SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Hacker
Baseline standard and then develop additional standards
Calculating the value of the information or asset
Penetration testing
2. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Hacker
Data warehouse
Tailgating
Multinational organization
3. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Malicious software and spyware
Transferred risk
Owner of the information asset
Notifications and opt-out provisions
4. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Worm
Security risk
Role-based access control
Gap analysis
5. Reducing risk to a level too small to measure is _______________.
Impractical and is often cost-prohibitive
Digital certificate
Strategic alignment of security with business objectives
Single sign-on (SSO) product
6. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Methodology used in the assessment
Total cost of ownership (TCO)
Negotiating a local version of the organization standards
Risk management and the requirements of the organization
7. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Service level agreements (SLAs)
Detection defenses
Risk appetite
Security code reviews for the entire software application
8. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Aligned with organizational goals
Safeguards over keys
Skills inventory
The database administrator
9. Risk should be reduced to a level that an organization _____________.
Examples of containment defenses
The board of directors and senior management
Its ability to reduce or eliminate business risks
Is willing to accept
10. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Methodology used in the assessment
Creation of a business continuity plan
Audit objectives
Digital signatures
11. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Intrusion detection system (IDS)
Well-defined roles and responsibilities
Consensus on risks and controls
Transferred risk
12. The best measure for preventing the unauthorized disclosure of confidential information.
Acceptable use policies
The information security officer
Digital certificate
Do with the information it collects
13. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Continuous monitoring control initiatives
include security responsibilities in a job description
Conduct a risk assessment
Phishing
14. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Tie security risks to key business objectives
Stress testing
Fault-tolerant computer
Role-based access control
15. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Risk management and the requirements of the organization
Certificate authority (CA)
Patch management
Internal risk assessment
16. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Do with the information it collects
Security code reviews for the entire software application
SWOT analysis
Monitoring processes
17. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
Nondisclosure agreement (NDA)
Alignment with business strategy
The authentication process is broken
Information contained on the equipment
18. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
The authentication process is broken
Key risk indicator (KRI) setup
Fault-tolerant computer
IP address packet filtering
19. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Data warehouse
Risk appetite
Identify the relevant systems and processes
Transferred risk
20. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
Conduct a risk assessment
Impractical and is often cost-prohibitive
Multinational organization
What happened and how the breach was resolved
21. A Successful risk management should lead to a ________________.
The data owner
Breakeven point of risk reduction and cost
Encryption key management
MAL wear
22. The job of the information security officer on a management team is to ___________________.
Tie security risks to key business objectives
Assess the risks to the business operation
Gap analysis
Consensus on risks and controls
23. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Overall organizational structure
Detection defenses
Patch management process
Lack of change management
24. ecurity design flaws require a ____________________.
Comparison of cost of achievement
Two-factor authentication
Deeper level of analysis
Gain unauthorized access to applications
25. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Role-based policy
Certificate authority (CA)
Comparison of cost of achievement
The authentication process is broken
26. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Spoofing attacks
Annual loss expectancy (ALE)calculations
Background checks of prospective employees
Normalization
27. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Trojan horse
Worm
Use of security metrics
28. Inject malformed input.
Power surge/over voltage (spike)
Access control matrix
Cross-site scripting attacks
Public key infrastructure (PKI)
29. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Encryption key management
Cost of control
Control effectiveness
Security risk
30. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Risk appetite
Defined objectives
Lack of change management
Logon banners
31. Program that hides within or looks like a legit program
Trojan horse
BIA (Business Impact Assessment
Calculating the value of the information or asset
Safeguards over keys
32. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Reduce risk to an acceptable level
Creation of a business continuity plan
Access control matrix
Annually or whenever there is a significant change
33. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
OBusiness case development
Properly aligned with business goals and objectives
Skills inventory
Reduce risk to an acceptable level
34. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Data mart
Data isolation
Malicious software and spyware
Performing a risk assessment
35. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Return on security investment (ROSI)
Resource dependency assessment
Spoofing attacks
Waterfall chart
36. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Residual risk
Virus
Digital certificate
Acceptable use policies
37. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Gap analysis
Penetration testing
Certificate authority (CA)
Encryption of the hard disks
38. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Notifications and opt-out provisions
Lack of change management
Access control matrix
Get senior management onboard
39. Useful but only with regard to specific technical skills.
Resource dependency assessment
Calculating the value of the information or asset
Proficiency testing
Comparison of cost of achievement
40. By definition are not previously known and therefore are undetectable.
0-day vulnerabilities
Total cost of ownership (TCO)
The awareness and agreement of the data subjects
Methodology used in the assessment
41. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
People
OBusiness case development
Data owners
Normalization
42. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
0-day vulnerabilities
Control risk
Platform security - intrusion detection and antivirus controls
Conduct a risk assessment
43. A function of the session keys distributed by the PKI.
Transmit e-mail messages
Confidentiality
Stress testing
The board of directors and senior management
44. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Control effectiveness
People
Properly aligned with business goals and objectives
Threat assessment
45. Utility program that detects and protects a personal computer from unauthorized intrusions
0-day vulnerabilities
The data owner
Patch management
Personal firewall
46. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Lack of change management
Identify the vulnerable systems and apply compensating controls
Risk appetite
Conduct a risk assessment
47. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
Encryption of the hard disks
Support the business objectives of the organization
Total cost of ownership (TCO)
Classification of assets needs
48. A notice that guarantees a user or a web site is legitimate
Virus detection
Fault-tolerant computer
Risk assessment - evaluation and impact analysis
Digital certificate
49. Company or person you believe will not send a virus-infect file knowingly
Is willing to accept
Continuous monitoring control initiatives
IP address packet filtering
Trusted source
50. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Comparison of cost of achievement
Hacker
Countermeasure cost-benefit analysis
People
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests