SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Conduct a risk assessment
Security code reviews for the entire software application
OBusiness case development
Cyber terrorist
2. Utility program that detects and protects a personal computer from unauthorized intrusions
Calculating the value of the information or asset
People
Personal firewall
Digital signatures
3. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Residual risk would be reduced by a greater amount
include security responsibilities in a job description
Data isolation
Security code reviews for the entire software application
4. provides the most effective protection of data on mobile devices.
Encryption
Trusted source
Intrusion detection system (IDS)
Do with the information it collects
5. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Data mart
Conduct a risk assessment
Calculating the value of the information or asset
Regular review of access control lists
6. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Inherent risk
Control effectiveness
BIA (Business Impact Assessment
Risk assessment - evaluation and impact analysis
7. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Acceptable use policies
Spoofing attacks
Access control matrix
Consensus on risks and controls
8. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Is willing to accept
Control effectiveness
The data owner
Internal risk assessment
9. Normally addressed through antivirus and antispyware policies.
Malicious software and spyware
Assess the risks to the business operation
Cyber terrorist
Do with the information it collects
10. Computer that has duplicate components so it can continue to operate when one of its main components fail
Trojan horse
Biometric access control systems
Fault-tolerant computer
Asset classification
11. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Access control matrix
Well-defined roles and responsibilities
SWOT analysis
Single sign-on (SSO) product
12. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Centralization of information security management
Inherent risk
Assess the risks to the business operation
Vulnerability assessment
13. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Trusted source
Role-based access control
Spoofing attacks
Nondisclosure agreement (NDA)
14. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Control risk
Encryption of the hard disks
Attributes and characteristics of the 'desired state'
Script kiddie
15. A Successful risk management should lead to a ________________.
Spoofing attacks
Annual loss expectancy (ALE)calculations
Breakeven point of risk reduction and cost
Two-factor authentication
16. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Background checks of prospective employees
The data custodian
Total cost of ownership (TCO)
Inherent risk
17. By definition are not previously known and therefore are undetectable.
Nondisclosure agreement (NDA)
0-day vulnerabilities
MAL wear
Centralization of information security management
18. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Security awareness training for all employees
Baseline standard and then develop additional standards
Asset classification
Centralized structure
19. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Malicious software and spyware
Detection defenses
Cyber extortionist
include security responsibilities in a job description
20. A notice that guarantees a user or a web site is legitimate
BIA (Business Impact Assessment
Aligned with organizational goals
IP address packet filtering
Digital certificate
21. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Digital certificate
BIA (Business Impact Assessment
Phishing
Role-based policy
22. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
Resource dependency assessment
The balanced scorecard
Strategic alignment of security with business objectives
What happened and how the breach was resolved
23. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
24. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Methodology used in the assessment
Residual risk
Key controls
Regulatory compliance
25. Most effective for evaluating the degree to which information security objectives are being met.
Impractical and is often cost-prohibitive
The balanced scorecard
Cyber extortionist
Digital certificate
26. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
IP address packet filtering
Baseline standard and then develop additional standards
Tie security risks to key business objectives
Background checks of prospective employees
27. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
Role-based access control
Digital certificate
Background check
The authentication process is broken
28. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Negotiating a local version of the organization standards
Patch management
Certificate authority (CA)
Encryption key management
29. Risk should be reduced to a level that an organization _____________.
Examples of containment defenses
Is willing to accept
Negotiating a local version of the organization standards
Threat assessment
30. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Regular review of access control lists
Information contained on the equipment
Process of introducing changes to systems
Threat assessment
31. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
Logon banners
All personnel
Hacker
Negotiating a local version of the organization standards
32. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
The data custodian
Impractical and is often cost-prohibitive
Regulatory compliance
Identify the relevant systems and processes
33. Ensures that there are no scalability problems.
Stress testing
Retention of business records
OBusiness case development
Creation of a business continuity plan
34. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
The authentication process is broken
Continuous analysis - monitoring and feedback
Total cost of ownership (TCO)
Malicious software and spyware
35. Occurs when the incoming level
Script kiddie
Classification of assets needs
Lack of change management
Power surge/over voltage (spike)
36. The job of the information security officer on a management team is to ___________________.
Assess the risks to the business operation
Lack of change management
Information contained on the equipment
Internal risk assessment
37. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Threat assessment
Cracker
The authentication process is broken
The data custodian
38. Accesses a computer or network illegally
Biometric access control systems
The data custodian
Encryption key management
Cracker
39. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Retention of business records
Well-defined roles and responsibilities
Regular review of access control lists
Virus detection
40. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
The database administrator
Compliance with the organization's information security requirements
Background check
Intrusion detection system (IDS)
41. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Skills inventory
Overall organizational structure
The information security officer
Increase business value and confidence
42. Awareness - training and physical security defenses.
Increase business value and confidence
Patch management process
Inherent risk
Examples of containment defenses
43. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Platform security - intrusion detection and antivirus controls
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Virus detection
Acceptable use policies
44. Program that hides within or looks like a legit program
Continuous analysis - monitoring and feedback
Certificate authority (CA)
Trojan horse
Internal risk assessment
45. Should be performed to identify the risk and determine needed controls.
Encryption
Threat assessment
SWOT analysis
Internal risk assessment
46. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Biometric access control systems
The authentication process is broken
Return on security investment (ROSI)
Background check
47. Responsible for securing the information.
The data custodian
Role-based access control
Risk management and the requirements of the organization
Increase business value and confidence
48. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
The database administrator
Normalization
Creation of a business continuity plan
Skills inventory
49. The MOST important element of an information security strategy.
Equal error rate (EER)
Total cost of ownership (TCO)
Digital certificate
Defined objectives
50. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Encryption of the hard disks
Confidentiality
Defined objectives
Knowledge management