SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Encryption key management
Certificate authority (CA)
Properly aligned with business goals and objectives
Cyber extortionist
2. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Encryption key management
Security risk
Cracker
Control risk
3. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Cost of control
The balanced scorecard
Safeguards over keys
Key risk indicator (KRI) setup
4. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Undervoltage (brownout)
Intrusion detection system (IDS)
Cross-site scripting attacks
Total cost of ownership (TCO)
5. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Service level agreements (SLAs)
Access control matrix
Regular review of access control lists
Aligned with organizational goals
6. Primarily reduce risk and are most effective for the protection of information assets.
Cross-site scripting attacks
Support the business objectives of the organization
Public key infrastructure (PKI)
Key controls
7. Accesses a computer or network illegally
Resource dependency assessment
Residual risk would be reduced by a greater amount
Encryption key management
Cracker
8. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Defining and ratifying the classification structure of information assets
Notifications and opt-out provisions
Rule-based access control
Consensus on risks and controls
9. Useful but only with regard to specific technical skills.
Proficiency testing
Increase business value and confidence
Cracker
Acceptable use policies
10. When defining the information classification policy - the ___________________ need to be identified.
Intrusion detection system (IDS)
Skills inventory
Examples of containment defenses
Requirements of the data owners
11. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Data owners
Cost of control
Increase business value and confidence
Security risk
12. Responsible for securing the information.
The data custodian
Encryption key management
Power surge/over voltage (spike)
Cyber extortionist
13. Identification and _______________ of business risk enables project managers to address areas with most significance.
Developing an information security baseline
Prioritization
Alignment with business strategy
BIA (Business Impact Assessment
14. S small warehouse - designed for the end-user needs in a strategic business unit
Knowledge management
Attributes and characteristics of the 'desired state'
Data mart
Platform security - intrusion detection and antivirus controls
15. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Cracker
Performing a risk assessment
Script kiddie
Trusted source
16. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
What happened and how the breach was resolved
Data classification
Transferred risk
Strategic alignment of security with business objectives
17. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Exceptions to policy
Biometric access control systems
Malicious software and spyware
What happened and how the breach was resolved
18. ecurity design flaws require a ____________________.
Deeper level of analysis
Regular review of access control lists
The board of directors and senior management
Gap analysis
19. Only valid if assets have first been identified and appropriately valued.
Decentralization
Cross-site scripting attacks
Annual loss expectancy (ALE)calculations
Gap analysis
20. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
21. Has to be integrated into the requirements of every software application's design.
Rule-based access control
Tie security risks to key business objectives
Equal error rate (EER)
Encryption key management
22. Awareness - training and physical security defenses.
Centralization of information security management
Creation of a business continuity plan
Access control matrix
Examples of containment defenses
23. The PRIMARY goal in developing an information security strategy is to: _________________________.
Confidentiality
Cyber extortionist
Inherent risk
Support the business objectives of the organization
24. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Digital certificate
Nondisclosure agreement (NDA)
Patch management
Conduct a risk assessment
25. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Nondisclosure agreement (NDA)
Internal risk assessment
Overall organizational structure
Annual loss expectancy (ALE)calculations
26. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Safeguards over keys
Lack of change management
Knowledge management
Defining high-level business security requirements
27. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Owner of the information asset
Malicious software and spyware
Residual risk
Use of security metrics
28. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Gap analysis
Stress testing
Assess the risks to the business operation
Fault-tolerant computer
29. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Defining and ratifying the classification structure of information assets
Owner of the information asset
Consensus on risks and controls
Process of introducing changes to systems
30. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Asset classification
Developing an information security baseline
Threat assessment
Patch management process
31. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Role-based access control
Attributes and characteristics of the 'desired state'
0-day vulnerabilities
Transmit e-mail messages
32. Programs that act without a user's knowledge and deliberately alter a computer's operations
Regular review of access control lists
Safeguards over keys
Strategic alignment of security with business objectives
MAL wear
33. The most important characteristic of good security policies is that they be ____________________.
Classification of assets needs
Two-factor authentication
Aligned with organizational goals
Information contained on the equipment
34. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Penetration testing
BIA (Business Impact Assessment
People
Access control matrix
35. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Penetration testing
Biometric access control systems
Tie security risks to key business objectives
Virus
36. Ensures that there are no scalability problems.
Encryption
Methodology used in the assessment
Stress testing
Digital signatures
37. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
38. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Alignment with business strategy
Methodology used in the assessment
Reduce risk to an acceptable level
Penetration testing
39. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Alignment with business strategy
Trusted source
Service level agreements (SLAs)
Applying the proper classification to the data
40. Occurs after the risk assessment process - it does not measure it.
Risk assessment - evaluation and impact analysis
Use of security metrics
Overall organizational structure
Return on security investment (ROSI)
41. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Access control matrix
Waterfall chart
Process of introducing changes to systems
Stress testing
42. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Data warehouse
Developing an information security baseline
Centralization of information security management
The awareness and agreement of the data subjects
43. Company or person you believe will not send a virus-infect file knowingly
Regular review of access control lists
Trusted source
Deeper level of analysis
Background check
44. Uses security metrics to measure the performance of the information security program.
Defining and ratifying the classification structure of information assets
Is willing to accept
Baseline standard and then develop additional standards
Information security manager
45. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Asset classification
Biometric access control systems
Cyber terrorist
Defining high-level business security requirements
46. Provides strong online authentication.
Public key infrastructure (PKI)
The balanced scorecard
Use of security metrics
Spoofing attacks
47. Has full responsibility over data.
The data owner
include security responsibilities in a job description
Consensus on risks and controls
Encryption of the hard disks
48. Without _____________________ - there cannot be accountability.
Well-defined roles and responsibilities
People
Prioritization
The board of directors and senior management
49. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Cyber terrorist
Creation of a business continuity plan
Confidentiality
Security code reviews for the entire software application
50. Inject malformed input.
Cross-site scripting attacks
Creation of a business continuity plan
Monitoring processes
Requirements of the data owners
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests