Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.






2. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.






3. To identify known vulnerabilities based on common misconfigurations and missing updates.






4. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.






5. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.






6. The information security manager needs to prioritize the controls based on ________________________.






7. Responsible for securing the information.






8. Useful but only with regard to specific technical skills.






9. Should be performed to identify the risk and determine needed controls.






10. Identification and _______________ of business risk enables project managers to address areas with most significance.






11. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.






12. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.






13. Occurs when the electrical supply drops






14. The best measure and will involve reviewing the entire source code to detect all instances of back doors.






15. All within the responsibility of the information security manager.






16. The job of the information security officer on a management team is to ___________________.






17. Should PRIMARILY be based on regulatory and legal requirements.






18. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.






19. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


20. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.






21. Whenever personal data are transferred across national boundaries; ________________________ are required.






22. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.






23. Information security governance models are highly dependent on the _____________________.






24. Awareness - training and physical security defenses.






25. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.






26. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.






27. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.






28. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e






29. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.






30. A key indicator of performance measurement.






31. The most important characteristic of good security policies is that they be ____________________.






32. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.






33. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.






34. A method for analyzing and reducing a relational database to its most streamlined form






35. The MOST useful way to describe the objectives in the information security strategy is through ______________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


36. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.






37. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree






38. The primary role of the information security manager in the process of information classification within the organization.






39. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.






40. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.






41. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.






42. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.






43. Reducing risk to a level too small to measure is _______________.






44. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but






45. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.






46. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the






47. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i






48. When defining the information classification policy - the ___________________ need to be identified.






49. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing






50. Provide metrics to which outsourcing firms can be held accountable.