Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.






2. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.






3. The most important characteristic of good security policies is that they be ____________________.






4. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing






5. Someone who uses the internet or network to destroy or damage computers for political reasons






6. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.






7. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.






8. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.






9. Should be determined from the risk assessment results.






10. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.






11. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations






12. A method for analyzing and reducing a relational database to its most streamlined form






13. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.






14. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm






15. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.






16. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


17. Should be performed to identify the risk and determine needed controls.






18. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .






19. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.






20. Program that hides within or looks like a legit program






21. Responsible for securing the information.






22. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.






23. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.






24. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.






25. When defining the information classification policy - the ___________________ need to be identified.






26. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance






27. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.






28. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.






29. A repository of historical data organized by subject to support decision makers in the org






30. Someone who accesses a computer or network illegally






31. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.






32. Oversees the overall classification management of the information.






33. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works






34. The PRIMARY goal in developing an information security strategy is to: _________________________.






35. Same intent as a cracker but does not have the technical skills and knowledge






36. Occurs when the incoming level






37. Provide metrics to which outsourcing firms can be held accountable.






38. Change management controls the _____________________. This is often the point at which a weakness will be introduced.






39. Should PRIMARILY be based on regulatory and legal requirements.






40. The primary role of the information security manager in the process of information classification within the organization.






41. Useful but only with regard to specific technical skills.






42. Risk should be reduced to a level that an organization _____________.






43. Ensures that there are no scalability problems.






44. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e






45. Focuses on identifying vulnerabilities.






46. A Successful risk management should lead to a ________________.






47. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information






48. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.






49. Needs to define the access rules - which is troublesome and error prone in large organizations.






50. The job of the information security officer on a management team is to ___________________.