SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Certificate authority (CA)
IP address packet filtering
Gain unauthorized access to applications
Patch management process
2. Normally addressed through antivirus and antispyware policies.
Its ability to reduce or eliminate business risks
Key risk indicator (KRI) setup
Decentralization
Malicious software and spyware
3. Risk should be reduced to a level that an organization _____________.
Is willing to accept
Residual risk
Certificate authority (CA)
Defined objectives
4. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Defining and ratifying the classification structure of information assets
Is willing to accept
Waterfall chart
Comparison of cost of achievement
5. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Risk appetite
Residual risk would be reduced by a greater amount
Return on security investment (ROSI)
Intrusion detection system (IDS)
6. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Data mart
Calculating the value of the information or asset
Owner of the information asset
Developing an information security baseline
7. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
All personnel
Creation of a business continuity plan
Access control matrix
Cross-site scripting attacks
8. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Patch management
Skills inventory
Logon banners
The balanced scorecard
9. A repository of historical data organized by subject to support decision makers in the org
Data warehouse
Spoofing attacks
Creation of a business continuity plan
Total cost of ownership (TCO)
10. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
All personnel
Monitoring processes
Process of introducing changes to systems
Compliance with the organization's information security requirements
11. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Increase business value and confidence
Security baselines
Support the business objectives of the organization
Control effectiveness
12. A key indicator of performance measurement.
Conduct a risk assessment
Security awareness training for all employees
Return on security investment (ROSI)
Strategic alignment of security with business objectives
13. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Increase business value and confidence
Role-based access control
The data custodian
Conduct a risk assessment
14. To identify known vulnerabilities based on common misconfigurations and missing updates.
Strategic alignment of security with business objectives
Risk appetite
Annual loss expectancy (ALE)calculations
A network vulnerability assessment
15. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Overall organizational structure
Centralization of information security management
Equal error rate (EER)
Skills inventory
16. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Regular review of access control lists
Security awareness training for all employees
Certificate authority (CA)
Acceptable use policies
17. Would protect against spoofing an internal address but would not provide strong authentication.
IP address packet filtering
Confidentiality
The data custodian
Data mart
18. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
Get senior management onboard
OBusiness case development
Resource dependency assessment
Worm
19. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Spoofing attacks
Two-factor authentication
Vulnerability assessment
Tailgating
20. An information security manager has to impress upon the human resources department the need for _____________________.
Negotiating a local version of the organization standards
Virus
Security awareness training for all employees
Role-based policy
21. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
BIA (Business Impact Assessment
Defined objectives
Public key infrastructure (PKI)
Monitoring processes
22. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Rule-based access control
include security responsibilities in a job description
Identify the relevant systems and processes
Attributes and characteristics of the 'desired state'
23. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Owner of the information asset
BIA (Business Impact Assessment
Creation of a business continuity plan
Notifications and opt-out provisions
24. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Hacker
Access control matrix
Information security manager
Risk appetite
25. A notice that guarantees a user or a web site is legitimate
Digital certificate
Strategic alignment of security with business objectives
Proficiency testing
Cross-site scripting attacks
26. Has full responsibility over data.
Stress testing
Aligned with organizational goals
Comparison of cost of achievement
The data owner
27. Company or person you believe will not send a virus-infect file knowingly
Impractical and is often cost-prohibitive
Notifications and opt-out provisions
Security awareness training for all employees
Trusted source
28. ecurity design flaws require a ____________________.
Methodology used in the assessment
Rule-based access control
Deeper level of analysis
Normalization
29. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Protective switch covers
People
Residual risk
Support the business objectives of the organization
30. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Vulnerability assessment
Countermeasure cost-benefit analysis
Trusted source
Notifications and opt-out provisions
31. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Monitoring processes
Biometric access control systems
Intrusion detection system (IDS)
Centralized structure
32. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Virus detection
Key controls
Total cost of ownership (TCO)
Undervoltage (brownout)
33. A risk assessment should be conducted _________________.
Annually or whenever there is a significant change
Applying the proper classification to the data
The balanced scorecard
The database administrator
34. Should be performed to identify the risk and determine needed controls.
Internal risk assessment
Multinational organization
Defining and ratifying the classification structure of information assets
Use of security metrics
35. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Consensus on risks and controls
The awareness and agreement of the data subjects
Undervoltage (brownout)
Cyber terrorist
36. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Phishing
Negotiating a local version of the organization standards
Its ability to reduce or eliminate business risks
Annually or whenever there is a significant change
37. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Transmit e-mail messages
Knowledge management
Decentralization
Continuous analysis - monitoring and feedback
38. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Total cost of ownership (TCO)
Biometric access control systems
Access control matrix
Baseline standard and then develop additional standards
39. Programs that act without a user's knowledge and deliberately alter a computer's operations
MAL wear
Protective switch covers
Key controls
Data classification
40. By definition are not previously known and therefore are undetectable.
Continuous monitoring control initiatives
Fault-tolerant computer
0-day vulnerabilities
Do with the information it collects
41. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Virus detection
Increase business value and confidence
Logon banners
Cyber extortionist
42. Responsible for securing the information.
Digital signatures
The data custodian
Gain unauthorized access to applications
Nondisclosure agreement (NDA)
43. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
The awareness and agreement of the data subjects
Process of introducing changes to systems
SWOT analysis
Owner of the information asset
44. Applications cannot access data associated with other apps
Risk appetite
Data isolation
Residual risk would be reduced by a greater amount
Defining high-level business security requirements
45. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Risk management and the requirements of the organization
Undervoltage (brownout)
Control effectiveness
Equal error rate (EER)
46. The most important characteristic of good security policies is that they be ____________________.
Identify the vulnerable systems and apply compensating controls
The data owner
Aligned with organizational goals
Patch management process
47. Should be a standard requirement for the service provider.
Background check
Its ability to reduce or eliminate business risks
Creation of a business continuity plan
Return on security investment (ROSI)
48. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Key risk indicator (KRI) setup
Consensus on risks and controls
Overall organizational structure
Internal risk assessment
49. Provides strong online authentication.
Residual risk
Gain unauthorized access to applications
Public key infrastructure (PKI)
Defining and ratifying the classification structure of information assets
50. Occurs when the electrical supply drops
Security code reviews for the entire software application
Undervoltage (brownout)
Security baselines
Asset classification
