Test your basic knowledge |

CISM: Certified Information Security Manager

Subjects : certifications, cism, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Most effective for evaluating the degree to which information security objectives are being met.
include security responsibilities in a job description
The balanced scorecard
Control effectiveness
Creation of a business continuity plan

2. Ensures that there are no scalability problems.
Strategic alignment of security with business objectives
Attributes and characteristics of the 'desired state'
Lack of change management
Stress testing

3. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Identify the relevant systems and processes
Owner of the information asset
Undervoltage (brownout)
Key controls

4. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Undervoltage (brownout)
Exceptions to policy
Access control matrix
Consensus on risks and controls

5. Awareness - training and physical security defenses.
Notifications and opt-out provisions
Examples of containment defenses
Transmit e-mail messages
Countermeasure cost-benefit analysis

6. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Two-factor authentication
Confidentiality
Nondisclosure agreement (NDA)
Owner of the information asset

7. To identify known vulnerabilities based on common misconfigurations and missing updates.
Acceptable use policies
A network vulnerability assessment
Spoofing attacks
Security risk

8. It is easier to manage and control a _________________.
Decentralization
Centralized structure
Attributes and characteristics of the 'desired state'
Stress testing

9. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Biometric access control systems
Continuous analysis - monitoring and feedback
Decentralization
Cryptographic secure sockets layer (SSL) implementations and short key lengths

10. Program that hides within or looks like a legit program
Encryption of the hard disks
The authentication process is broken
Trojan horse
Methodology used in the assessment

11. Needs to define the access rules - which is troublesome and error prone in large organizations.
Retention of business records
Rule-based access control
Service level agreements (SLAs)
Two-factor authentication

12. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Resource dependency assessment
Conduct a risk assessment
Regular review of access control lists
Do with the information it collects

13. Provides process needs but not impact.
Resource dependency assessment
Digital certificate
Baseline standard and then develop additional standards
The balanced scorecard

14. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Tie security risks to key business objectives
Regulatory compliance
Proficiency testing
Transferred risk

15. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Comparison of cost of achievement
Public key infrastructure (PKI)
Access control matrix
Key controls

16. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Data classification
Confidentiality
IP address packet filtering
Residual risk would be reduced by a greater amount

17. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Nondisclosure agreement (NDA)
Methodology used in the assessment
Patch management process
Patch management

18. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
The board of directors and senior management
Encryption of the hard disks
Vulnerability assessment
Safeguards over keys

19. Has full responsibility over data.
The data owner
Reduce risk to an acceptable level
Personal firewall
Nondisclosure agreement (NDA)

20. Occurs when the electrical supply drops
Monitoring processes
Undervoltage (brownout)
Exceptions to policy
Increase business value and confidence

21. Identification and _______________ of business risk enables project managers to address areas with most significance.
Multinational organization
Prioritization
Security awareness training for all employees
Asset classification

22. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Public key infrastructure (PKI)
Owner of the information asset
Continuous monitoring control initiatives
Threat assessment

23. Cannot be minimized
Retention of business records
Inherent risk
Intrusion detection system (IDS)
Gap analysis

24. By definition are not previously known and therefore are undetectable.
0-day vulnerabilities
Undervoltage (brownout)
Requirements of the data owners
Data isolation

25. S small warehouse - designed for the end-user needs in a strategic business unit
Regular review of access control lists
Data mart
Defining high-level business security requirements
Cost of control

26. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Total cost of ownership (TCO)
Deeper level of analysis
Annually or whenever there is a significant change
Internal risk assessment

27. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Hacker
Tie security risks to key business objectives
Notifications and opt-out provisions
Compliance with the organization's information security requirements

28. Utility program that detects and protects a personal computer from unauthorized intrusions
Cyber terrorist
Performing a risk assessment
Personal firewall
Skills inventory

29. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
What happened and how the breach was resolved
Is willing to accept
Risk management and the requirements of the organization
Information contained on the equipment

30. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Data isolation
Exceptions to policy
Calculating the value of the information or asset
Digital signatures

31. Applications cannot access data associated with other apps
Safeguards over keys
Spoofing attacks
Public key infrastructure (PKI)
Data isolation

32. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Decentralization
Encryption of the hard disks
Rule-based access control
Methodology used in the assessment

33. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Process of introducing changes to systems
Waterfall chart
Virus
The information security officer

34. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Data isolation
Intrusion detection system (IDS)
Information security manager
The balanced scorecard

35. Risk should be reduced to a level that an organization _____________.
Safeguards over keys
Is willing to accept
Cost of control
People

36. Accesses a computer or network illegally
The information security officer
Cracker
IP address packet filtering
Skills inventory

37. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Comparison of cost of achievement
Risk assessment - evaluation and impact analysis
Annually or whenever there is a significant change
Conduct a risk assessment

38. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
All personnel
Tie security risks to key business objectives
Examples of containment defenses
Annual loss expectancy (ALE)calculations

39. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
People
Process of introducing changes to systems
Tailgating
Strategic alignment of security with business objectives

40. Has to be integrated into the requirements of every software application's design.
Single sign-on (SSO) product
Residual risk would be reduced by a greater amount
Cross-site scripting attacks
Encryption key management

41. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Nondisclosure agreement (NDA)
Safeguards over keys
Personal firewall
Annually or whenever there is a significant change

42. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Performing a risk assessment
Virus detection
What happened and how the breach was resolved
Single sign-on (SSO) product

43. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Logon banners
include security responsibilities in a job description
Get senior management onboard
Developing an information security baseline

44. The MOST useful way to describe the objectives in the information security strategy is through ______________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

45. A notice that guarantees a user or a web site is legitimate
Certificate authority (CA)
Vulnerability assessment
Digital certificate
Continuous monitoring control initiatives

46. BEST option to improve accountability for a system administrator is to _____________________.
Multinational organization
include security responsibilities in a job description
Continuous monitoring control initiatives
Strategic alignment of security with business objectives

47. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Transmit e-mail messages
Classification of assets needs
Consensus on risks and controls
People

48. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Trojan horse
Owner of the information asset
Digital signatures
Virus

49. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Proficiency testing
Role-based access control
Strategic alignment of security with business objectives
Baseline standard and then develop additional standards

50. A function of the session keys distributed by the PKI.
Breakeven point of risk reduction and cost
Transferred risk
Confidentiality
Data warehouse

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISM: Certified Information Security Manager

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests