SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Computer that has duplicate components so it can continue to operate when one of its main components fail
SWOT analysis
Use of security metrics
Fault-tolerant computer
All personnel
2. A repository of historical data organized by subject to support decision makers in the org
Data warehouse
Identify the relevant systems and processes
Increase business value and confidence
Cracker
3. Provides strong online authentication.
Undervoltage (brownout)
Countermeasure cost-benefit analysis
Cost of control
Public key infrastructure (PKI)
4. Accesses a computer or network illegally
Cracker
The board of directors and senior management
Fault-tolerant computer
Security code reviews for the entire software application
5. Oversees the overall classification management of the information.
All personnel
Annually or whenever there is a significant change
The information security officer
Deeper level of analysis
6. Whenever personal data are transferred across national boundaries; ________________________ are required.
Centralized structure
Reduce risk to an acceptable level
The awareness and agreement of the data subjects
Notifications and opt-out provisions
7. Programs that act without a user's knowledge and deliberately alter a computer's operations
Use of security metrics
Prioritization
MAL wear
Applying the proper classification to the data
8. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Control risk
Virus detection
Increase business value and confidence
Acceptable use policies
9. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Security code reviews for the entire software application
Phishing
Data mart
Key risk indicator (KRI) setup
10. Information security governance models are highly dependent on the _____________________.
Role-based policy
Role-based access control
Overall organizational structure
Penetration testing
11. Utility program that detects and protects a personal computer from unauthorized intrusions
Security baselines
Personal firewall
Cyber extortionist
Confidentiality
12. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Public key infrastructure (PKI)
Is willing to accept
Exceptions to policy
Residual risk
13. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Malicious software and spyware
Residual risk would be reduced by a greater amount
Cyber terrorist
Regulatory compliance
14. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Residual risk would be reduced by a greater amount
Virus
Do with the information it collects
Comparison of cost of achievement
15. Inject malformed input.
Asset classification
Cross-site scripting attacks
Annually or whenever there is a significant change
Performing a risk assessment
16. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Annual loss expectancy (ALE)calculations
Service level agreements (SLAs)
Vulnerability assessment
Power surge/over voltage (spike)
17. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
SWOT analysis
The board of directors and senior management
The information security officer
Return on security investment (ROSI)
18. Cannot be minimized
Inherent risk
Data warehouse
Digital certificate
Knowledge management
19. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Impractical and is often cost-prohibitive
People
Baseline standard and then develop additional standards
The authentication process is broken
20. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
Risk appetite
Background checks of prospective employees
Security awareness training for all employees
Cyber terrorist
21. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
include security responsibilities in a job description
Worm
Two-factor authentication
Properly aligned with business goals and objectives
22. Awareness - training and physical security defenses.
Tie security risks to key business objectives
Logon banners
Data mart
Examples of containment defenses
23. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Strategic alignment of security with business objectives
SWOT analysis
Alignment with business strategy
Identify the vulnerable systems and apply compensating controls
24. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Intrusion detection system (IDS)
Properly aligned with business goals and objectives
Identify the vulnerable systems and apply compensating controls
Cyber extortionist
25. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Overall organizational structure
include security responsibilities in a job description
Encryption key management
The board of directors and senior management
26. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
The board of directors and senior management
Public key infrastructure (PKI)
Background checks of prospective employees
Digital certificate
27. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
28. ecurity design flaws require a ____________________.
Waterfall chart
Performing a risk assessment
Deeper level of analysis
Nondisclosure agreement (NDA)
29. Company or person you believe will not send a virus-infect file knowingly
Nondisclosure agreement (NDA)
Strategic alignment of security with business objectives
The authentication process is broken
Trusted source
30. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Rule-based access control
SWOT analysis
Cyber extortionist
People
31. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
SWOT analysis
Hacker
Owner of the information asset
Asset classification
32. Without _____________________ - there cannot be accountability.
Digital signatures
The awareness and agreement of the data subjects
Equal error rate (EER)
Well-defined roles and responsibilities
33. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Detection defenses
BIA (Business Impact Assessment
Get senior management onboard
Reduce risk to an acceptable level
34. A method for analyzing and reducing a relational database to its most streamlined form
Tie security risks to key business objectives
Control risk
Process of introducing changes to systems
Normalization
35. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Spoofing attacks
Skills inventory
People
Security risk
36. Needs to define the access rules - which is troublesome and error prone in large organizations.
Control risk
Rule-based access control
Residual risk would be reduced by a greater amount
People
37. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Transmit e-mail messages
Well-defined roles and responsibilities
Support the business objectives of the organization
Gain unauthorized access to applications
38. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Stress testing
The data custodian
Detection defenses
Negotiating a local version of the organization standards
39. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Logon banners
Personal firewall
Key risk indicator (KRI) setup
Reduce risk to an acceptable level
40. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
The information security officer
Single sign-on (SSO) product
IP address packet filtering
The authentication process is broken
41. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Identify the relevant systems and processes
Threat assessment
Conduct a risk assessment
Transmit e-mail messages
42. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Do with the information it collects
Lack of change management
Biometric access control systems
BIA (Business Impact Assessment
43. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Increase business value and confidence
The authentication process is broken
BIA (Business Impact Assessment
Protective switch covers
44. The PRIMARY goal in developing an information security strategy is to: _________________________.
Countermeasure cost-benefit analysis
Calculating the value of the information or asset
Support the business objectives of the organization
Data isolation
45. Used to understand the flow of one process into another.
Breakeven point of risk reduction and cost
Waterfall chart
Exceptions to policy
The awareness and agreement of the data subjects
46. Uses security metrics to measure the performance of the information security program.
Risk assessment - evaluation and impact analysis
What happened and how the breach was resolved
Information security manager
Conduct a risk assessment
47. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
BIA (Business Impact Assessment
Encryption of the hard disks
Use of security metrics
Breakeven point of risk reduction and cost
48. Primarily reduce risk and are most effective for the protection of information assets.
Monitoring processes
Defining high-level business security requirements
The data custodian
Key controls
49. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Notifications and opt-out provisions
Alignment with business strategy
Methodology used in the assessment
Comparison of cost of achievement
50. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
What happened and how the breach was resolved
Continuous monitoring control initiatives
The information security officer
Encryption key management
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests