SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Useful but only with regard to specific technical skills.
Information security manager
The board of directors and senior management
Proficiency testing
Virus
2. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Prioritization
Skills inventory
Logon banners
Developing an information security baseline
3. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
People
OBusiness case development
Cracker
Penetration testing
4. Occurs when the incoming level
Power surge/over voltage (spike)
Confidentiality
Get senior management onboard
Comparison of cost of achievement
5. Ensures that there are no scalability problems.
Calculating the value of the information or asset
Tailgating
Stress testing
Owner of the information asset
6. Information security governance models are highly dependent on the _____________________.
Lack of change management
Data mart
Risk assessment - evaluation and impact analysis
Overall organizational structure
7. When defining the information classification policy - the ___________________ need to be identified.
Retention of business records
Digital signatures
Requirements of the data owners
Gap analysis
8. The best measure for preventing the unauthorized disclosure of confidential information.
Defined objectives
Acceptable use policies
Cyber terrorist
Knowledge management
9. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Stress testing
Trojan horse
Script kiddie
Notifications and opt-out provisions
10. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Support the business objectives of the organization
Control risk
Patch management process
The database administrator
11. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Hacker
Virus detection
OBusiness case development
BIA (Business Impact Assessment
12. The MOST important element of an information security strategy.
Risk management and the requirements of the organization
Knowledge management
Defined objectives
Security code reviews for the entire software application
13. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Background checks of prospective employees
Protective switch covers
Transmit e-mail messages
Rule-based access control
14. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Transferred risk
Security risk
Control risk
Control effectiveness
15. Programs that act without a user's knowledge and deliberately alter a computer's operations
Patch management process
Developing an information security baseline
Decentralization
MAL wear
16. Someone who uses the internet or network to destroy or damage computers for political reasons
Cyber terrorist
Centralized structure
Vulnerability assessment
SWOT analysis
17. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Deeper level of analysis
Security risk
Two-factor authentication
Trusted source
18. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Centralization of information security management
Acceptable use policies
MAL wear
Identify the vulnerable systems and apply compensating controls
19. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Conduct a risk assessment
Certificate authority (CA)
Support the business objectives of the organization
Vulnerability assessment
20. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Patch management process
Worm
Acceptable use policies
Information contained on the equipment
21. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Control effectiveness
Power surge/over voltage (spike)
Cyber extortionist
Security risk
22. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Residual risk
Risk appetite
Key controls
Centralization of information security management
23. Focuses on identifying vulnerabilities.
Role-based access control
Penetration testing
Access control matrix
Risk appetite
24. Primarily reduce risk and are most effective for the protection of information assets.
Key controls
Internal risk assessment
Tailgating
Knowledge management
25. Without _____________________ - there cannot be accountability.
Well-defined roles and responsibilities
Security awareness training for all employees
Safeguards over keys
Encryption
26. New security ulnerabilities should be managed through a ________________.
Patch management process
BIA (Business Impact Assessment
Developing an information security baseline
Transmit e-mail messages
27. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Continuous monitoring control initiatives
MAL wear
Single sign-on (SSO) product
Biometric access control systems
28. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Internal risk assessment
Tie security risks to key business objectives
Performing a risk assessment
Risk assessment - evaluation and impact analysis
29. A notice that guarantees a user or a web site is legitimate
Digital certificate
include security responsibilities in a job description
Intrusion detection system (IDS)
The authentication process is broken
30. Program that hides within or looks like a legit program
Examples of containment defenses
Trojan horse
Role-based access control
Penetration testing
31. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Public key infrastructure (PKI)
Classification of assets needs
Return on security investment (ROSI)
Calculating the value of the information or asset
32. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Transmit e-mail messages
Tailgating
Knowledge management
Decentralization
33. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Impractical and is often cost-prohibitive
Process of introducing changes to systems
Background check
Data owners
34. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Role-based policy
Cracker
Baseline standard and then develop additional standards
Safeguards over keys
35. A key indicator of performance measurement.
Compliance with the organization's information security requirements
Worm
Get senior management onboard
Strategic alignment of security with business objectives
36. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Resource dependency assessment
Defining high-level business security requirements
Data mart
Gain unauthorized access to applications
37. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Safeguards over keys
Consensus on risks and controls
Transmit e-mail messages
Identify the vulnerable systems and apply compensating controls
38. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Tie security risks to key business objectives
Background checks of prospective employees
All personnel
Knowledge management
39. S small warehouse - designed for the end-user needs in a strategic business unit
Undervoltage (brownout)
Data mart
Residual risk would be reduced by a greater amount
Control risk
40. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Role-based policy
0-day vulnerabilities
include security responsibilities in a job description
Public key infrastructure (PKI)
41. Provides process needs but not impact.
Annual loss expectancy (ALE)calculations
Encryption
Residual risk would be reduced by a greater amount
Resource dependency assessment
42. Identification and _______________ of business risk enables project managers to address areas with most significance.
Exceptions to policy
Biometric access control systems
Prioritization
Penetration testing
43. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Encryption key management
Creation of a business continuity plan
Process of introducing changes to systems
Asset classification
44. Applications cannot access data associated with other apps
Data isolation
Trojan horse
Tie security risks to key business objectives
Encryption
45. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Security awareness training for all employees
Control effectiveness
Public key infrastructure (PKI)
Security code reviews for the entire software application
46. Someone who accesses a computer or network illegally
Virus
Hacker
Phishing
Protective switch covers
47. A Successful risk management should lead to a ________________.
Annual loss expectancy (ALE)calculations
Power surge/over voltage (spike)
Breakeven point of risk reduction and cost
Identify the relevant systems and processes
48. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Key controls
Encryption
IP address packet filtering
Return on security investment (ROSI)
49. Should be a standard requirement for the service provider.
Lack of change management
Background check
Risk management and the requirements of the organization
Applying the proper classification to the data
50. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Baseline standard and then develop additional standards
Process of introducing changes to systems
Access control matrix
Cost of control