SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Lack of change management
Cross-site scripting attacks
Acceptable use policies
Audit objectives
2. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
Asset classification
Risk appetite
Countermeasure cost-benefit analysis
Reduce risk to an acceptable level
3. Focuses on identifying vulnerabilities.
Notifications and opt-out provisions
Security code reviews for the entire software application
Encryption of the hard disks
Penetration testing
4. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Negotiating a local version of the organization standards
Personal firewall
Continuous analysis - monitoring and feedback
Role-based access control
5. Would protect against spoofing an internal address but would not provide strong authentication.
IP address packet filtering
Identify the relevant systems and processes
Role-based access control
The database administrator
6. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Calculating the value of the information or asset
Decentralization
Applying the proper classification to the data
Resource dependency assessment
7. Information security governance models are highly dependent on the _____________________.
Overall organizational structure
Impractical and is often cost-prohibitive
Encryption of the hard disks
Virus detection
8. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Cyber extortionist
Data warehouse
Virus detection
Role-based access control
9. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Annual loss expectancy (ALE)calculations
Defining high-level business security requirements
Annually or whenever there is a significant change
Conduct a risk assessment
10. Normally addressed through antivirus and antispyware policies.
Malicious software and spyware
Exceptions to policy
Cyber terrorist
Do with the information it collects
11. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Regulatory compliance
Defining high-level business security requirements
Security awareness training for all employees
Reduce risk to an acceptable level
12. A repository of historical data organized by subject to support decision makers in the org
Knowledge management
The information security officer
Data warehouse
Confidentiality
13. BEST option to improve accountability for a system administrator is to _____________________.
Data isolation
Malicious software and spyware
include security responsibilities in a job description
Risk appetite
14. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Retention of business records
Annually or whenever there is a significant change
Access control matrix
The awareness and agreement of the data subjects
15. A notice that guarantees a user or a web site is legitimate
0-day vulnerabilities
Proficiency testing
Digital certificate
Security risk
16. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Background checks of prospective employees
Rule-based access control
Personal firewall
17. A Successful risk management should lead to a ________________.
Applying the proper classification to the data
Retention of business records
Negotiating a local version of the organization standards
Breakeven point of risk reduction and cost
18. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Skills inventory
Security code reviews for the entire software application
Calculating the value of the information or asset
Worm
19. Occurs when the electrical supply drops
Undervoltage (brownout)
Tie security risks to key business objectives
Total cost of ownership (TCO)
Power surge/over voltage (spike)
20. Applications cannot access data associated with other apps
Undervoltage (brownout)
Skills inventory
Data isolation
Security baselines
21. Should PRIMARILY be based on regulatory and legal requirements.
Retention of business records
Annually or whenever there is a significant change
All personnel
Applying the proper classification to the data
22. It is easier to manage and control a _________________.
Requirements of the data owners
BIA (Business Impact Assessment
Overall organizational structure
Centralized structure
23. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Skills inventory
Residual risk
Its ability to reduce or eliminate business risks
Defined objectives
24. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Do with the information it collects
Get senior management onboard
IP address packet filtering
Cryptographic secure sockets layer (SSL) implementations and short key lengths
25. The MOST important element of an information security strategy.
Defined objectives
Control risk
Control effectiveness
Monitoring processes
26. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Power surge/over voltage (spike)
Methodology used in the assessment
0-day vulnerabilities
Developing an information security baseline
27. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
Vulnerability assessment
Process of introducing changes to systems
All personnel
Assess the risks to the business operation
28. Should be a standard requirement for the service provider.
Background check
Multinational organization
Cross-site scripting attacks
Public key infrastructure (PKI)
29. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Proficiency testing
Transmit e-mail messages
Data warehouse
Patch management
30. When defining the information classification policy - the ___________________ need to be identified.
Cyber terrorist
Requirements of the data owners
Compliance with the organization's information security requirements
Inherent risk
31. Primarily reduce risk and are most effective for the protection of information assets.
Get senior management onboard
Security code reviews for the entire software application
Key controls
Examples of containment defenses
32. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Continuous analysis - monitoring and feedback
Its ability to reduce or eliminate business risks
Security risk
The data owner
33. Used to understand the flow of one process into another.
Risk appetite
Waterfall chart
Performing a risk assessment
Lack of change management
34. Someone who accesses a computer or network illegally
Key controls
Background check
Hacker
Acceptable use policies
35. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
All personnel
Continuous monitoring control initiatives
Identify the relevant systems and processes
Multinational organization
36. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Malicious software and spyware
Internal risk assessment
Safeguards over keys
include security responsibilities in a job description
37. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Role-based policy
Is willing to accept
OBusiness case development
Protective switch covers
38. The data owner is responsible for _______________________.
Key controls
The awareness and agreement of the data subjects
Gain unauthorized access to applications
Applying the proper classification to the data
39. Programs that act without a user's knowledge and deliberately alter a computer's operations
BIA (Business Impact Assessment
MAL wear
Continuous monitoring control initiatives
Single sign-on (SSO) product
40. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Asset classification
Virus detection
Knowledge management
Continuous analysis - monitoring and feedback
41. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Cost of control
Baseline standard and then develop additional standards
The authentication process is broken
Tailgating
42. Provides strong online authentication.
Public key infrastructure (PKI)
Strategic alignment of security with business objectives
Residual risk would be reduced by a greater amount
The information security officer
43. Needs to define the access rules - which is troublesome and error prone in large organizations.
Return on security investment (ROSI)
Normalization
All personnel
Rule-based access control
44. ecurity design flaws require a ____________________.
Exceptions to policy
Transferred risk
Deeper level of analysis
Gap analysis
45. Uses security metrics to measure the performance of the information security program.
Cracker
Information security manager
Attributes and characteristics of the 'desired state'
Certificate authority (CA)
46. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Creation of a business continuity plan
Key risk indicator (KRI) setup
Audit objectives
Equal error rate (EER)
47. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Total cost of ownership (TCO)
Risk assessment - evaluation and impact analysis
Information security manager
Developing an information security baseline
48. A key indicator of performance measurement.
Reduce risk to an acceptable level
Strategic alignment of security with business objectives
The data custodian
Single sign-on (SSO) product
49. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Properly aligned with business goals and objectives
Negotiating a local version of the organization standards
Spoofing attacks
Strategic alignment of security with business objectives
50. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183