SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Focuses on identifying vulnerabilities.
Protective switch covers
Penetration testing
The data custodian
Cracker
2. Needs to define the access rules - which is troublesome and error prone in large organizations.
Properly aligned with business goals and objectives
The balanced scorecard
Rule-based access control
Intrusion detection system (IDS)
3. New security ulnerabilities should be managed through a ________________.
Assess the risks to the business operation
Knowledge management
Patch management process
Personal firewall
4. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
Audit objectives
Overall organizational structure
Annually or whenever there is a significant change
Get senior management onboard
5. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Annually or whenever there is a significant change
Worm
Key controls
Tailgating
6. The primary role of the information security manager in the process of information classification within the organization.
Defining and ratifying the classification structure of information assets
Cyber terrorist
Protective switch covers
Risk assessment - evaluation and impact analysis
7. Without _____________________ - there cannot be accountability.
Total cost of ownership (TCO)
Tailgating
Platform security - intrusion detection and antivirus controls
Well-defined roles and responsibilities
8. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
The database administrator
Attributes and characteristics of the 'desired state'
Safeguards over keys
Service level agreements (SLAs)
9. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
The awareness and agreement of the data subjects
People
Lack of change management
Support the business objectives of the organization
10. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Knowledge management
Protective switch covers
Encryption
Single sign-on (SSO) product
11. Accesses a computer or network illegally
Cyber terrorist
Cracker
Cost of control
Encryption
12. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
13. Should be performed to identify the risk and determine needed controls.
Exceptions to policy
Do with the information it collects
Internal risk assessment
Creation of a business continuity plan
14. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
0-day vulnerabilities
Do with the information it collects
Methodology used in the assessment
15. Would protect against spoofing an internal address but would not provide strong authentication.
IP address packet filtering
Residual risk would be reduced by a greater amount
Biometric access control systems
Nondisclosure agreement (NDA)
16. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Data mart
Two-factor authentication
Cryptographic secure sockets layer (SSL) implementations and short key lengths
The board of directors and senior management
17. Should PRIMARILY be based on regulatory and legal requirements.
Retention of business records
Process of introducing changes to systems
Requirements of the data owners
Information contained on the equipment
18. Awareness - training and physical security defenses.
Data warehouse
Examples of containment defenses
Threat assessment
Data classification
19. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Undervoltage (brownout)
Logon banners
Platform security - intrusion detection and antivirus controls
Negotiating a local version of the organization standards
20. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Cracker
People
Control effectiveness
Security baselines
21. The most important characteristic of good security policies is that they be ____________________.
Consensus on risks and controls
Conduct a risk assessment
Digital signatures
Aligned with organizational goals
22. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
Protective switch covers
Normalization
Malicious software and spyware
The authentication process is broken
23. Ensures that there are no scalability problems.
The awareness and agreement of the data subjects
Developing an information security baseline
Stress testing
Patch management
24. Someone who uses the internet or network to destroy or damage computers for political reasons
Key controls
Cyber terrorist
Performing a risk assessment
Calculating the value of the information or asset
25. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Assess the risks to the business operation
Creation of a business continuity plan
Calculating the value of the information or asset
Information contained on the equipment
26. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Security code reviews for the entire software application
Exceptions to policy
Malicious software and spyware
Information contained on the equipment
27. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Proficiency testing
Protective switch covers
Regulatory compliance
Monitoring processes
28. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Calculating the value of the information or asset
Transmit e-mail messages
Continuous analysis - monitoring and feedback
Alignment with business strategy
29. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Reduce risk to an acceptable level
Detection defenses
Trusted source
Knowledge management
30. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Spoofing attacks
Classification of assets needs
Data mart
What happened and how the breach was resolved
31. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Countermeasure cost-benefit analysis
Confidentiality
Patch management process
Its ability to reduce or eliminate business risks
32. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
The awareness and agreement of the data subjects
Control risk
Phishing
Nondisclosure agreement (NDA)
33. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Alignment with business strategy
Security awareness training for all employees
Intrusion detection system (IDS)
The information security officer
34. Only valid if assets have first been identified and appropriately valued.
The database administrator
Protective switch covers
Annual loss expectancy (ALE)calculations
Tailgating
35. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
Risk appetite
All personnel
Tie security risks to key business objectives
Its ability to reduce or eliminate business risks
36. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Patch management
Attributes and characteristics of the 'desired state'
Role-based access control
Monitoring processes
37. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Equal error rate (EER)
Data owners
Alignment with business strategy
Residual risk
38. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
The data custodian
Return on security investment (ROSI)
Performing a risk assessment
Equal error rate (EER)
39. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Security baselines
Process of introducing changes to systems
Control risk
A network vulnerability assessment
40. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Role-based access control
Platform security - intrusion detection and antivirus controls
What happened and how the breach was resolved
Data isolation
41. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Identify the vulnerable systems and apply compensating controls
Encryption key management
Control risk
Defining and ratifying the classification structure of information assets
42. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Identify the relevant systems and processes
Digital certificate
Trojan horse
Annual loss expectancy (ALE)calculations
43. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Trusted source
Exceptions to policy
Performing a risk assessment
Increase business value and confidence
44. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Spoofing attacks
The authentication process is broken
Equal error rate (EER)
Return on security investment (ROSI)
45. A Successful risk management should lead to a ________________.
Breakeven point of risk reduction and cost
MAL wear
Cyber terrorist
Role-based access control
46. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Penetration testing
Fault-tolerant computer
SWOT analysis
Malicious software and spyware
47. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Do with the information it collects
People
Reduce risk to an acceptable level
Compliance with the organization's information security requirements
48. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Background checks of prospective employees
OBusiness case development
Security risk
Decentralization
49. A key indicator of performance measurement.
Transferred risk
Monitoring processes
Performing a risk assessment
Strategic alignment of security with business objectives
50. Programs that act without a user's knowledge and deliberately alter a computer's operations
Service level agreements (SLAs)
MAL wear
Residual risk
Applying the proper classification to the data