SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. By definition are not previously known and therefore are undetectable.
0-day vulnerabilities
Requirements of the data owners
Certificate authority (CA)
Logon banners
2. Needs to define the access rules - which is troublesome and error prone in large organizations.
Malicious software and spyware
Key risk indicator (KRI) setup
The information security officer
Rule-based access control
3. A key indicator of performance measurement.
Negotiating a local version of the organization standards
Strategic alignment of security with business objectives
Continuous analysis - monitoring and feedback
The board of directors and senior management
4. Provide metrics to which outsourcing firms can be held accountable.
Role-based access control
Information contained on the equipment
Service level agreements (SLAs)
Centralized structure
5. Occurs when the electrical supply drops
Protective switch covers
Trojan horse
Undervoltage (brownout)
Encryption
6. Program that hides within or looks like a legit program
Properly aligned with business goals and objectives
Risk management and the requirements of the organization
Trojan horse
Gap analysis
7. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Detection defenses
Prioritization
Vulnerability assessment
Classification of assets needs
8. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Power surge/over voltage (spike)
Multinational organization
Protective switch covers
Vulnerability assessment
9. The job of the information security officer on a management team is to ___________________.
Requirements of the data owners
Key risk indicator (KRI) setup
Regulatory compliance
Assess the risks to the business operation
10. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Asset classification
Classification of assets needs
Gap analysis
Spoofing attacks
11. Provides process needs but not impact.
BIA (Business Impact Assessment
Process of introducing changes to systems
Resource dependency assessment
Script kiddie
12. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Vulnerability assessment
Access control matrix
Identify the vulnerable systems and apply compensating controls
Background checks of prospective employees
13. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Threat assessment
Phishing
Data classification
Encryption of the hard disks
14. Ensure that transmitted information can be attributed to the named sender.
Digital signatures
Security awareness training for all employees
Patch management process
Cyber extortionist
15. Has full responsibility over data.
Increase business value and confidence
The data owner
Aligned with organizational goals
Penetration testing
16. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Biometric access control systems
Calculating the value of the information or asset
Threat assessment
Comparison of cost of achievement
17. A method for analyzing and reducing a relational database to its most streamlined form
Audit objectives
What happened and how the breach was resolved
Normalization
Access control matrix
18. A risk assessment should be conducted _________________.
Retention of business records
Personal firewall
Data warehouse
Annually or whenever there is a significant change
19. Whenever personal data are transferred across national boundaries; ________________________ are required.
Role-based policy
Control effectiveness
Risk management and the requirements of the organization
The awareness and agreement of the data subjects
20. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Creation of a business continuity plan
Cracker
Developing an information security baseline
Worm
21. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Patch management process
Retention of business records
Data owners
Owner of the information asset
22. Occurs after the risk assessment process - it does not measure it.
Deeper level of analysis
Lack of change management
Gap analysis
Use of security metrics
23. The primary role of the information security manager in the process of information classification within the organization.
Gap analysis
Centralization of information security management
Regular review of access control lists
Defining and ratifying the classification structure of information assets
24. Should be determined from the risk assessment results.
Continuous analysis - monitoring and feedback
Properly aligned with business goals and objectives
Do with the information it collects
Audit objectives
25. Occurs when the incoming level
Power surge/over voltage (spike)
Requirements of the data owners
Tailgating
Negotiating a local version of the organization standards
26. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
27. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Confidentiality
Vulnerability assessment
Do with the information it collects
Worm
28. Without _____________________ - there cannot be accountability.
Identify the relevant systems and processes
Equal error rate (EER)
Skills inventory
Well-defined roles and responsibilities
29. Carries out the technical administration.
Power surge/over voltage (spike)
Trojan horse
The database administrator
Residual risk
30. Culture has a significant impact on how information security will be implemented in a ______________________.
Background checks of prospective employees
Multinational organization
Key risk indicator (KRI) setup
The information security officer
31. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Role-based policy
Phishing
Security code reviews for the entire software application
Aligned with organizational goals
32. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Security risk
Tie security risks to key business objectives
Negotiating a local version of the organization standards
Platform security - intrusion detection and antivirus controls
33. Used to understand the flow of one process into another.
Breakeven point of risk reduction and cost
Waterfall chart
Well-defined roles and responsibilities
Protective switch covers
34. A notice that guarantees a user or a web site is legitimate
Data classification
Digital certificate
Protective switch covers
Security code reviews for the entire software application
35. Someone who uses the internet or network to destroy or damage computers for political reasons
Identify the relevant systems and processes
Hacker
Information contained on the equipment
Cyber terrorist
36. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Defining high-level business security requirements
Asset classification
Patch management process
Safeguards over keys
37. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Security awareness training for all employees
Safeguards over keys
Alignment with business strategy
Asset classification
38. The data owner is responsible for _______________________.
Applying the proper classification to the data
0-day vulnerabilities
Knowledge management
Retention of business records
39. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
40. The MOST important element of an information security strategy.
Defined objectives
Consensus on risks and controls
Equal error rate (EER)
Increase business value and confidence
41. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Script kiddie
Cyber extortionist
Equal error rate (EER)
Nondisclosure agreement (NDA)
42. Provides strong online authentication.
Vulnerability assessment
Spoofing attacks
Public key infrastructure (PKI)
IP address packet filtering
43. A repository of historical data organized by subject to support decision makers in the org
The data owner
Detection defenses
Data warehouse
Gap analysis
44. Should PRIMARILY be based on regulatory and legal requirements.
Retention of business records
Trojan horse
Trusted source
Security code reviews for the entire software application
45. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Security risk
Consensus on risks and controls
Annual loss expectancy (ALE)calculations
Attributes and characteristics of the 'desired state'
46. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Notifications and opt-out provisions
Baseline standard and then develop additional standards
The information security officer
Data mart
47. Responsible for securing the information.
Support the business objectives of the organization
Script kiddie
Vulnerability assessment
The data custodian
48. Reducing risk to a level too small to measure is _______________.
Impractical and is often cost-prohibitive
Requirements of the data owners
Well-defined roles and responsibilities
Nondisclosure agreement (NDA)
49. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Safeguards over keys
The authentication process is broken
Skills inventory
Increase business value and confidence
50. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Regulatory compliance
SWOT analysis
Script kiddie
Safeguards over keys