Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Should be a standard requirement for the service provider.






2. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability






3. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process






4. A risk assessment should be conducted _________________.






5. All within the responsibility of the information security manager.






6. A function of the session keys distributed by the PKI.






7. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.






8. Computer that has duplicate components so it can continue to operate when one of its main components fail






9. The BEST justification to convince management to invest in an information security program is that doing so would _________________.






10. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.






11. Uses security metrics to measure the performance of the information security program.






12. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.






13. Oversees the overall classification management of the information.






14. Information security governance models are highly dependent on the _____________________.






15. When defining the information classification policy - the ___________________ need to be identified.






16. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.






17. Provides strong online authentication.






18. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.






19. In order to highlight to management the importance of network security - the security manager should FIRST _______________.






20. Should PRIMARILY be based on regulatory and legal requirements.






21. By definition are not previously known and therefore are undetectable.






22. Only valid if assets have first been identified and appropriately valued.






23. Cannot be minimized






24. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing






25. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.






26. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.






27. Provide metrics to which outsourcing firms can be held accountable.






28. Has to be integrated into the requirements of every software application's design.






29. Identification and _______________ of business risk enables project managers to address areas with most significance.






30. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.






31. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance






32. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.






33. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.






34. Useful but only with regard to specific technical skills.






35. A notice that guarantees a user or a web site is legitimate






36. A process that helps organizations manipulate important knowledge that is part of the orgs. memory






37. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.






38. The MOST useful way to describe the objectives in the information security strategy is through ______________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


39. A repository of historical data organized by subject to support decision makers in the org






40. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.






41. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.






42. New security ulnerabilities should be managed through a ________________.






43. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.






44. The PRIMARY goal in developing an information security strategy is to: _________________________.






45. Company or person you believe will not send a virus-infect file knowingly






46. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.






47. Ensures that there are no scalability problems.






48. Risk should be reduced to a level that an organization _____________.






49. Occurs after the risk assessment process - it does not measure it.






50. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.