SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Only valid if assets have first been identified and appropriately valued.
Annual loss expectancy (ALE)calculations
Penetration testing
Alignment with business strategy
Get senior management onboard
2. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Annual loss expectancy (ALE)calculations
Information contained on the equipment
Attributes and characteristics of the 'desired state'
Security code reviews for the entire software application
3. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
The balanced scorecard
Threat assessment
Identify the relevant systems and processes
Stress testing
4. Risk should be reduced to a level that an organization _____________.
Trusted source
Negotiating a local version of the organization standards
Defining and ratifying the classification structure of information assets
Is willing to accept
5. Someone who uses the internet or network to destroy or damage computers for political reasons
Intrusion detection system (IDS)
Cyber terrorist
Background checks of prospective employees
Retention of business records
6. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Two-factor authentication
Protective switch covers
Equal error rate (EER)
Centralization of information security management
7. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
8. Should be performed to identify the risk and determine needed controls.
Strategic alignment of security with business objectives
Hacker
Risk assessment - evaluation and impact analysis
Internal risk assessment
9. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Tailgating
Conduct a risk assessment
Virus
Continuous monitoring control initiatives
10. Used to understand the flow of one process into another.
Annually or whenever there is a significant change
Background check
Waterfall chart
Certificate authority (CA)
11. Normally addressed through antivirus and antispyware policies.
Key risk indicator (KRI) setup
Single sign-on (SSO) product
Malicious software and spyware
Detection defenses
12. It is easier to manage and control a _________________.
Support the business objectives of the organization
Continuous monitoring control initiatives
The information security officer
Centralized structure
13. Useful but only with regard to specific technical skills.
Public key infrastructure (PKI)
The awareness and agreement of the data subjects
Proficiency testing
Malicious software and spyware
14. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Security baselines
Regular review of access control lists
Conduct a risk assessment
What happened and how the breach was resolved
15. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Classification of assets needs
Stress testing
Gain unauthorized access to applications
Identify the relevant systems and processes
16. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Well-defined roles and responsibilities
Calculating the value of the information or asset
Monitoring processes
Transmit e-mail messages
17. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Centralized structure
The balanced scorecard
Virus detection
The board of directors and senior management
18. New security ulnerabilities should be managed through a ________________.
Digital signatures
Cyber extortionist
Patch management process
Regulatory compliance
19. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Data owners
Well-defined roles and responsibilities
All personnel
Gap analysis
20. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
The database administrator
Tie security risks to key business objectives
Security awareness training for all employees
What happened and how the breach was resolved
21. The information security manager needs to prioritize the controls based on ________________________.
Impractical and is often cost-prohibitive
Trusted source
Risk management and the requirements of the organization
Risk assessment - evaluation and impact analysis
22. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
A network vulnerability assessment
Exceptions to policy
Intrusion detection system (IDS)
Encryption key management
23. Occurs after the risk assessment process - it does not measure it.
Annually or whenever there is a significant change
Centralized structure
Confidentiality
Use of security metrics
24. Company or person you believe will not send a virus-infect file knowingly
Personal firewall
Cracker
Trusted source
Decentralization
25. The most important characteristic of good security policies is that they be ____________________.
Get senior management onboard
Aligned with organizational goals
Control risk
OBusiness case development
26. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Certificate authority (CA)
Two-factor authentication
Security code reviews for the entire software application
Public key infrastructure (PKI)
27. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Reduce risk to an acceptable level
Retention of business records
Negotiating a local version of the organization standards
Asset classification
28. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Lack of change management
Continuous monitoring control initiatives
Consensus on risks and controls
Return on security investment (ROSI)
29. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Get senior management onboard
Impractical and is often cost-prohibitive
Performing a risk assessment
Asset classification
30. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Virus detection
Performing a risk assessment
Increase business value and confidence
Baseline standard and then develop additional standards
31. Ensure that transmitted information can be attributed to the named sender.
Acceptable use policies
Digital signatures
Creation of a business continuity plan
Safeguards over keys
32. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Background check
Cracker
Multinational organization
Conduct a risk assessment
33. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Risk assessment - evaluation and impact analysis
Monitoring processes
Vulnerability assessment
Skills inventory
34. Most effective for evaluating the degree to which information security objectives are being met.
The balanced scorecard
Hacker
Strategic alignment of security with business objectives
Return on security investment (ROSI)
35. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Well-defined roles and responsibilities
Security risk
Digital signatures
Defining high-level business security requirements
36. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Nondisclosure agreement (NDA)
Patch management
Countermeasure cost-benefit analysis
Classification of assets needs
37. A repository of historical data organized by subject to support decision makers in the org
Fault-tolerant computer
Data warehouse
Breakeven point of risk reduction and cost
Strategic alignment of security with business objectives
38. Utility program that detects and protects a personal computer from unauthorized intrusions
Internal risk assessment
Personal firewall
Cyber terrorist
Attributes and characteristics of the 'desired state'
39. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Do with the information it collects
Phishing
Biometric access control systems
Security code reviews for the entire software application
40. Oversees the overall classification management of the information.
Assess the risks to the business operation
Waterfall chart
The information security officer
Gain unauthorized access to applications
41. Someone who accesses a computer or network illegally
Service level agreements (SLAs)
Hacker
Gap analysis
Conduct a risk assessment
42. By definition are not previously known and therefore are undetectable.
Total cost of ownership (TCO)
0-day vulnerabilities
Detection defenses
Do with the information it collects
43. BEST option to improve accountability for a system administrator is to _____________________.
Increase business value and confidence
Confidentiality
include security responsibilities in a job description
Information contained on the equipment
44. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
OBusiness case development
Lack of change management
Power surge/over voltage (spike)
Encryption
45. Primarily reduce risk and are most effective for the protection of information assets.
Regular review of access control lists
Cracker
Key controls
Decentralization
46. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Role-based access control
Deeper level of analysis
Retention of business records
Increase business value and confidence
47. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Strategic alignment of security with business objectives
Spoofing attacks
Get senior management onboard
Monitoring processes
48. The primary role of the information security manager in the process of information classification within the organization.
Defining and ratifying the classification structure of information assets
Intrusion detection system (IDS)
Examples of containment defenses
Assess the risks to the business operation
49. Has to be integrated into the requirements of every software application's design.
Encryption
Continuous analysis - monitoring and feedback
Two-factor authentication
Encryption key management
50. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Access control matrix
The information security officer
Nondisclosure agreement (NDA)
Information security manager
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests