectives
Gain unauthorized access to applications
2. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Security code reviews for the entire software application
Equal error rate (EER)
The database administrator
Total cost of ownership (TCO)
3. BEST option to improve accountability for a system administrator is to _____________________.
include security responsibilities in a job description
Identify the vulnerable systems and apply compensating controls
Aligned with organizational goals
Role-based access control
4. Reducing risk to a level too small to measure is _______________.
Power surge/over voltage (spike)
Impractical and is often cost-prohibitive
Gap analysis
Centralized structure
5. Has full responsibility over data.
Regulatory compliance
The data owner
Consensus on risks and controls
Properly aligned with business goals and objectives
6. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Comparison of cost of achievement
Gap analysis
Is willing to accept
Annually or whenever there is a significant change
7. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Alignment with business strategy
Protective switch covers
Access control matrix
Calculating the value of the information or asset
8. ecurity design flaws require a ____________________.
Multinational organization
Deeper level of analysis
Control effectiveness
Cost of control
9. Awareness - training and physical security defenses.
Audit objectives
Use of security metrics
The database administrator
Examples of containment defenses
10. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Lack of change management
Stress testing
People
Multinational organization
11. Inject malformed input.
Cross-site scripting attacks
Encryption of the hard disks
The authentication process is broken
Decentralization
12. Only valid if assets have first been identified and appropriately valued.
Annual loss expectancy (ALE)calculations
Risk appetite
The balanced scorecard
The database administrator
13. Someone who accesses a computer or network illegally
Attributes and characteristics of the 'desired state'
Waterfall chart
Audit objectives
Hacker
14. Responsible for securing the information.
The data custodian
Return on security investment (ROSI)
Residual risk
Cost of control
15. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Developing an information security baseline
Detection defenses
Data mart
Rule-based access control
16. Company or person you believe will not send a virus-infect file knowingly
Service level agreements (SLAs)
Strategic alignment of security with business objectives
Trusted source
Assess the risks to the business operation
17. Risk should be reduced to a level that an organization _____________.
Vulnerability assessment
0-day vulnerabilities
Digital certificate
Is willing to accept
18. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
SWOT analysis
Use of security metrics
Annual loss expectancy (ALE)calculations
Security code reviews for the entire software application
19. An information security manager has to impress upon the human resources department the need for _____________________.
Residual risk
Stress testing
Security awareness training for all employees
Encryption key management
20. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Defined objectives
Properly aligned with business goals and objectives
Attributes and characteristics of the 'desired state'
Cyber terrorist
21. Computer that has duplicate components so it can continue to operate when one of its main components fail
BIA (Business Impact Assessment
Risk appetite
Fault-tolerant computer
Exceptions to policy
22. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Countermeasure cost-benefit analysis
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Well-defined roles and responsibilities
Get senior management onboard
23. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Protective switch covers
Alignment with business strategy
Gain unauthorized access to applications
Detection defenses
24. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
25. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
OBusiness case development
Defining high-level business security requirements
Spoofing attacks
Prioritization
26. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Examples of containment defenses
Digital signatures
Patch management
Logon banners
27. Programs that act without a user's knowledge and deliberately alter a computer's operations
Stress testing
Power surge/over voltage (spike)
MAL wear
Safeguards over keys
28. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Security baselines
The database administrator
Information security manager
Hacker
29. Whenever personal data are transferred across national boundaries; ________________________ are required.
Data mart
The awareness and agreement of the data subjects
Centralization of information security management
Key risk indicator (KRI) setup
30. When defining the information classification policy - the ___________________ need to be identified.
Decentralization
Requirements of the data owners
The data custodian
Attributes and characteristics of the 'desired state'
31. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
BIA (Business Impact Assessment
Virus
Methodology used in the assessment
Tie security risks to key business objectives
32. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Monitoring processes
Control risk
Protective switch covers
Malicious software and spyware
33. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Continuous analysis - monitoring and feedback
Deeper level of analysis
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Security awareness training for all employees
34. Focuses on identifying vulnerabilities.
Return on security investment (ROSI)
Identify the vulnerable systems and apply compensating controls
Applying the proper classification to the data
Penetration testing
35. Occurs after the risk assessment process - it does not measure it.
Use of security metrics
Information contained on the equipment
Access control matrix
Stress testing
36. Oversees the overall classification management of the information.
Equal error rate (EER)
Biometric access control systems
The information security officer
The data custodian
37. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Increase business value and confidence
Monitoring processes
Skills inventory
Compliance with the organization's information security requirements
38. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
What happened and how the breach was resolved
Data mart
Applying the proper classification to the data
Role-based policy
39. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Transferred risk
Security risk
Decentralization
Get senior management onboard
40. Would protect against spoofing an internal address but would not provide strong authentication.
IP address packet filtering
Two-factor authentication
Undervoltage (brownout)
The data custodian
41. Program that hides within or looks like a legit program
Waterfall chart
The authentication process is broken
Trojan horse
Detection defenses
42. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Do with the information it collects
Owner of the information asset
Gain unauthorized access to applications
Virus detection
43. It is easier to manage and control a _________________.
Security awareness training for all employees
Centralized structure
Proficiency testing
Two-factor authentication
44. A key indicator of performance measurement.
Audit objectives
Skills inventory
Strategic alignment of security with business objectives
Power surge/over voltage (spike)
45. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Asset classification
Data mart
Countermeasure cost-benefit analysis
Transmit e-mail messages
46. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
The data custodian
Assess the risks to the business operation
Key risk indicator (KRI) setup
Lack of change management
47. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Baseline standard and then develop additional standards
Nondisclosure agreement (NDA)
People
Prioritization
48. Normally addressed through antivirus and antispyware policies.
Malicious software and spyware
Attributes and characteristics of the 'desired state'
Deeper level of analysis
Overall organizational structure
49. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Knowledge management
Patch management process
Decentralization
Total cost of ownership (TCO)
50. Should be performed to identify the risk and determine needed controls.
Residual risk
Data mart
Internal risk assessment
Logon banners
