SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Same intent as a cracker but does not have the technical skills and knowledge
Patch management
Centralized structure
include security responsibilities in a job description
Script kiddie
2. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
BIA (Business Impact Assessment
Power surge/over voltage (spike)
Continuous analysis - monitoring and feedback
Normalization
3. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Security baselines
Lack of change management
Calculating the value of the information or asset
The data custodian
4. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Cost of control
Continuous monitoring control initiatives
Intrusion detection system (IDS)
Alignment with business strategy
5. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
6. The information security manager needs to prioritize the controls based on ________________________.
Risk management and the requirements of the organization
Developing an information security baseline
Annual loss expectancy (ALE)calculations
All personnel
7. Culture has a significant impact on how information security will be implemented in a ______________________.
Multinational organization
OBusiness case development
Breakeven point of risk reduction and cost
Properly aligned with business goals and objectives
8. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Prioritization
Phishing
Security baselines
Threat assessment
9. Reducing risk to a level too small to measure is _______________.
Impractical and is often cost-prohibitive
Negotiating a local version of the organization standards
All personnel
Digital certificate
10. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Threat assessment
Security awareness training for all employees
Trusted source
Role-based access control
11. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Impractical and is often cost-prohibitive
Identify the relevant systems and processes
The data owner
Stress testing
12. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
The data owner
Key risk indicator (KRI) setup
MAL wear
Process of introducing changes to systems
13. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Reduce risk to an acceptable level
Examples of containment defenses
Nondisclosure agreement (NDA)
Encryption
14. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Its ability to reduce or eliminate business risks
Spoofing attacks
Worm
Transferred risk
15. The PRIMARY goal in developing an information security strategy is to: _________________________.
Confidentiality
Support the business objectives of the organization
Breakeven point of risk reduction and cost
Cracker
16. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Countermeasure cost-benefit analysis
Logon banners
Residual risk
Requirements of the data owners
17. Identification and _______________ of business risk enables project managers to address areas with most significance.
Asset classification
Prioritization
Defining and ratifying the classification structure of information assets
Return on security investment (ROSI)
18. Applications cannot access data associated with other apps
Data isolation
include security responsibilities in a job description
Cost of control
0-day vulnerabilities
19. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Virus detection
Intrusion detection system (IDS)
Negotiating a local version of the organization standards
Methodology used in the assessment
20. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
IP address packet filtering
Get senior management onboard
Identify the relevant systems and processes
Prioritization
21. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Compliance with the organization's information security requirements
The board of directors and senior management
Encryption
Information security manager
22. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Retention of business records
What happened and how the breach was resolved
Performing a risk assessment
Knowledge management
23. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Regular review of access control lists
Security code reviews for the entire software application
Defining high-level business security requirements
Properly aligned with business goals and objectives
24. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Countermeasure cost-benefit analysis
Monitoring processes
Control risk
Cyber terrorist
25. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Equal error rate (EER)
Applying the proper classification to the data
Identify the vulnerable systems and apply compensating controls
Aligned with organizational goals
26. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Creation of a business continuity plan
Properly aligned with business goals and objectives
Safeguards over keys
Digital certificate
27. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Proficiency testing
Residual risk
Alignment with business strategy
Continuous monitoring control initiatives
28. Accesses a computer or network illegally
Cracker
Increase business value and confidence
Its ability to reduce or eliminate business risks
Developing an information security baseline
29. The job of the information security officer on a management team is to ___________________.
Normalization
Security awareness training for all employees
The balanced scorecard
Assess the risks to the business operation
30. Oversees the overall classification management of the information.
Data warehouse
The information security officer
Tailgating
Stress testing
31. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Detection defenses
Retention of business records
Virus detection
Reduce risk to an acceptable level
32. Normally addressed through antivirus and antispyware policies.
Do with the information it collects
MAL wear
Malicious software and spyware
Its ability to reduce or eliminate business risks
33. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Conduct a risk assessment
Regulatory compliance
Access control matrix
Performing a risk assessment
34. The MOST important element of an information security strategy.
Transmit e-mail messages
Defined objectives
Waterfall chart
Tailgating
35. Provides process needs but not impact.
People
Spoofing attacks
Knowledge management
Resource dependency assessment
36. ecurity design flaws require a ____________________.
Deeper level of analysis
Security code reviews for the entire software application
MAL wear
Audit objectives
37. Needs to define the access rules - which is troublesome and error prone in large organizations.
Prioritization
Rule-based access control
Stress testing
Data isolation
38. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Safeguards over keys
Digital signatures
Impractical and is often cost-prohibitive
Inherent risk
39. Risk should be reduced to a level that an organization _____________.
Is willing to accept
Monitoring processes
Stress testing
Compliance with the organization's information security requirements
40. The primary role of the information security manager in the process of information classification within the organization.
Defining and ratifying the classification structure of information assets
Total cost of ownership (TCO)
Continuous analysis - monitoring and feedback
Trojan horse
41. Most effective for evaluating the degree to which information security objectives are being met.
Resource dependency assessment
The balanced scorecard
Annually or whenever there is a significant change
Comparison of cost of achievement
42. By definition are not previously known and therefore are undetectable.
0-day vulnerabilities
Risk assessment - evaluation and impact analysis
Negotiating a local version of the organization standards
Security code reviews for the entire software application
43. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Control effectiveness
Risk appetite
Regular review of access control lists
Strategic alignment of security with business objectives
44. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.
Alignment with business strategy
Risk appetite
Its ability to reduce or eliminate business risks
Countermeasure cost-benefit analysis
45. Has full responsibility over data.
The data owner
Safeguards over keys
Residual risk
Fault-tolerant computer
46. New security ulnerabilities should be managed through a ________________.
Patch management process
Key controls
The data custodian
Internal risk assessment
47. Provides strong online authentication.
Public key infrastructure (PKI)
Tailgating
Security risk
Penetration testing
48. Should be a standard requirement for the service provider.
Countermeasure cost-benefit analysis
Knowledge management
Background check
Do with the information it collects
49. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Digital signatures
The information security officer
Script kiddie
Monitoring processes
50. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Security risk
Digital signatures
Return on security investment (ROSI)