Test your basic knowledge |

CISM: Certified Information Security Manager

Subjects : certifications, cism, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Reduce risk to an acceptable level
Protective switch covers
Calculating the value of the information or asset
Virus

2. The PRIMARY goal in developing an information security strategy is to: _________________________.
Data warehouse
Baseline standard and then develop additional standards
Support the business objectives of the organization
Applying the proper classification to the data

3. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Spoofing attacks
Detection defenses
Background checks of prospective employees
Do with the information it collects

4. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.
Transmit e-mail messages
Regulatory compliance
Consensus on risks and controls
Alignment with business strategy

5. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
The authentication process is broken
Risk appetite
MAL wear
Annually or whenever there is a significant change

6. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Retention of business records
Negotiating a local version of the organization standards
Cyber extortionist
Decentralization

7. Provide metrics to which outsourcing firms can be held accountable.
Service level agreements (SLAs)
Trusted source
Rule-based access control
Assess the risks to the business operation

8. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Properly aligned with business goals and objectives
Information security manager
Regular review of access control lists
Virus detection

9. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
0-day vulnerabilities
The authentication process is broken
Information contained on the equipment
Residual risk would be reduced by a greater amount

10. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Security code reviews for the entire software application
Transferred risk
Encryption of the hard disks
Its ability to reduce or eliminate business risks

11. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Penetration testing
Encryption of the hard disks
Increase business value and confidence
Normalization

12. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Examples of containment defenses
Phishing
Do with the information it collects
Security risk

13. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Information security manager
Breakeven point of risk reduction and cost
Biometric access control systems
Knowledge management

14. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Transmit e-mail messages
Logon banners
Role-based policy
Assess the risks to the business operation

15. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
IP address packet filtering
Tie security risks to key business objectives
MAL wear
Defining high-level business security requirements

16. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Conduct a risk assessment
Encryption of the hard disks
Lack of change management
What happened and how the breach was resolved

17. A Successful risk management should lead to a ________________.
Security baselines
Knowledge management
Applying the proper classification to the data
Breakeven point of risk reduction and cost

18. When defining the information classification policy - the ___________________ need to be identified.
Requirements of the data owners
Do with the information it collects
Calculating the value of the information or asset
Regular review of access control lists

19. An information security manager has to impress upon the human resources department the need for _____________________.
Security awareness training for all employees
Power surge/over voltage (spike)
Platform security - intrusion detection and antivirus controls
Malicious software and spyware

20. provides the most effective protection of data on mobile devices.
Encryption
The data custodian
Continuous monitoring control initiatives
Identify the vulnerable systems and apply compensating controls

21. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Role-based policy
Undervoltage (brownout)
Transmit e-mail messages
Multinational organization

22. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Tailgating
Penetration testing
Worm
Knowledge management

23. Occurs when the incoming level
Virus
Total cost of ownership (TCO)
Power surge/over voltage (spike)
Multinational organization

24. Accesses a computer or network illegally
Performing a risk assessment
Encryption
Residual risk
Cracker

25. Only valid if assets have first been identified and appropriately valued.
Defined objectives
Trojan horse
Single sign-on (SSO) product
Annual loss expectancy (ALE)calculations

26. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
Encryption of the hard disks
Notifications and opt-out provisions
Increase business value and confidence
Hacker

27. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
All personnel
Phishing
Control effectiveness
Classification of assets needs

28. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Data isolation
Control effectiveness
include security responsibilities in a job description
Creation of a business continuity plan

29. To identify known vulnerabilities based on common misconfigurations and missing updates.
A network vulnerability assessment
Acceptable use policies
Protective switch covers
Knowledge management

30. Should be a standard requirement for the service provider.
Worm
Background check
Control risk
Role-based access control

31. Computer that has duplicate components so it can continue to operate when one of its main components fail
Script kiddie
All personnel
Fault-tolerant computer
Background check

32. A repository of historical data organized by subject to support decision makers in the org
Stress testing
Personal firewall
Data warehouse
Protective switch covers

33. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Public key infrastructure (PKI)
Single sign-on (SSO) product
Logon banners
Methodology used in the assessment

34. Reducing risk to a level too small to measure is _______________.
Regulatory compliance
Impractical and is often cost-prohibitive
Risk appetite
Cracker

35. Culture has a significant impact on how information security will be implemented in a ______________________.
Multinational organization
Cyber terrorist
Continuous analysis - monitoring and feedback
Baseline standard and then develop additional standards

36. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Identify the vulnerable systems and apply compensating controls
Confidentiality
Hacker
Process of introducing changes to systems

37. A method for analyzing and reducing a relational database to its most streamlined form
Hacker
The database administrator
Control risk
Normalization

38. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Undervoltage (brownout)
Owner of the information asset
Gain unauthorized access to applications
Key risk indicator (KRI) setup

39. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Undervoltage (brownout)
Baseline standard and then develop additional standards
Background check
Regulatory compliance

40. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Gain unauthorized access to applications
Data owners
Consensus on risks and controls
Role-based access control

41. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Deeper level of analysis
The balanced scorecard
Decentralization
Background checks of prospective employees

42. Focuses on identifying vulnerabilities.
Virus
SWOT analysis
Penetration testing
Aligned with organizational goals

43. Same intent as a cracker but does not have the technical skills and knowledge
Baseline standard and then develop additional standards
Requirements of the data owners
Consensus on risks and controls
Script kiddie

44. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Script kiddie
Properly aligned with business goals and objectives
SWOT analysis
Protective switch covers

45. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Access control matrix
Phishing
The balanced scorecard
Calculating the value of the information or asset

46. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Asset classification
Defining high-level business security requirements
SWOT analysis
The data owner

47. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Single sign-on (SSO) product
Confidentiality
Audit objectives
Cost of control

48. Primarily reduce risk and are most effective for the protection of information assets.
IP address packet filtering
Key controls
Defining high-level business security requirements
A network vulnerability assessment

49. Whenever personal data are transferred across national boundaries; ________________________ are required.
Spoofing attacks
Threat assessment
Vulnerability assessment
The awareness and agreement of the data subjects

50. Awareness - training and physical security defenses.
Examples of containment defenses
Regulatory compliance
Identify the relevant systems and processes
MAL wear

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISM: Certified Information Security Manager

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests