SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Well-defined roles and responsibilities
Continuous analysis - monitoring and feedback
SWOT analysis
Certificate authority (CA)
2. Whenever personal data are transferred across national boundaries; ________________________ are required.
Security risk
Worm
The awareness and agreement of the data subjects
Intrusion detection system (IDS)
3. A method for analyzing and reducing a relational database to its most streamlined form
Residual risk would be reduced by a greater amount
Virus detection
Normalization
Tie security risks to key business objectives
4. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Skills inventory
The data custodian
Virus
Consensus on risks and controls
5. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Intrusion detection system (IDS)
Normalization
Applying the proper classification to the data
Role-based policy
6. Someone who uses the internet or network to destroy or damage computers for political reasons
Cyber terrorist
Alignment with business strategy
Exceptions to policy
Cyber extortionist
7. Only valid if assets have first been identified and appropriately valued.
Security baselines
Data mart
Protective switch covers
Annual loss expectancy (ALE)calculations
8. Without _____________________ - there cannot be accountability.
Internal risk assessment
Support the business objectives of the organization
Well-defined roles and responsibilities
Safeguards over keys
9. Responsible for securing the information.
The data custodian
Asset classification
Worm
Multinational organization
10. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Encryption key management
Worm
Gain unauthorized access to applications
Strategic alignment of security with business objectives
11. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Vulnerability assessment
Audit objectives
Identify the vulnerable systems and apply compensating controls
Cyber extortionist
12. A function of the session keys distributed by the PKI.
Protective switch covers
Confidentiality
Multinational organization
Its ability to reduce or eliminate business risks
13. A risk assessment should be conducted _________________.
Identify the relevant systems and processes
Alignment with business strategy
Annually or whenever there is a significant change
Do with the information it collects
14. All within the responsibility of the information security manager.
Role-based access control
0-day vulnerabilities
Platform security - intrusion detection and antivirus controls
Centralized structure
15. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
The authentication process is broken
Encryption
Tailgating
Vulnerability assessment
16. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Risk management and the requirements of the organization
Background check
BIA (Business Impact Assessment
Cyber extortionist
17. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Retention of business records
Digital certificate
Single sign-on (SSO) product
Methodology used in the assessment
18. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Background check
A network vulnerability assessment
Trojan horse
Transmit e-mail messages
19. Uses security metrics to measure the performance of the information security program.
Do with the information it collects
Phishing
Information security manager
Total cost of ownership (TCO)
20. Computer that has duplicate components so it can continue to operate when one of its main components fail
Defining and ratifying the classification structure of information assets
Acceptable use policies
Deeper level of analysis
Fault-tolerant computer
21. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Logon banners
Performing a risk assessment
Key controls
Exceptions to policy
22. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Equal error rate (EER)
The database administrator
Residual risk
Digital signatures
23. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Threat assessment
Gain unauthorized access to applications
Identify the vulnerable systems and apply compensating controls
Comparison of cost of achievement
24. The job of the information security officer on a management team is to ___________________.
The board of directors and senior management
Tailgating
Assess the risks to the business operation
Conduct a risk assessment
25. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Consensus on risks and controls
Confidentiality
Data classification
Defined objectives
26. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Biometric access control systems
Intrusion detection system (IDS)
Increase business value and confidence
Examples of containment defenses
27. Awareness - training and physical security defenses.
Annually or whenever there is a significant change
Examples of containment defenses
The authentication process is broken
Control risk
28. Focuses on identifying vulnerabilities.
Security awareness training for all employees
Role-based policy
OBusiness case development
Penetration testing
29. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Support the business objectives of the organization
Classification of assets needs
Control risk
Rule-based access control
30. Should be determined from the risk assessment results.
Classification of assets needs
include security responsibilities in a job description
Audit objectives
Centralized structure
31. Utility program that detects and protects a personal computer from unauthorized intrusions
Countermeasure cost-benefit analysis
Get senior management onboard
Personal firewall
Rule-based access control
32. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Virus detection
Two-factor authentication
Hacker
Well-defined roles and responsibilities
33. By definition are not previously known and therefore are undetectable.
Comparison of cost of achievement
0-day vulnerabilities
Access control matrix
Cracker
34. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Security baselines
Acceptable use policies
OBusiness case development
Patch management process
35. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Baseline standard and then develop additional standards
Impractical and is often cost-prohibitive
People
Lack of change management
36. Provides process needs but not impact.
Personal firewall
Examples of containment defenses
Regular review of access control lists
Resource dependency assessment
37. Occurs when the incoming level
Power surge/over voltage (spike)
Consensus on risks and controls
Is willing to accept
Impractical and is often cost-prohibitive
38. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
39. Would protect against spoofing an internal address but would not provide strong authentication.
Data isolation
Aligned with organizational goals
Proficiency testing
IP address packet filtering
40. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Security baselines
All personnel
The awareness and agreement of the data subjects
Safeguards over keys
41. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Risk appetite
Virus detection
Well-defined roles and responsibilities
Biometric access control systems
42. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Annual loss expectancy (ALE)calculations
Identify the relevant systems and processes
Spoofing attacks
IP address packet filtering
43. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Properly aligned with business goals and objectives
Security code reviews for the entire software application
Security baselines
Do with the information it collects
44. New security ulnerabilities should be managed through a ________________.
Aligned with organizational goals
Classification of assets needs
Patch management process
Security risk
45. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Lack of change management
Cyber terrorist
Knowledge management
Regular review of access control lists
46. Risk should be reduced to a level that an organization _____________.
Security awareness training for all employees
Is willing to accept
Continuous analysis - monitoring and feedback
Strategic alignment of security with business objectives
47. ecurity design flaws require a ____________________.
Deeper level of analysis
Owner of the information asset
Baseline standard and then develop additional standards
Exceptions to policy
48. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
All personnel
Information contained on the equipment
Proficiency testing
Cyber terrorist
49. Identification and _______________ of business risk enables project managers to address areas with most significance.
Identify the relevant systems and processes
Comparison of cost of achievement
Prioritization
Risk appetite
50. Occurs when the electrical supply drops
Conduct a risk assessment
Patch management process
Undervoltage (brownout)
Security code reviews for the entire software application
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests