SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Performing a risk assessment
Regular review of access control lists
Control effectiveness
Digital certificate
2. By definition are not previously known and therefore are undetectable.
0-day vulnerabilities
Resource dependency assessment
Inherent risk
BIA (Business Impact Assessment
3. Should PRIMARILY be based on regulatory and legal requirements.
Internal risk assessment
Compliance with the organization's information security requirements
Retention of business records
Centralization of information security management
4. Provides process needs but not impact.
IP address packet filtering
Impractical and is often cost-prohibitive
Resource dependency assessment
Comparison of cost of achievement
5. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Nondisclosure agreement (NDA)
Overall organizational structure
Consensus on risks and controls
Penetration testing
6. A function of the session keys distributed by the PKI.
Calculating the value of the information or asset
Confidentiality
Data owners
Access control matrix
7. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Security risk
Annual loss expectancy (ALE)calculations
Information contained on the equipment
Developing an information security baseline
8. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Information contained on the equipment
Vulnerability assessment
Residual risk
9. Ensure that transmitted information can be attributed to the named sender.
Data mart
Creation of a business continuity plan
Breakeven point of risk reduction and cost
Digital signatures
10. Without _____________________ - there cannot be accountability.
Well-defined roles and responsibilities
Annually or whenever there is a significant change
Compliance with the organization's information security requirements
People
11. Whenever personal data are transferred across national boundaries; ________________________ are required.
Threat assessment
The awareness and agreement of the data subjects
Well-defined roles and responsibilities
Its ability to reduce or eliminate business risks
12. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
Protective switch covers
Performing a risk assessment
Get senior management onboard
Monitoring processes
13. A repository of historical data organized by subject to support decision makers in the org
include security responsibilities in a job description
Cyber terrorist
Data warehouse
Security risk
14. Reducing risk to a level too small to measure is _______________.
Worm
Cyber extortionist
The awareness and agreement of the data subjects
Impractical and is often cost-prohibitive
15. Someone who accesses a computer or network illegally
Data isolation
Hacker
Annually or whenever there is a significant change
What happened and how the breach was resolved
16. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Continuous analysis - monitoring and feedback
Role-based access control
The database administrator
Performing a risk assessment
17. Culture has a significant impact on how information security will be implemented in a ______________________.
Multinational organization
Defined objectives
Single sign-on (SSO) product
Exceptions to policy
18. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Threat assessment
Personal firewall
Hacker
Centralized structure
19. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Residual risk would be reduced by a greater amount
Tailgating
Patch management
Information security manager
20. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Monitoring processes
Worm
Skills inventory
Creation of a business continuity plan
21. Focuses on identifying vulnerabilities.
Examples of containment defenses
include security responsibilities in a job description
Background checks of prospective employees
Penetration testing
22. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Well-defined roles and responsibilities
Security baselines
Risk management and the requirements of the organization
Information contained on the equipment
23. It is easier to manage and control a _________________.
Centralized structure
Regulatory compliance
Consensus on risks and controls
Is willing to accept
24. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Undervoltage (brownout)
Nondisclosure agreement (NDA)
Biometric access control systems
Conduct a risk assessment
25. The job of the information security officer on a management team is to ___________________.
Developing an information security baseline
Defining and ratifying the classification structure of information assets
Assess the risks to the business operation
Overall organizational structure
26. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Decentralization
Waterfall chart
Tie security risks to key business objectives
OBusiness case development
27. Cannot be minimized
Data mart
Retention of business records
Inherent risk
Stress testing
28. A key indicator of performance measurement.
Encryption key management
Risk management and the requirements of the organization
Attributes and characteristics of the 'desired state'
Strategic alignment of security with business objectives
29. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Increase business value and confidence
Data owners
Security risk
Single sign-on (SSO) product
30. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Multinational organization
Platform security - intrusion detection and antivirus controls
Return on security investment (ROSI)
Consensus on risks and controls
31. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Notifications and opt-out provisions
Role-based policy
Security awareness training for all employees
Key controls
32. BEST option to improve accountability for a system administrator is to _____________________.
Its ability to reduce or eliminate business risks
include security responsibilities in a job description
Cryptographic secure sockets layer (SSL) implementations and short key lengths
MAL wear
33. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
34. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Centralization of information security management
Role-based access control
Rule-based access control
Security risk
35. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Gap analysis
Detection defenses
Service level agreements (SLAs)
Calculating the value of the information or asset
36. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
A network vulnerability assessment
Developing an information security baseline
Logon banners
Baseline standard and then develop additional standards
37. The PRIMARY goal in developing an information security strategy is to: _________________________.
Assess the risks to the business operation
Data warehouse
Support the business objectives of the organization
IP address packet filtering
38. Occurs when the incoming level
Biometric access control systems
Power surge/over voltage (spike)
Defining high-level business security requirements
Breakeven point of risk reduction and cost
39. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
SWOT analysis
Classification of assets needs
Security code reviews for the entire software application
What happened and how the breach was resolved
40. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Acceptable use policies
Detection defenses
Control effectiveness
Protective switch covers
41. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Data mart
People
Use of security metrics
SWOT analysis
42. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Rule-based access control
What happened and how the breach was resolved
Certificate authority (CA)
Return on security investment (ROSI)
43. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
Overall organizational structure
The authentication process is broken
Normalization
0-day vulnerabilities
44. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Use of security metrics
Power surge/over voltage (spike)
Equal error rate (EER)
MAL wear
45. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Continuous monitoring control initiatives
Cyber extortionist
Comparison of cost of achievement
Baseline standard and then develop additional standards
46. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Transmit e-mail messages
Continuous monitoring control initiatives
Defined objectives
Continuous analysis - monitoring and feedback
47. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Asset classification
Owner of the information asset
Threat assessment
Use of security metrics
48. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Data warehouse
Use of security metrics
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Regulatory compliance
49. Most effective for evaluating the degree to which information security objectives are being met.
The balanced scorecard
Personal firewall
Aligned with organizational goals
Access control matrix
50. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
SWOT analysis
Methodology used in the assessment
Identify the vulnerable systems and apply compensating controls
Attributes and characteristics of the 'desired state'