SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. provides the most effective protection of data on mobile devices.
OBusiness case development
Get senior management onboard
Increase business value and confidence
Encryption
2. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
3. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Assess the risks to the business operation
Skills inventory
Defining and ratifying the classification structure of information assets
Gap analysis
4. Company or person you believe will not send a virus-infect file knowingly
Multinational organization
Properly aligned with business goals and objectives
Waterfall chart
Trusted source
5. Someone who accesses a computer or network illegally
Penetration testing
The data owner
Hacker
Get senior management onboard
6. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Digital signatures
The awareness and agreement of the data subjects
Threat assessment
Data classification
7. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Patch management process
Lack of change management
Certificate authority (CA)
Protective switch covers
8. Program that hides within or looks like a legit program
Strategic alignment of security with business objectives
Increase business value and confidence
The information security officer
Trojan horse
9. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Assess the risks to the business operation
Single sign-on (SSO) product
Exceptions to policy
Alignment with business strategy
10. Computer that has duplicate components so it can continue to operate when one of its main components fail
Normalization
Fault-tolerant computer
Breakeven point of risk reduction and cost
Inherent risk
11. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Security baselines
Logon banners
Key risk indicator (KRI) setup
BIA (Business Impact Assessment
12. Only valid if assets have first been identified and appropriately valued.
Defining and ratifying the classification structure of information assets
Annual loss expectancy (ALE)calculations
Virus detection
OBusiness case development
13. S small warehouse - designed for the end-user needs in a strategic business unit
Reduce risk to an acceptable level
People
Role-based access control
Data mart
14. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Negotiating a local version of the organization standards
The data custodian
Gain unauthorized access to applications
Intrusion detection system (IDS)
15. The MOST important element of an information security strategy.
Continuous analysis - monitoring and feedback
Defined objectives
Background check
Alignment with business strategy
16. By definition are not previously known and therefore are undetectable.
Get senior management onboard
0-day vulnerabilities
Deeper level of analysis
Public key infrastructure (PKI)
17. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Process of introducing changes to systems
Calculating the value of the information or asset
Confidentiality
People
18. The data owner is responsible for _______________________.
Requirements of the data owners
Fault-tolerant computer
Applying the proper classification to the data
Power surge/over voltage (spike)
19. Applications cannot access data associated with other apps
What happened and how the breach was resolved
Compliance with the organization's information security requirements
Support the business objectives of the organization
Data isolation
20. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Process of introducing changes to systems
Transmit e-mail messages
The data custodian
21. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
22. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Continuous analysis - monitoring and feedback
Requirements of the data owners
Safeguards over keys
Risk assessment - evaluation and impact analysis
23. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Gap analysis
Get senior management onboard
Classification of assets needs
The board of directors and senior management
24. It is easier to manage and control a _________________.
Background check
Stress testing
Phishing
Centralized structure
25. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Rule-based access control
Performing a risk assessment
Do with the information it collects
Hacker
26. Someone who uses the internet or network to destroy or damage computers for political reasons
Trojan horse
Proficiency testing
Prioritization
Cyber terrorist
27. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Intrusion detection system (IDS)
Rule-based access control
Logon banners
Virus
28. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Defining high-level business security requirements
Continuous monitoring control initiatives
Asset classification
BIA (Business Impact Assessment
29. Cannot be minimized
Increase business value and confidence
Inherent risk
Information security manager
Security baselines
30. Should be a standard requirement for the service provider.
Annual loss expectancy (ALE)calculations
Aligned with organizational goals
Background check
Key risk indicator (KRI) setup
31. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
The balanced scorecard
Equal error rate (EER)
Well-defined roles and responsibilities
Do with the information it collects
32. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Exceptions to policy
Assess the risks to the business operation
Cyber extortionist
Properly aligned with business goals and objectives
33. Has full responsibility over data.
Cyber terrorist
Encryption key management
The data owner
Malicious software and spyware
34. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Threat assessment
Regular review of access control lists
Security risk
Continuous analysis - monitoring and feedback
35. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Gap analysis
Detection defenses
SWOT analysis
BIA (Business Impact Assessment
36. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Background checks of prospective employees
Transferred risk
Patch management process
Developing an information security baseline
37. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Penetration testing
Service level agreements (SLAs)
Security code reviews for the entire software application
Increase business value and confidence
38. When defining the information classification policy - the ___________________ need to be identified.
Risk assessment - evaluation and impact analysis
Properly aligned with business goals and objectives
Requirements of the data owners
Countermeasure cost-benefit analysis
39. The most important characteristic of good security policies is that they be ____________________.
Calculating the value of the information or asset
Annually or whenever there is a significant change
Risk management and the requirements of the organization
Aligned with organizational goals
40. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Threat assessment
Confidentiality
Multinational organization
Creation of a business continuity plan
41. Programs that act without a user's knowledge and deliberately alter a computer's operations
Skills inventory
Encryption
Transferred risk
MAL wear
42. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Identify the relevant systems and processes
Regular review of access control lists
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Security risk
43. Whenever personal data are transferred across national boundaries; ________________________ are required.
Identify the relevant systems and processes
The awareness and agreement of the data subjects
Continuous analysis - monitoring and feedback
Defining high-level business security requirements
44. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Calculating the value of the information or asset
The balanced scorecard
Residual risk would be reduced by a greater amount
Role-based policy
45. Information security governance models are highly dependent on the _____________________.
Hacker
Overall organizational structure
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Patch management process
46. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Do with the information it collects
Power surge/over voltage (spike)
Information contained on the equipment
Defining and ratifying the classification structure of information assets
47. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Virus
IP address packet filtering
Data owners
Identify the relevant systems and processes
48. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Intrusion detection system (IDS)
Biometric access control systems
Centralization of information security management
Examples of containment defenses
49. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Reduce risk to an acceptable level
Identify the relevant systems and processes
Monitoring processes
Data isolation
50. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Defined objectives
Requirements of the data owners
Comparison of cost of achievement
Methodology used in the assessment