Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Whenever personal data are transferred across national boundaries; ________________________ are required.






2. By definition are not previously known and therefore are undetectable.






3. A function of the session keys distributed by the PKI.






4. Provides strong online authentication.






5. The PRIMARY goal in developing an information security strategy is to: _________________________.






6. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.






7. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.






8. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i






9. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.






10. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.






11. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.






12. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance






13. Involves the correction of software weaknesses and would necessarily follow change management procedures.






14. BEST option to improve accountability for a system administrator is to _____________________.






15. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -






16. Useful but only with regard to specific technical skills.






17. Program that hides within or looks like a legit program






18. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.






19. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.






20. Without _____________________ - there cannot be accountability.






21. The MOST useful way to describe the objectives in the information security strategy is through ______________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


22. Used to understand the flow of one process into another.






23. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.






24. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.






25. Most effective for evaluating the degree to which information security objectives are being met.






26. The most important characteristic of good security policies is that they be ____________________.






27. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.






28. Company or person you believe will not send a virus-infect file knowingly






29. A repository of historical data organized by subject to support decision makers in the org






30. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.






31. The job of the information security officer on a management team is to ___________________.






32. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.






33. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.






34. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing






35. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network






36. Occurs when the electrical supply drops






37. Needs to define the access rules - which is troublesome and error prone in large organizations.






38. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.






39. Applications cannot access data associated with other apps






40. Should be a standard requirement for the service provider.






41. The best measure for preventing the unauthorized disclosure of confidential information.






42. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.






43. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.






44. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.






45. It is easier to manage and control a _________________.






46. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.






47. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.






48. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but






49. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.






50. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.