SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Use of security metrics
Owner of the information asset
Vulnerability assessment
Increase business value and confidence
2. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Threat assessment
Centralized structure
Baseline standard and then develop additional standards
Key risk indicator (KRI) setup
3. Has full responsibility over data.
Control effectiveness
Cyber extortionist
The data owner
Platform security - intrusion detection and antivirus controls
4. Normally addressed through antivirus and antispyware policies.
Resource dependency assessment
Public key infrastructure (PKI)
Malicious software and spyware
Risk management and the requirements of the organization
5. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Continuous analysis - monitoring and feedback
Security baselines
Resource dependency assessment
Identify the relevant systems and processes
6. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Undervoltage (brownout)
Performing a risk assessment
Intrusion detection system (IDS)
Do with the information it collects
7. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Continuous monitoring control initiatives
Exceptions to policy
Residual risk would be reduced by a greater amount
Digital certificate
8. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Aligned with organizational goals
Information security manager
Cross-site scripting attacks
Threat assessment
9. Reducing risk to a level too small to measure is _______________.
Performing a risk assessment
Logon banners
Spoofing attacks
Impractical and is often cost-prohibitive
10. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Control risk
Return on security investment (ROSI)
Identify the relevant systems and processes
Consensus on risks and controls
11. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Developing an information security baseline
Cyber extortionist
Aligned with organizational goals
Monitoring processes
12. The primary role of the information security manager in the process of information classification within the organization.
Developing an information security baseline
Multinational organization
Defining and ratifying the classification structure of information assets
Identify the vulnerable systems and apply compensating controls
13. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Encryption
Security baselines
The board of directors and senior management
Key controls
14. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Applying the proper classification to the data
Owner of the information asset
The information security officer
Access control matrix
15. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
The data owner
Control risk
Role-based access control
Defining and ratifying the classification structure of information assets
16. When the ________________ is more than the cost of the risk - the risk should be accepted.
Internal risk assessment
Lack of change management
Cost of control
The information security officer
17. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
18. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Information contained on the equipment
Information security manager
Data mart
Platform security - intrusion detection and antivirus controls
19. The best measure for preventing the unauthorized disclosure of confidential information.
Acceptable use policies
Encryption of the hard disks
The balanced scorecard
Phishing
20. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Reduce risk to an acceptable level
0-day vulnerabilities
Decentralization
Risk assessment - evaluation and impact analysis
21. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Intrusion detection system (IDS)
Certificate authority (CA)
Classification of assets needs
Cyber terrorist
22. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Information contained on the equipment
Defining high-level business security requirements
Properly aligned with business goals and objectives
Continuous monitoring control initiatives
23. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
MAL wear
Negotiating a local version of the organization standards
Conduct a risk assessment
Trusted source
24. Computer that has duplicate components so it can continue to operate when one of its main components fail
Power surge/over voltage (spike)
Gap analysis
Fault-tolerant computer
Gain unauthorized access to applications
25. Utility program that detects and protects a personal computer from unauthorized intrusions
Personal firewall
Intrusion detection system (IDS)
Residual risk would be reduced by a greater amount
Impractical and is often cost-prohibitive
26. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Fault-tolerant computer
The data custodian
Regular review of access control lists
Proficiency testing
27. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Defining high-level business security requirements
Resource dependency assessment
Data owners
Hacker
28. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Security risk
Residual risk
Risk appetite
People
29. Same intent as a cracker but does not have the technical skills and knowledge
Risk assessment - evaluation and impact analysis
Control effectiveness
Script kiddie
Compliance with the organization's information security requirements
30. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Classification of assets needs
Waterfall chart
Identify the relevant systems and processes
Centralization of information security management
31. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Virus
Decentralization
Information security manager
Hacker
32. The PRIMARY goal in developing an information security strategy is to: _________________________.
Equal error rate (EER)
Defined objectives
Applying the proper classification to the data
Support the business objectives of the organization
33. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
34. Cannot be minimized
Return on security investment (ROSI)
Inherent risk
Alignment with business strategy
Breakeven point of risk reduction and cost
35. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Continuous monitoring control initiatives
Phishing
Worm
Equal error rate (EER)
36. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Intrusion detection system (IDS)
Nondisclosure agreement (NDA)
Alignment with business strategy
Applying the proper classification to the data
37. Accesses a computer or network illegally
Cracker
The data custodian
Annual loss expectancy (ALE)calculations
Control effectiveness
38. Carries out the technical administration.
IP address packet filtering
Gap analysis
Exceptions to policy
The database administrator
39. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
The information security officer
Asset classification
Risk appetite
Tailgating
40. S small warehouse - designed for the end-user needs in a strategic business unit
Fault-tolerant computer
Cracker
Well-defined roles and responsibilities
Data mart
41. Company or person you believe will not send a virus-infect file knowingly
Trusted source
Cracker
Transferred risk
Service level agreements (SLAs)
42. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
Countermeasure cost-benefit analysis
Acceptable use policies
Skills inventory
The authentication process is broken
43. Provide metrics to which outsourcing firms can be held accountable.
Service level agreements (SLAs)
Process of introducing changes to systems
Security baselines
Power surge/over voltage (spike)
44. The most important characteristic of good security policies is that they be ____________________.
Identify the vulnerable systems and apply compensating controls
Aligned with organizational goals
Support the business objectives of the organization
Logon banners
45. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Tailgating
Centralization of information security management
Power surge/over voltage (spike)
Baseline standard and then develop additional standards
46. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Developing an information security baseline
Detection defenses
Retention of business records
Cyber extortionist
47. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Classification of assets needs
Transmit e-mail messages
Applying the proper classification to the data
Return on security investment (ROSI)
48. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Transferred risk
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Countermeasure cost-benefit analysis
Asset classification
49. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Methodology used in the assessment
Countermeasure cost-benefit analysis
Annual loss expectancy (ALE)calculations
Return on security investment (ROSI)
50. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.
Regulatory compliance
What happened and how the breach was resolved
Continuous analysis - monitoring and feedback
Exceptions to policy
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests