SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Requirements of the data owners
Identify the vulnerable systems and apply compensating controls
The balanced scorecard
Intrusion detection system (IDS)
2. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Key risk indicator (KRI) setup
Malicious software and spyware
The authentication process is broken
Identify the relevant systems and processes
3. Carries out the technical administration.
Safeguards over keys
Penetration testing
The database administrator
Decentralization
4. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Vulnerability assessment
Performing a risk assessment
Decentralization
Risk appetite
5. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Classification of assets needs
Data mart
Fault-tolerant computer
Transferred risk
6. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
The authentication process is broken
Continuous monitoring control initiatives
Virus detection
Script kiddie
7. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Exceptions to policy
The data custodian
Cost of control
Service level agreements (SLAs)
8. Has full responsibility over data.
IP address packet filtering
The data owner
Defining high-level business security requirements
Information contained on the equipment
9. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Do with the information it collects
Cross-site scripting attacks
A network vulnerability assessment
Encryption
10. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
11. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Penetration testing
Information contained on the equipment
Confidentiality
Regular review of access control lists
12. When the ________________ is more than the cost of the risk - the risk should be accepted.
Cost of control
Compliance with the organization's information security requirements
Encryption
Personal firewall
13. Applications cannot access data associated with other apps
Data isolation
Overall organizational structure
include security responsibilities in a job description
Multinational organization
14. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Threat assessment
Cracker
Centralized structure
IP address packet filtering
15. The MOST important element of an information security strategy.
The data custodian
Proficiency testing
Its ability to reduce or eliminate business risks
Defined objectives
16. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
SWOT analysis
Digital certificate
Worm
Phishing
17. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Attributes and characteristics of the 'desired state'
Background checks of prospective employees
Centralized structure
Methodology used in the assessment
18. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Cost of control
Annually or whenever there is a significant change
People
Internal risk assessment
19. The information security manager needs to prioritize the controls based on ________________________.
Encryption of the hard disks
Use of security metrics
Undervoltage (brownout)
Risk management and the requirements of the organization
20. Provides strong online authentication.
Single sign-on (SSO) product
Stress testing
Public key infrastructure (PKI)
Retention of business records
21. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Increase business value and confidence
OBusiness case development
Digital certificate
Intrusion detection system (IDS)
22. Provides process needs but not impact.
Data warehouse
Vulnerability assessment
Logon banners
Resource dependency assessment
23. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Increase business value and confidence
Tailgating
The board of directors and senior management
Certificate authority (CA)
24. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Public key infrastructure (PKI)
Data classification
Calculating the value of the information or asset
Vulnerability assessment
25. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
The balanced scorecard
Deeper level of analysis
Creation of a business continuity plan
Risk appetite
26. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
0-day vulnerabilities
Trojan horse
Assess the risks to the business operation
Phishing
27. Cannot be minimized
Baseline standard and then develop additional standards
Digital certificate
Inherent risk
MAL wear
28. Ensure that transmitted information can be attributed to the named sender.
Cost of control
Impractical and is often cost-prohibitive
Digital signatures
Encryption of the hard disks
29. S small warehouse - designed for the end-user needs in a strategic business unit
Control risk
Data mart
Normalization
Acceptable use policies
30. Oversees the overall classification management of the information.
Tie security risks to key business objectives
Cyber terrorist
The information security officer
Trojan horse
31. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Skills inventory
Tailgating
Background check
Control risk
32. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Rule-based access control
Total cost of ownership (TCO)
Biometric access control systems
Virus detection
33. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
What happened and how the breach was resolved
Trojan horse
Process of introducing changes to systems
Developing an information security baseline
34. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Impractical and is often cost-prohibitive
Defined objectives
Owner of the information asset
Retention of business records
35. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Continuous analysis - monitoring and feedback
Stress testing
Deeper level of analysis
Gain unauthorized access to applications
36. Awareness - training and physical security defenses.
Inherent risk
Aligned with organizational goals
Countermeasure cost-benefit analysis
Examples of containment defenses
37. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Risk appetite
Role-based policy
Monitoring processes
Alignment with business strategy
38. The job of the information security officer on a management team is to ___________________.
Assess the risks to the business operation
Strategic alignment of security with business objectives
Safeguards over keys
What happened and how the breach was resolved
39. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Defined objectives
OBusiness case development
Patch management
Logon banners
40. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
Gap analysis
All personnel
Breakeven point of risk reduction and cost
Knowledge management
41. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Consensus on risks and controls
OBusiness case development
Key risk indicator (KRI) setup
Certificate authority (CA)
42. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
Classification of assets needs
Annually or whenever there is a significant change
Overall organizational structure
OBusiness case development
43. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Phishing
0-day vulnerabilities
Performing a risk assessment
Classification of assets needs
44. Same intent as a cracker but does not have the technical skills and knowledge
Skills inventory
Multinational organization
Cracker
Script kiddie
45. Company or person you believe will not send a virus-infect file knowingly
Return on security investment (ROSI)
Stress testing
Trusted source
Annually or whenever there is a significant change
46. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Multinational organization
Gain unauthorized access to applications
Use of security metrics
Logon banners
47. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Continuous monitoring control initiatives
Vulnerability assessment
Identify the vulnerable systems and apply compensating controls
Asset classification
48. The PRIMARY goal in developing an information security strategy is to: _________________________.
Power surge/over voltage (spike)
Support the business objectives of the organization
Data warehouse
Detection defenses
49. Should be performed to identify the risk and determine needed controls.
Centralized structure
Internal risk assessment
Countermeasure cost-benefit analysis
0-day vulnerabilities
50. Focuses on identifying vulnerabilities.
Trusted source
Deeper level of analysis
Penetration testing
Virus detection
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests