SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
The authentication process is broken
Security risk
The balanced scorecard
Security baselines
2. Most effective for evaluating the degree to which information security objectives are being met.
The balanced scorecard
Process of introducing changes to systems
Key controls
Key risk indicator (KRI) setup
3. By definition are not previously known and therefore are undetectable.
Hacker
0-day vulnerabilities
Background checks of prospective employees
Data isolation
4. Should PRIMARILY be based on regulatory and legal requirements.
Is willing to accept
Transmit e-mail messages
Defined objectives
Retention of business records
5. Information security governance models are highly dependent on the _____________________.
Overall organizational structure
Consensus on risks and controls
Cyber terrorist
Logon banners
6. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Asset classification
Security risk
The database administrator
SWOT analysis
7. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Worm
Baseline standard and then develop additional standards
Detection defenses
Centralization of information security management
8. Inject malformed input.
Stress testing
Alignment with business strategy
Cross-site scripting attacks
The data custodian
9. Identification and _______________ of business risk enables project managers to address areas with most significance.
Prioritization
Digital signatures
Background checks of prospective employees
The database administrator
10. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Properly aligned with business goals and objectives
Digital certificate
Stress testing
Reduce risk to an acceptable level
11. Accesses a computer or network illegally
Cross-site scripting attacks
Cracker
Confidentiality
Knowledge management
12. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Protective switch covers
Assess the risks to the business operation
Exceptions to policy
Public key infrastructure (PKI)
13. A Successful risk management should lead to a ________________.
Annually or whenever there is a significant change
Continuous monitoring control initiatives
Prioritization
Breakeven point of risk reduction and cost
14. Whenever personal data are transferred across national boundaries; ________________________ are required.
Defining and ratifying the classification structure of information assets
Tailgating
Stress testing
The awareness and agreement of the data subjects
15. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Annually or whenever there is a significant change
Inherent risk
Tailgating
Alignment with business strategy
16. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Assess the risks to the business operation
Process of introducing changes to systems
Spoofing attacks
Performing a risk assessment
17. Without _____________________ - there cannot be accountability.
Malicious software and spyware
Well-defined roles and responsibilities
Patch management
Transferred risk
18. ecurity design flaws require a ____________________.
Biometric access control systems
Negotiating a local version of the organization standards
Deeper level of analysis
Encryption of the hard disks
19. Computer that has duplicate components so it can continue to operate when one of its main components fail
Phishing
Fault-tolerant computer
Defining and ratifying the classification structure of information assets
Annually or whenever there is a significant change
20. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Tailgating
Defining and ratifying the classification structure of information assets
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Single sign-on (SSO) product
21. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Requirements of the data owners
Defining high-level business security requirements
Key risk indicator (KRI) setup
Residual risk
22. Needs to define the access rules - which is troublesome and error prone in large organizations.
Rule-based access control
Role-based access control
Safeguards over keys
Encryption
23. Focuses on identifying vulnerabilities.
Creation of a business continuity plan
Penetration testing
Impractical and is often cost-prohibitive
Owner of the information asset
24. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Cyber extortionist
The information security officer
Confidentiality
Regular review of access control lists
25. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Comparison of cost of achievement
Power surge/over voltage (spike)
Information security manager
Identify the relevant systems and processes
26. A key indicator of performance measurement.
Transferred risk
Waterfall chart
Strategic alignment of security with business objectives
Cost of control
27. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
The information security officer
The authentication process is broken
People
Cryptographic secure sockets layer (SSL) implementations and short key lengths
28. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Classification of assets needs
Residual risk would be reduced by a greater amount
Use of security metrics
Vulnerability assessment
29. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Do with the information it collects
Support the business objectives of the organization
Phishing
Transmit e-mail messages
30. Risk should be reduced to a level that an organization _____________.
Asset classification
Is willing to accept
Alignment with business strategy
Risk management and the requirements of the organization
31. The best measure for preventing the unauthorized disclosure of confidential information.
Support the business objectives of the organization
Centralization of information security management
Risk assessment - evaluation and impact analysis
Acceptable use policies
32. All within the responsibility of the information security manager.
Attributes and characteristics of the 'desired state'
Platform security - intrusion detection and antivirus controls
Access control matrix
Identify the relevant systems and processes
33. Would protect against spoofing an internal address but would not provide strong authentication.
Overall organizational structure
Patch management
IP address packet filtering
Increase business value and confidence
34. The data owner is responsible for _______________________.
Applying the proper classification to the data
Overall organizational structure
Single sign-on (SSO) product
Identify the relevant systems and processes
35. The MOST important element of an information security strategy.
Defined objectives
Worm
MAL wear
People
36. Company or person you believe will not send a virus-infect file knowingly
Malicious software and spyware
Breakeven point of risk reduction and cost
Logon banners
Trusted source
37. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
The awareness and agreement of the data subjects
Biometric access control systems
Identify the vulnerable systems and apply compensating controls
Exceptions to policy
38. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Control effectiveness
Centralization of information security management
Overall organizational structure
Gap analysis
39. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Virus
Malicious software and spyware
Safeguards over keys
Fault-tolerant computer
40. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Encryption of the hard disks
Baseline standard and then develop additional standards
Control risk
Classification of assets needs
41. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
Regular review of access control lists
Negotiating a local version of the organization standards
Security awareness training for all employees
OBusiness case development
42. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Defined objectives
Calculating the value of the information or asset
Owner of the information asset
Digital signatures
43. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Notifications and opt-out provisions
Script kiddie
Monitoring processes
The database administrator
44. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
MAL wear
Intrusion detection system (IDS)
Annually or whenever there is a significant change
Undervoltage (brownout)
45. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Digital signatures
Virus
Its ability to reduce or eliminate business risks
Cost of control
46. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Role-based access control
Patch management
Intrusion detection system (IDS)
Gap analysis
47. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Performing a risk assessment
Phishing
Return on security investment (ROSI)
Comparison of cost of achievement
48. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Encryption key management
Access control matrix
Certificate authority (CA)
Vulnerability assessment
49. Occurs when the incoming level
Key controls
Continuous monitoring control initiatives
Data classification
Power surge/over voltage (spike)
50. Should be performed to identify the risk and determine needed controls.
Gain unauthorized access to applications
Worm
Threat assessment
Internal risk assessment