Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.






2. Whenever personal data are transferred across national boundaries; ________________________ are required.






3. A method for analyzing and reducing a relational database to its most streamlined form






4. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works






5. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.






6. Someone who uses the internet or network to destroy or damage computers for political reasons






7. Only valid if assets have first been identified and appropriately valued.






8. Without _____________________ - there cannot be accountability.






9. Responsible for securing the information.






10. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network






11. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.






12. A function of the session keys distributed by the PKI.






13. A risk assessment should be conducted _________________.






14. All within the responsibility of the information security manager.






15. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.






16. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.






17. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process






18. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.






19. Uses security metrics to measure the performance of the information security program.






20. Computer that has duplicate components so it can continue to operate when one of its main components fail






21. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree






22. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.






23. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.






24. The job of the information security officer on a management team is to ___________________.






25. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the






26. The BEST justification to convince management to invest in an information security program is that doing so would _________________.






27. Awareness - training and physical security defenses.






28. Focuses on identifying vulnerabilities.






29. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.






30. Should be determined from the risk assessment results.






31. Utility program that detects and protects a personal computer from unauthorized intrusions






32. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.






33. By definition are not previously known and therefore are undetectable.






34. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'






35. It is more efficient to establish a ___________________for locations that must meet specific requirements.






36. Provides process needs but not impact.






37. Occurs when the incoming level






38. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


39. Would protect against spoofing an internal address but would not provide strong authentication.






40. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.






41. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing






42. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.






43. The best measure and will involve reviewing the entire source code to detect all instances of back doors.






44. New security ulnerabilities should be managed through a ________________.






45. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations






46. Risk should be reduced to a level that an organization _____________.






47. ecurity design flaws require a ____________________.






48. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.






49. Identification and _______________ of business risk enables project managers to address areas with most significance.






50. Occurs when the electrical supply drops







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests