SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
2. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Virus
Decentralization
Gap analysis
Information contained on the equipment
3. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Alignment with business strategy
Consensus on risks and controls
Security risk
Defined objectives
4. Only valid if assets have first been identified and appropriately valued.
Negotiating a local version of the organization standards
Trusted source
Annual loss expectancy (ALE)calculations
Waterfall chart
5. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Assess the risks to the business operation
Increase business value and confidence
Audit objectives
Phishing
6. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Digital signatures
Centralization of information security management
Personal firewall
Encryption
7. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Centralization of information security management
Regulatory compliance
Asset classification
Baseline standard and then develop additional standards
8. ecurity design flaws require a ____________________.
Deeper level of analysis
Data isolation
Risk appetite
Notifications and opt-out provisions
9. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
MAL wear
Biometric access control systems
Spoofing attacks
Calculating the value of the information or asset
10. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Defining high-level business security requirements
Exceptions to policy
The data owner
SWOT analysis
11. An information security manager has to impress upon the human resources department the need for _____________________.
Security awareness training for all employees
Is willing to accept
Intrusion detection system (IDS)
Identify the relevant systems and processes
12. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Single sign-on (SSO) product
Total cost of ownership (TCO)
Access control matrix
Residual risk
13. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
The authentication process is broken
Service level agreements (SLAs)
Gap analysis
The data owner
14. Responsible for securing the information.
Biometric access control systems
The data custodian
Encryption
Cracker
15. A repository of historical data organized by subject to support decision makers in the org
Security risk
Public key infrastructure (PKI)
Data warehouse
Defining and ratifying the classification structure of information assets
16. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Return on security investment (ROSI)
Logon banners
Asset classification
BIA (Business Impact Assessment
17. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Nondisclosure agreement (NDA)
Encryption key management
Resource dependency assessment
Audit objectives
18. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Negotiating a local version of the organization standards
Risk appetite
Owner of the information asset
Certificate authority (CA)
19. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Do with the information it collects
Information contained on the equipment
Properly aligned with business goals and objectives
Classification of assets needs
20. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Countermeasure cost-benefit analysis
Support the business objectives of the organization
Classification of assets needs
Hacker
21. Should PRIMARILY be based on regulatory and legal requirements.
Equal error rate (EER)
Centralized structure
Retention of business records
Cyber terrorist
22. Inject malformed input.
The authentication process is broken
Cross-site scripting attacks
Security awareness training for all employees
Is willing to accept
23. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Notifications and opt-out provisions
Risk management and the requirements of the organization
Total cost of ownership (TCO)
Cost of control
24. Same intent as a cracker but does not have the technical skills and knowledge
Compliance with the organization's information security requirements
The balanced scorecard
0-day vulnerabilities
Script kiddie
25. Normally addressed through antivirus and antispyware policies.
Overall organizational structure
Malicious software and spyware
Resource dependency assessment
Multinational organization
26. A Successful risk management should lead to a ________________.
Audit objectives
Breakeven point of risk reduction and cost
Regular review of access control lists
Decentralization
27. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Risk assessment - evaluation and impact analysis
Cryptographic secure sockets layer (SSL) implementations and short key lengths
include security responsibilities in a job description
Defining high-level business security requirements
28. Occurs after the risk assessment process - it does not measure it.
Risk management and the requirements of the organization
Residual risk would be reduced by a greater amount
Get senior management onboard
Use of security metrics
29. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Requirements of the data owners
Single sign-on (SSO) product
Platform security - intrusion detection and antivirus controls
Trojan horse
30. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Impractical and is often cost-prohibitive
Inherent risk
Key controls
Cyber extortionist
31. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Data classification
The data custodian
Examples of containment defenses
Background checks of prospective employees
32. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
33. Occurs when the incoming level
Classification of assets needs
Threat assessment
Power surge/over voltage (spike)
Key risk indicator (KRI) setup
34. Whenever personal data are transferred across national boundaries; ________________________ are required.
Threat assessment
The awareness and agreement of the data subjects
Compliance with the organization's information security requirements
The database administrator
35. Occurs when the electrical supply drops
Methodology used in the assessment
Audit objectives
Undervoltage (brownout)
Script kiddie
36. The primary role of the information security manager in the process of information classification within the organization.
Defining and ratifying the classification structure of information assets
The awareness and agreement of the data subjects
Skills inventory
Biometric access control systems
37. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Threat assessment
The information security officer
SWOT analysis
Virus
38. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Regulatory compliance
Alignment with business strategy
Owner of the information asset
Security code reviews for the entire software application
39. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Inherent risk
People
Vulnerability assessment
Risk assessment - evaluation and impact analysis
40. To identify known vulnerabilities based on common misconfigurations and missing updates.
A network vulnerability assessment
Conduct a risk assessment
What happened and how the breach was resolved
Nondisclosure agreement (NDA)
41. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.
Regulatory compliance
Lack of change management
Attributes and characteristics of the 'desired state'
Performing a risk assessment
42. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Get senior management onboard
Breakeven point of risk reduction and cost
Methodology used in the assessment
Service level agreements (SLAs)
43. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Worm
Attributes and characteristics of the 'desired state'
Penetration testing
Cracker
44. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Lack of change management
Information security manager
Attributes and characteristics of the 'desired state'
Protective switch covers
45. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Virus
Biometric access control systems
Safeguards over keys
Compliance with the organization's information security requirements
46. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Logon banners
Conduct a risk assessment
Risk appetite
47. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Security baselines
Return on security investment (ROSI)
Multinational organization
What happened and how the breach was resolved
48. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Proficiency testing
Get senior management onboard
Identify the relevant systems and processes
OBusiness case development
49. Has full responsibility over data.
Identify the relevant systems and processes
Safeguards over keys
The data owner
The board of directors and senior management
50. Provides strong online authentication.
Defining high-level business security requirements
Asset classification
Public key infrastructure (PKI)
Nondisclosure agreement (NDA)