SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Performing a risk assessment
All personnel
Decentralization
Comparison of cost of achievement
2. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Background checks of prospective employees
Reduce risk to an acceptable level
Acceptable use policies
Encryption of the hard disks
3. New security ulnerabilities should be managed through a ________________.
Encryption
Patch management process
Information security manager
Acceptable use policies
4. Computer that has duplicate components so it can continue to operate when one of its main components fail
Encryption
Safeguards over keys
Fault-tolerant computer
Public key infrastructure (PKI)
5. The PRIMARY goal in developing an information security strategy is to: _________________________.
Impractical and is often cost-prohibitive
Support the business objectives of the organization
Trojan horse
Intrusion detection system (IDS)
6. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Annually or whenever there is a significant change
Skills inventory
Process of introducing changes to systems
Creation of a business continuity plan
7. Culture has a significant impact on how information security will be implemented in a ______________________.
Risk management and the requirements of the organization
The balanced scorecard
OBusiness case development
Multinational organization
8. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Biometric access control systems
Vulnerability assessment
Virus
Two-factor authentication
9. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Background checks of prospective employees
Breakeven point of risk reduction and cost
Calculating the value of the information or asset
Deeper level of analysis
10. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
11. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
Performing a risk assessment
Defining and ratifying the classification structure of information assets
Risk appetite
Transferred risk
12. BEST option to improve accountability for a system administrator is to _____________________.
Inherent risk
Cracker
Risk appetite
include security responsibilities in a job description
13. Primarily reduce risk and are most effective for the protection of information assets.
Key controls
Personal firewall
Reduce risk to an acceptable level
The data custodian
14. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
The awareness and agreement of the data subjects
Conduct a risk assessment
Penetration testing
Support the business objectives of the organization
15. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Gain unauthorized access to applications
MAL wear
Certificate authority (CA)
Safeguards over keys
16. Risk should be reduced to a level that an organization _____________.
Use of security metrics
Data warehouse
Is willing to accept
Two-factor authentication
17. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
BIA (Business Impact Assessment
Owner of the information asset
Centralized structure
Exceptions to policy
18. Used to understand the flow of one process into another.
Stress testing
Requirements of the data owners
Data isolation
Waterfall chart
19. Provides process needs but not impact.
Resource dependency assessment
Process of introducing changes to systems
Requirements of the data owners
Detection defenses
20. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Control effectiveness
Protective switch covers
Patch management
Risk assessment - evaluation and impact analysis
21. S small warehouse - designed for the end-user needs in a strategic business unit
Developing an information security baseline
Data mart
Return on security investment (ROSI)
Role-based access control
22. Someone who uses the internet or network to destroy or damage computers for political reasons
Owner of the information asset
The data custodian
Cyber terrorist
Information contained on the equipment
23. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
Asset classification
Get senior management onboard
Properly aligned with business goals and objectives
Countermeasure cost-benefit analysis
24. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Transferred risk
Continuous analysis - monitoring and feedback
Cyber terrorist
Residual risk would be reduced by a greater amount
25. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Key risk indicator (KRI) setup
Alignment with business strategy
SWOT analysis
The authentication process is broken
26. Occurs when the electrical supply drops
Identify the relevant systems and processes
Annual loss expectancy (ALE)calculations
Deeper level of analysis
Undervoltage (brownout)
27. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Residual risk
Two-factor authentication
Retention of business records
Virus
28. A method for analyzing and reducing a relational database to its most streamlined form
Support the business objectives of the organization
Audit objectives
Normalization
Risk appetite
29. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Stress testing
SWOT analysis
Prioritization
Security risk
30. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Information security manager
Cost of control
Developing an information security baseline
The board of directors and senior management
31. Someone who accesses a computer or network illegally
Control effectiveness
Control risk
Monitoring processes
Hacker
32. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Monitoring processes
Residual risk would be reduced by a greater amount
Equal error rate (EER)
OBusiness case development
33. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Transmit e-mail messages
Identify the vulnerable systems and apply compensating controls
Attributes and characteristics of the 'desired state'
Centralization of information security management
34. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Phishing
Detection defenses
Baseline standard and then develop additional standards
Reduce risk to an acceptable level
35. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Cyber terrorist
Risk appetite
Malicious software and spyware
Security baselines
36. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Patch management
Background checks of prospective employees
People
Transmit e-mail messages
37. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Return on security investment (ROSI)
The board of directors and senior management
The data owner
Biometric access control systems
38. Occurs when the incoming level
Acceptable use policies
The information security officer
Properly aligned with business goals and objectives
Power surge/over voltage (spike)
39. Programs that act without a user's knowledge and deliberately alter a computer's operations
MAL wear
Control effectiveness
Normalization
Fault-tolerant computer
40. Reducing risk to a level too small to measure is _______________.
Impractical and is often cost-prohibitive
Trojan horse
Detection defenses
Classification of assets needs
41. Should be determined from the risk assessment results.
Audit objectives
Requirements of the data owners
Digital certificate
Control effectiveness
42. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Information contained on the equipment
Virus detection
Prioritization
Role-based access control
43. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Exceptions to policy
Lack of change management
Fault-tolerant computer
Access control matrix
44. The most important characteristic of good security policies is that they be ____________________.
Equal error rate (EER)
Developing an information security baseline
Monitoring processes
Aligned with organizational goals
45. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Risk appetite
Defined objectives
Security baselines
Baseline standard and then develop additional standards
46. Useful but only with regard to specific technical skills.
Tailgating
Digital signatures
Transmit e-mail messages
Proficiency testing
47. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Identify the relevant systems and processes
Residual risk would be reduced by a greater amount
Control effectiveness
Properly aligned with business goals and objectives
48. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
Script kiddie
Patch management
The authentication process is broken
Information security manager
49. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Methodology used in the assessment
OBusiness case development
Control effectiveness
Security code reviews for the entire software application
50. The primary role of the information security manager in the process of information classification within the organization.
Logon banners
Strategic alignment of security with business objectives
Certificate authority (CA)
Defining and ratifying the classification structure of information assets