SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Script kiddie
Control risk
Proficiency testing
Lack of change management
2. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Access control matrix
Overall organizational structure
Personal firewall
Get senior management onboard
3. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Proficiency testing
Personal firewall
Biometric access control systems
Transferred risk
4. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Comparison of cost of achievement
Key risk indicator (KRI) setup
Classification of assets needs
Creation of a business continuity plan
5. Responsible for securing the information.
Trojan horse
Cracker
The data custodian
Classification of assets needs
6. Information security governance models are highly dependent on the _____________________.
Role-based policy
Overall organizational structure
MAL wear
All personnel
7. Should be determined from the risk assessment results.
Regulatory compliance
Trojan horse
Overall organizational structure
Audit objectives
8. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
SWOT analysis
Return on security investment (ROSI)
Risk appetite
Logon banners
9. Most effective for evaluating the degree to which information security objectives are being met.
Security risk
Hacker
Creation of a business continuity plan
The balanced scorecard
10. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Process of introducing changes to systems
Audit objectives
Negotiating a local version of the organization standards
Examples of containment defenses
11. A function of the session keys distributed by the PKI.
Confidentiality
Cyber terrorist
Intrusion detection system (IDS)
People
12. Same intent as a cracker but does not have the technical skills and knowledge
Creation of a business continuity plan
Information security manager
Information contained on the equipment
Script kiddie
13. S small warehouse - designed for the end-user needs in a strategic business unit
Annually or whenever there is a significant change
Vulnerability assessment
Data mart
Reduce risk to an acceptable level
14. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Cross-site scripting attacks
Do with the information it collects
Internal risk assessment
Confidentiality
15. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Transferred risk
Cost of control
Data owners
Access control matrix
16. Provides process needs but not impact.
Reduce risk to an acceptable level
Do with the information it collects
Get senior management onboard
Resource dependency assessment
17. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
A network vulnerability assessment
Encryption of the hard disks
Cross-site scripting attacks
Equal error rate (EER)
18. Normally addressed through antivirus and antispyware policies.
Reduce risk to an acceptable level
Malicious software and spyware
Role-based policy
Data classification
19. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Do with the information it collects
Skills inventory
Malicious software and spyware
Worm
20. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Logon banners
Two-factor authentication
Identify the vulnerable systems and apply compensating controls
Encryption of the hard disks
21. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Two-factor authentication
Defined objectives
Performing a risk assessment
Vulnerability assessment
22. Ensures that there are no scalability problems.
People
Annual loss expectancy (ALE)calculations
Support the business objectives of the organization
Stress testing
23. The data owner is responsible for _______________________.
SWOT analysis
Comparison of cost of achievement
What happened and how the breach was resolved
Applying the proper classification to the data
24. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Penetration testing
Waterfall chart
Stress testing
Virus
25. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.
Support the business objectives of the organization
Its ability to reduce or eliminate business risks
Equal error rate (EER)
Get senior management onboard
26. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Continuous analysis - monitoring and feedback
Hacker
Phishing
Lack of change management
27. Has to be integrated into the requirements of every software application's design.
Is willing to accept
Encryption key management
Certificate authority (CA)
Data owners
28. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Its ability to reduce or eliminate business risks
Security baselines
Tie security risks to key business objectives
Properly aligned with business goals and objectives
29. BEST option to improve accountability for a system administrator is to _____________________.
Data owners
Stress testing
Security code reviews for the entire software application
include security responsibilities in a job description
30. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Equal error rate (EER)
Comparison of cost of achievement
Security code reviews for the entire software application
Encryption key management
31. Utility program that detects and protects a personal computer from unauthorized intrusions
Well-defined roles and responsibilities
Worm
Personal firewall
Decentralization
32. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.
Key risk indicator (KRI) setup
Regulatory compliance
Power surge/over voltage (spike)
Acceptable use policies
33. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Defined objectives
Spoofing attacks
Alignment with business strategy
Continuous analysis - monitoring and feedback
34. Programs that act without a user's knowledge and deliberately alter a computer's operations
Data mart
The data owner
Safeguards over keys
MAL wear
35. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Proficiency testing
Increase business value and confidence
Regular review of access control lists
Background check
36. Risk should be reduced to a level that an organization _____________.
A network vulnerability assessment
Is willing to accept
Breakeven point of risk reduction and cost
Worm
37. Would protect against spoofing an internal address but would not provide strong authentication.
IP address packet filtering
Exceptions to policy
Certificate authority (CA)
Encryption key management
38. Useful but only with regard to specific technical skills.
Proficiency testing
Comparison of cost of achievement
Tailgating
Virus detection
39. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Knowledge management
Confidentiality
Is willing to accept
Trusted source
40. To identify known vulnerabilities based on common misconfigurations and missing updates.
Overall organizational structure
Spoofing attacks
Platform security - intrusion detection and antivirus controls
A network vulnerability assessment
41. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Encryption key management
Deeper level of analysis
Total cost of ownership (TCO)
Developing an information security baseline
42. ecurity design flaws require a ____________________.
Control risk
Developing an information security baseline
Well-defined roles and responsibilities
Deeper level of analysis
43. It is easier to manage and control a _________________.
MAL wear
Requirements of the data owners
Centralized structure
Background checks of prospective employees
44. A method for analyzing and reducing a relational database to its most streamlined form
Transmit e-mail messages
Its ability to reduce or eliminate business risks
Normalization
Identify the relevant systems and processes
45. A key indicator of performance measurement.
The information security officer
Strategic alignment of security with business objectives
Annual loss expectancy (ALE)calculations
Reduce risk to an acceptable level
46. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Cyber extortionist
Trusted source
The awareness and agreement of the data subjects
Requirements of the data owners
47. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Properly aligned with business goals and objectives
Spoofing attacks
Creation of a business continuity plan
Data isolation
48. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
The awareness and agreement of the data subjects
Decentralization
Is willing to accept
Gain unauthorized access to applications
49. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
OBusiness case development
Key controls
Decentralization
Monitoring processes
50. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Comparison of cost of achievement
Information contained on the equipment
Exceptions to policy
Script kiddie
