Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Without _____________________ - there cannot be accountability.






2. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.






3. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.






4. The job of the information security officer on a management team is to ___________________.






5. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.






6. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -






7. Carries out the technical administration.






8. The best measure and will involve reviewing the entire source code to detect all instances of back doors.






9. Provide metrics to which outsourcing firms can be held accountable.






10. Needs to define the access rules - which is troublesome and error prone in large organizations.






11. Most effective for evaluating the degree to which information security objectives are being met.






12. Occurs when the electrical supply drops






13. Same intent as a cracker but does not have the technical skills and knowledge






14. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.






15. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information






16. Primarily reduce risk and are most effective for the protection of information assets.






17. Identification and _______________ of business risk enables project managers to address areas with most significance.






18. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance






19. Uses security metrics to measure the performance of the information security program.






20. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.






21. The best measure for preventing the unauthorized disclosure of confidential information.






22. By definition are not previously known and therefore are undetectable.






23. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.






24. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.






25. Has full responsibility over data.






26. Change management controls the _____________________. This is often the point at which a weakness will be introduced.






27. Only valid if assets have first been identified and appropriately valued.






28. Information security governance models are highly dependent on the _____________________.






29. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.






30. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.






31. Useful but only with regard to specific technical skills.






32. Risk should be reduced to a level that an organization _____________.






33. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.






34. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.






35. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.






36. A repository of historical data organized by subject to support decision makers in the org






37. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.






38. The PRIMARY goal in developing an information security strategy is to: _________________________.






39. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.






40. Normally addressed through antivirus and antispyware policies.






41. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations






42. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.






43. Utility program that detects and protects a personal computer from unauthorized intrusions






44. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.






45. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.






46. A notice that guarantees a user or a web site is legitimate






47. A process that helps organizations manipulate important knowledge that is part of the orgs. memory






48. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability






49. An information security manager has to impress upon the human resources department the need for _____________________.






50. provides the most effective protection of data on mobile devices.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests