SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
All personnel
Platform security - intrusion detection and antivirus controls
Conduct a risk assessment
Cost of control
2. New security ulnerabilities should be managed through a ________________.
Phishing
Patch management process
Exceptions to policy
Risk management and the requirements of the organization
3. Used to understand the flow of one process into another.
Waterfall chart
Biometric access control systems
The data custodian
include security responsibilities in a job description
4. When defining the information classification policy - the ___________________ need to be identified.
Requirements of the data owners
Malicious software and spyware
Retention of business records
Personal firewall
5. A function of the session keys distributed by the PKI.
Annual loss expectancy (ALE)calculations
Confidentiality
Owner of the information asset
Use of security metrics
6. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
The board of directors and senior management
Worm
Stress testing
Centralized structure
7. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Continuous analysis - monitoring and feedback
SWOT analysis
Vulnerability assessment
Proficiency testing
8. Same intent as a cracker but does not have the technical skills and knowledge
Identify the vulnerable systems and apply compensating controls
Script kiddie
Information security manager
Single sign-on (SSO) product
9. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Support the business objectives of the organization
Phishing
Data owners
Data warehouse
10. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Key risk indicator (KRI) setup
Reduce risk to an acceptable level
Rule-based access control
Patch management
11. A method for analyzing and reducing a relational database to its most streamlined form
Normalization
Data classification
Phishing
Properly aligned with business goals and objectives
12. Ensures that there are no scalability problems.
MAL wear
Acceptable use policies
Stress testing
Power surge/over voltage (spike)
13. The data owner is responsible for _______________________.
Support the business objectives of the organization
Trojan horse
Continuous monitoring control initiatives
Applying the proper classification to the data
14. Someone who accesses a computer or network illegally
Hacker
Regular review of access control lists
Performing a risk assessment
Impractical and is often cost-prohibitive
15. A Successful risk management should lead to a ________________.
Patch management process
Breakeven point of risk reduction and cost
Acceptable use policies
Penetration testing
16. Should be performed to identify the risk and determine needed controls.
Internal risk assessment
Is willing to accept
Trusted source
Developing an information security baseline
17. ecurity design flaws require a ____________________.
Deeper level of analysis
The board of directors and senior management
Alignment with business strategy
All personnel
18. When the ________________ is more than the cost of the risk - the risk should be accepted.
Tailgating
Security risk
Biometric access control systems
Cost of control
19. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Access control matrix
Information contained on the equipment
Confidentiality
Residual risk would be reduced by a greater amount
20. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Reduce risk to an acceptable level
People
Notifications and opt-out provisions
Skills inventory
21. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Decentralization
Data isolation
Countermeasure cost-benefit analysis
Background check
22. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Information security manager
Annually or whenever there is a significant change
Safeguards over keys
Residual risk would be reduced by a greater amount
23. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.
Service level agreements (SLAs)
Regulatory compliance
Rule-based access control
Methodology used in the assessment
24. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Information contained on the equipment
Classification of assets needs
Centralized structure
Centralization of information security management
25. Occurs when the incoming level
Power surge/over voltage (spike)
Intrusion detection system (IDS)
Continuous monitoring control initiatives
Get senior management onboard
26. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Overall organizational structure
Control effectiveness
Identify the vulnerable systems and apply compensating controls
Strategic alignment of security with business objectives
27. Would protect against spoofing an internal address but would not provide strong authentication.
Asset classification
Defining high-level business security requirements
Control effectiveness
IP address packet filtering
28. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Comparison of cost of achievement
Encryption
Cyber extortionist
Certificate authority (CA)
29. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
Cracker
Cyber terrorist
The authentication process is broken
Risk appetite
30. BEST option to improve accountability for a system administrator is to _____________________.
Residual risk would be reduced by a greater amount
Breakeven point of risk reduction and cost
include security responsibilities in a job description
Continuous monitoring control initiatives
31. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Do with the information it collects
Trusted source
Trojan horse
Overall organizational structure
32. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Process of introducing changes to systems
Worm
Undervoltage (brownout)
Data owners
33. It is easier to manage and control a _________________.
Reduce risk to an acceptable level
Centralized structure
Performing a risk assessment
Calculating the value of the information or asset
34. Provides process needs but not impact.
Retention of business records
Countermeasure cost-benefit analysis
Phishing
Resource dependency assessment
35. A risk assessment should be conducted _________________.
Background check
Encryption key management
Spoofing attacks
Annually or whenever there is a significant change
36. Culture has a significant impact on how information security will be implemented in a ______________________.
Monitoring processes
Multinational organization
Digital signatures
Phishing
37. Carries out the technical administration.
Get senior management onboard
The database administrator
Tie security risks to key business objectives
Overall organizational structure
38. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Creation of a business continuity plan
Nondisclosure agreement (NDA)
Access control matrix
The information security officer
39. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Breakeven point of risk reduction and cost
Protective switch covers
Biometric access control systems
Power surge/over voltage (spike)
40. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Baseline standard and then develop additional standards
Control effectiveness
BIA (Business Impact Assessment
Encryption
41. S small warehouse - designed for the end-user needs in a strategic business unit
Control effectiveness
Continuous monitoring control initiatives
Risk appetite
Data mart
42. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Public key infrastructure (PKI)
Tailgating
Baseline standard and then develop additional standards
include security responsibilities in a job description
43. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
Information security manager
What happened and how the breach was resolved
Two-factor authentication
Consensus on risks and controls
44. The job of the information security officer on a management team is to ___________________.
Tie security risks to key business objectives
Methodology used in the assessment
Assess the risks to the business operation
Conduct a risk assessment
45. The best measure for preventing the unauthorized disclosure of confidential information.
Acceptable use policies
Background check
Multinational organization
Protective switch covers
46. Company or person you believe will not send a virus-infect file knowingly
Trusted source
Overall organizational structure
Requirements of the data owners
Asset classification
47. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Key controls
Two-factor authentication
Security risk
Background checks of prospective employees
48. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Acceptable use policies
Security baselines
Intrusion detection system (IDS)
Stress testing
49. Useful but only with regard to specific technical skills.
Performing a risk assessment
Proficiency testing
Transmit e-mail messages
Transferred risk
50. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
What happened and how the breach was resolved
Regulatory compliance
Comparison of cost of achievement
Control risk
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests