SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Script kiddie
Support the business objectives of the organization
Asset classification
Security awareness training for all employees
2. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
What happened and how the breach was resolved
Key risk indicator (KRI) setup
Process of introducing changes to systems
Regulatory compliance
3. ecurity design flaws require a ____________________.
Security risk
Two-factor authentication
Identify the vulnerable systems and apply compensating controls
Deeper level of analysis
4. The data owner is responsible for _______________________.
Lack of change management
Methodology used in the assessment
Identify the vulnerable systems and apply compensating controls
Applying the proper classification to the data
5. Oversees the overall classification management of the information.
Examples of containment defenses
Continuous monitoring control initiatives
The information security officer
Role-based policy
6. provides the most effective protection of data on mobile devices.
Encryption
Information contained on the equipment
Protective switch covers
Identify the relevant systems and processes
7. Provide metrics to which outsourcing firms can be held accountable.
Internal risk assessment
Background check
Encryption
Service level agreements (SLAs)
8. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Normalization
Access control matrix
Data warehouse
Risk assessment - evaluation and impact analysis
9. The information security manager needs to prioritize the controls based on ________________________.
Risk assessment - evaluation and impact analysis
Risk management and the requirements of the organization
Well-defined roles and responsibilities
Internal risk assessment
10. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.
Transferred risk
Two-factor authentication
Regulatory compliance
Consensus on risks and controls
11. Cannot be minimized
Data classification
Increase business value and confidence
Inherent risk
Creation of a business continuity plan
12. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Knowledge management
Defining and ratifying the classification structure of information assets
Gain unauthorized access to applications
Waterfall chart
13. Utility program that detects and protects a personal computer from unauthorized intrusions
Personal firewall
Malicious software and spyware
Control effectiveness
Creation of a business continuity plan
14. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Single sign-on (SSO) product
Encryption key management
Retention of business records
Well-defined roles and responsibilities
15. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Resource dependency assessment
Information contained on the equipment
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Applying the proper classification to the data
16. Has to be integrated into the requirements of every software application's design.
Residual risk would be reduced by a greater amount
Owner of the information asset
Creation of a business continuity plan
Encryption key management
17. When the ________________ is more than the cost of the risk - the risk should be accepted.
Get senior management onboard
Malicious software and spyware
Cost of control
The database administrator
18. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Control effectiveness
Patch management process
Confidentiality
Do with the information it collects
19. Most effective for evaluating the degree to which information security objectives are being met.
Assess the risks to the business operation
The balanced scorecard
People
Its ability to reduce or eliminate business risks
20. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Total cost of ownership (TCO)
Risk management and the requirements of the organization
Baseline standard and then develop additional standards
Do with the information it collects
21. A function of the session keys distributed by the PKI.
Phishing
Support the business objectives of the organization
Owner of the information asset
Confidentiality
22. Carries out the technical administration.
The database administrator
Waterfall chart
The board of directors and senior management
Nondisclosure agreement (NDA)
23. Someone who accesses a computer or network illegally
Developing an information security baseline
Defining high-level business security requirements
Hacker
Security baselines
24. Would protect against spoofing an internal address but would not provide strong authentication.
Notifications and opt-out provisions
IP address packet filtering
Properly aligned with business goals and objectives
Security awareness training for all employees
25. The primary role of the information security manager in the process of information classification within the organization.
Notifications and opt-out provisions
Resource dependency assessment
Developing an information security baseline
Defining and ratifying the classification structure of information assets
26. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Worm
OBusiness case development
Owner of the information asset
Encryption key management
27. An information security manager has to impress upon the human resources department the need for _____________________.
Security awareness training for all employees
Patch management
What happened and how the breach was resolved
Safeguards over keys
28. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
The data custodian
The information security officer
Key risk indicator (KRI) setup
Developing an information security baseline
29. Whenever personal data are transferred across national boundaries; ________________________ are required.
Inherent risk
The awareness and agreement of the data subjects
Creation of a business continuity plan
Personal firewall
30. A repository of historical data organized by subject to support decision makers in the org
Assess the risks to the business operation
Multinational organization
OBusiness case development
Data warehouse
31. To identify known vulnerabilities based on common misconfigurations and missing updates.
Information contained on the equipment
Penetration testing
A network vulnerability assessment
Undervoltage (brownout)
32. Provides strong online authentication.
Cost of control
Identify the vulnerable systems and apply compensating controls
Public key infrastructure (PKI)
The authentication process is broken
33. Information security governance models are highly dependent on the _____________________.
Security baselines
Overall organizational structure
Alignment with business strategy
Protective switch covers
34. BEST option to improve accountability for a system administrator is to _____________________.
Audit objectives
include security responsibilities in a job description
Cyber extortionist
Centralized structure
35. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Reduce risk to an acceptable level
Gap analysis
Encryption
Security awareness training for all employees
36. Useful but only with regard to specific technical skills.
Assess the risks to the business operation
Proficiency testing
Background checks of prospective employees
Stress testing
37. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
OBusiness case development
Platform security - intrusion detection and antivirus controls
Transferred risk
Gain unauthorized access to applications
38. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Cyber extortionist
Platform security - intrusion detection and antivirus controls
Process of introducing changes to systems
Phishing
39. Same intent as a cracker but does not have the technical skills and knowledge
Script kiddie
MAL wear
Data isolation
Defined objectives
40. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Logon banners
Proficiency testing
Security code reviews for the entire software application
Single sign-on (SSO) product
41. A notice that guarantees a user or a web site is legitimate
Gain unauthorized access to applications
Digital certificate
All personnel
Creation of a business continuity plan
42. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Skills inventory
Security risk
Phishing
Decentralization
43. A Successful risk management should lead to a ________________.
OBusiness case development
Risk management and the requirements of the organization
Breakeven point of risk reduction and cost
Phishing
44. A key indicator of performance measurement.
Strategic alignment of security with business objectives
Decentralization
People
Performing a risk assessment
45. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
0-day vulnerabilities
Well-defined roles and responsibilities
Logon banners
Calculating the value of the information or asset
46. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Tie security risks to key business objectives
Encryption
Encryption key management
Regulatory compliance
47. The MOST important element of an information security strategy.
Defined objectives
Patch management process
Undervoltage (brownout)
Detection defenses
48. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
SWOT analysis
Confidentiality
Increase business value and confidence
Control effectiveness
49. A risk assessment should be conducted _________________.
Background checks of prospective employees
Annually or whenever there is a significant change
Defining high-level business security requirements
Annual loss expectancy (ALE)calculations
50. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Overall organizational structure
Do with the information it collects
Use of security metrics
Consensus on risks and controls
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests
