SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Should be a standard requirement for the service provider.
Background check
Control risk
Increase business value and confidence
Reduce risk to an acceptable level
2. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Security risk
The authentication process is broken
Information contained on the equipment
Rule-based access control
3. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Rule-based access control
Single sign-on (SSO) product
Monitoring processes
Control effectiveness
4. A risk assessment should be conducted _________________.
Increase business value and confidence
Annually or whenever there is a significant change
Exceptions to policy
Data owners
5. All within the responsibility of the information security manager.
Compliance with the organization's information security requirements
Platform security - intrusion detection and antivirus controls
Cyber extortionist
Its ability to reduce or eliminate business risks
6. A function of the session keys distributed by the PKI.
Defining high-level business security requirements
Data warehouse
Confidentiality
Notifications and opt-out provisions
7. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Is willing to accept
Continuous monitoring control initiatives
Control effectiveness
Developing an information security baseline
8. Computer that has duplicate components so it can continue to operate when one of its main components fail
Tie security risks to key business objectives
Service level agreements (SLAs)
Fault-tolerant computer
Patch management
9. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Cyber extortionist
Increase business value and confidence
Threat assessment
Monitoring processes
10. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
The balanced scorecard
Risk management and the requirements of the organization
Security awareness training for all employees
Certificate authority (CA)
11. Uses security metrics to measure the performance of the information security program.
The data owner
Information security manager
Decentralization
Prioritization
12. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Calculating the value of the information or asset
Defining high-level business security requirements
Risk assessment - evaluation and impact analysis
Lack of change management
13. Oversees the overall classification management of the information.
Asset classification
Compliance with the organization's information security requirements
Cracker
The information security officer
14. Information security governance models are highly dependent on the _____________________.
Overall organizational structure
Acceptable use policies
Countermeasure cost-benefit analysis
Asset classification
15. When defining the information classification policy - the ___________________ need to be identified.
The database administrator
Platform security - intrusion detection and antivirus controls
Rule-based access control
Requirements of the data owners
16. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
Audit objectives
A network vulnerability assessment
The database administrator
All personnel
17. Provides strong online authentication.
Public key infrastructure (PKI)
Cracker
Transmit e-mail messages
Trusted source
18. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
SWOT analysis
People
Developing an information security baseline
Risk assessment - evaluation and impact analysis
19. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Tie security risks to key business objectives
Patch management process
Virus detection
Conduct a risk assessment
20. Should PRIMARILY be based on regulatory and legal requirements.
Information security manager
Retention of business records
Residual risk
Transmit e-mail messages
21. By definition are not previously known and therefore are undetectable.
Information security manager
Role-based access control
0-day vulnerabilities
Encryption of the hard disks
22. Only valid if assets have first been identified and appropriately valued.
Role-based access control
Annual loss expectancy (ALE)calculations
Cyber extortionist
Detection defenses
23. Cannot be minimized
Inherent risk
Certificate authority (CA)
Strategic alignment of security with business objectives
Identify the vulnerable systems and apply compensating controls
24. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
The database administrator
Malicious software and spyware
Security baselines
Biometric access control systems
25. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Return on security investment (ROSI)
Key risk indicator (KRI) setup
Role-based policy
Retention of business records
26. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Identify the relevant systems and processes
Well-defined roles and responsibilities
Developing an information security baseline
Risk assessment - evaluation and impact analysis
27. Provide metrics to which outsourcing firms can be held accountable.
Stress testing
Virus detection
Normalization
Service level agreements (SLAs)
28. Has to be integrated into the requirements of every software application's design.
Cyber terrorist
Performing a risk assessment
Nondisclosure agreement (NDA)
Encryption key management
29. Identification and _______________ of business risk enables project managers to address areas with most significance.
Prioritization
Increase business value and confidence
Lack of change management
Background checks of prospective employees
30. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Information contained on the equipment
Lack of change management
Malicious software and spyware
SWOT analysis
31. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Comparison of cost of achievement
Applying the proper classification to the data
Hacker
Compliance with the organization's information security requirements
32. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Do with the information it collects
Gap analysis
Resource dependency assessment
Transmit e-mail messages
33. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Annually or whenever there is a significant change
Gain unauthorized access to applications
Performing a risk assessment
Attributes and characteristics of the 'desired state'
34. Useful but only with regard to specific technical skills.
Rule-based access control
Personal firewall
Proficiency testing
Data isolation
35. A notice that guarantees a user or a web site is legitimate
Continuous analysis - monitoring and feedback
Applying the proper classification to the data
Digital certificate
Virus
36. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Encryption of the hard disks
Knowledge management
Defining and ratifying the classification structure of information assets
Identify the vulnerable systems and apply compensating controls
37. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Is willing to accept
The data owner
Owner of the information asset
Comparison of cost of achievement
38. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
39. A repository of historical data organized by subject to support decision makers in the org
Virus
Power surge/over voltage (spike)
Consensus on risks and controls
Data warehouse
40. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Certificate authority (CA)
Role-based policy
Detection defenses
Owner of the information asset
41. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Negotiating a local version of the organization standards
Cracker
Regular review of access control lists
Do with the information it collects
42. New security ulnerabilities should be managed through a ________________.
Applying the proper classification to the data
Return on security investment (ROSI)
Total cost of ownership (TCO)
Patch management process
43. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
What happened and how the breach was resolved
Cyber terrorist
BIA (Business Impact Assessment
Decentralization
44. The PRIMARY goal in developing an information security strategy is to: _________________________.
Script kiddie
Nondisclosure agreement (NDA)
Biometric access control systems
Support the business objectives of the organization
45. Company or person you believe will not send a virus-infect file knowingly
Trusted source
Lack of change management
Return on security investment (ROSI)
Role-based policy
46. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Residual risk would be reduced by a greater amount
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Methodology used in the assessment
Information contained on the equipment
47. Ensures that there are no scalability problems.
Cracker
Normalization
Stress testing
The information security officer
48. Risk should be reduced to a level that an organization _____________.
Encryption of the hard disks
Is willing to accept
BIA (Business Impact Assessment
Overall organizational structure
49. Occurs after the risk assessment process - it does not measure it.
Security baselines
Monitoring processes
Cyber extortionist
Use of security metrics
50. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
The board of directors and senior management
Return on security investment (ROSI)
Encryption key management
Strategic alignment of security with business objectives