SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Internal risk assessment
Trojan horse
Identify the relevant systems and processes
Multinational organization
2. Responsible for securing the information.
Safeguards over keys
The data custodian
Virus
Centralized structure
3. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
What happened and how the breach was resolved
Virus
Role-based policy
Resource dependency assessment
4. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Retention of business records
Well-defined roles and responsibilities
Prioritization
Tailgating
5. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Transmit e-mail messages
Asset classification
Vulnerability assessment
Methodology used in the assessment
6. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
A network vulnerability assessment
Multinational organization
Identify the relevant systems and processes
Defining high-level business security requirements
7. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Role-based access control
Classification of assets needs
Negotiating a local version of the organization standards
Risk management and the requirements of the organization
8. A key indicator of performance measurement.
Get senior management onboard
Strategic alignment of security with business objectives
Access control matrix
Applying the proper classification to the data
9. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Use of security metrics
Defining high-level business security requirements
Safeguards over keys
Notifications and opt-out provisions
10. S small warehouse - designed for the end-user needs in a strategic business unit
0-day vulnerabilities
Identify the relevant systems and processes
Data mart
Centralization of information security management
11. New security ulnerabilities should be managed through a ________________.
Protective switch covers
Patch management process
Platform security - intrusion detection and antivirus controls
Baseline standard and then develop additional standards
12. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Baseline standard and then develop additional standards
Single sign-on (SSO) product
Conduct a risk assessment
Security baselines
13. Company or person you believe will not send a virus-infect file knowingly
Cyber extortionist
Trusted source
Residual risk
Countermeasure cost-benefit analysis
14. Should be performed to identify the risk and determine needed controls.
Patch management process
Control effectiveness
Biometric access control systems
Internal risk assessment
15. Has to be integrated into the requirements of every software application's design.
Encryption key management
Continuous analysis - monitoring and feedback
Skills inventory
Worm
16. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Residual risk
MAL wear
Requirements of the data owners
Role-based policy
17. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
Get senior management onboard
Encryption of the hard disks
The data owner
Vulnerability assessment
18. Most effective for evaluating the degree to which information security objectives are being met.
Patch management
Developing an information security baseline
Threat assessment
The balanced scorecard
19. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Audit objectives
Resource dependency assessment
Residual risk
MAL wear
20. A risk assessment should be conducted _________________.
The awareness and agreement of the data subjects
Annually or whenever there is a significant change
Gain unauthorized access to applications
Is willing to accept
21. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
OBusiness case development
The data owner
Data mart
Risk assessment - evaluation and impact analysis
22. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Developing an information security baseline
Exceptions to policy
Role-based access control
Creation of a business continuity plan
23. Accesses a computer or network illegally
Overall organizational structure
Process of introducing changes to systems
Cracker
Consensus on risks and controls
24. A repository of historical data organized by subject to support decision makers in the org
Continuous monitoring control initiatives
Increase business value and confidence
Data warehouse
Logon banners
25. Whenever personal data are transferred across national boundaries; ________________________ are required.
The awareness and agreement of the data subjects
The balanced scorecard
Continuous analysis - monitoring and feedback
Personal firewall
26. Uses security metrics to measure the performance of the information security program.
Information security manager
Return on security investment (ROSI)
The data owner
Attributes and characteristics of the 'desired state'
27. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Power surge/over voltage (spike)
Comparison of cost of achievement
Hacker
Monitoring processes
28. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Service level agreements (SLAs)
Trojan horse
Properly aligned with business goals and objectives
Waterfall chart
29. The PRIMARY goal in developing an information security strategy is to: _________________________.
Notifications and opt-out provisions
Get senior management onboard
Support the business objectives of the organization
Compliance with the organization's information security requirements
30. The job of the information security officer on a management team is to ___________________.
What happened and how the breach was resolved
Assess the risks to the business operation
Confidentiality
Properly aligned with business goals and objectives
31. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Encryption
Cracker
Continuous analysis - monitoring and feedback
All personnel
32. Without _____________________ - there cannot be accountability.
The database administrator
Threat assessment
Well-defined roles and responsibilities
The balanced scorecard
33. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Overall organizational structure
Control effectiveness
Retention of business records
Equal error rate (EER)
34. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
BIA (Business Impact Assessment
Digital signatures
All personnel
Rule-based access control
35. The MOST important element of an information security strategy.
Annually or whenever there is a significant change
Breakeven point of risk reduction and cost
Defining high-level business security requirements
Defined objectives
36. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
The balanced scorecard
Background checks of prospective employees
Continuous monitoring control initiatives
Certificate authority (CA)
37. Has full responsibility over data.
The data owner
Trusted source
Intrusion detection system (IDS)
The data custodian
38. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Trojan horse
Tie security risks to key business objectives
Methodology used in the assessment
Identify the vulnerable systems and apply compensating controls
39. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Background checks of prospective employees
Gap analysis
Annually or whenever there is a significant change
Baseline standard and then develop additional standards
40. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Background check
Baseline standard and then develop additional standards
What happened and how the breach was resolved
The awareness and agreement of the data subjects
41. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Waterfall chart
Resource dependency assessment
Residual risk would be reduced by a greater amount
Access control matrix
42. Should be determined from the risk assessment results.
Gain unauthorized access to applications
Audit objectives
Data warehouse
Public key infrastructure (PKI)
43. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Return on security investment (ROSI)
Control effectiveness
Protective switch covers
Resource dependency assessment
44. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Risk assessment - evaluation and impact analysis
Role-based access control
Certificate authority (CA)
Creation of a business continuity plan
45. Used to understand the flow of one process into another.
Personal firewall
Centralization of information security management
Transferred risk
Waterfall chart
46. ecurity design flaws require a ____________________.
Increase business value and confidence
Deeper level of analysis
Acceptable use policies
Properly aligned with business goals and objectives
47. BEST option to improve accountability for a system administrator is to _____________________.
Safeguards over keys
include security responsibilities in a job description
Personal firewall
Rule-based access control
48. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Security awareness training for all employees
Defining and ratifying the classification structure of information assets
Process of introducing changes to systems
Regular review of access control lists
49. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Role-based access control
Increase business value and confidence
Owner of the information asset
Classification of assets needs
50. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
0-day vulnerabilities
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Encryption of the hard disks
Cyber extortionist