Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. By definition are not previously known and therefore are undetectable.






2. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.






3. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations






4. Inject malformed input.






5. Should be determined from the risk assessment results.






6. Company or person you believe will not send a virus-infect file knowingly






7. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.






8. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.






9. The MOST useful way to describe the objectives in the information security strategy is through ______________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


10. A function of the session keys distributed by the PKI.






11. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.






12. Would protect against spoofing an internal address but would not provide strong authentication.






13. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.






14. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.






15. Occurs when the electrical supply drops






16. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm






17. The best measure and will involve reviewing the entire source code to detect all instances of back doors.






18. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.






19. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but






20. Reducing risk to a level too small to measure is _______________.






21. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'






22. Useful but only with regard to specific technical skills.






23. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.






24. Provides process needs but not impact.






25. Whenever personal data are transferred across national boundaries; ________________________ are required.






26. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.






27. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.






28. A process that helps organizations manipulate important knowledge that is part of the orgs. memory






29. The MOST important element of an information security strategy.






30. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.






31. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.






32. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.






33. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.






34. Responsible for securing the information.






35. All within the responsibility of the information security manager.






36. Utility program that detects and protects a personal computer from unauthorized intrusions






37. Someone who uses the internet or network to destroy or damage computers for political reasons






38. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree






39. The job of the information security officer on a management team is to ___________________.






40. Used to understand the flow of one process into another.






41. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.






42. Same intent as a cracker but does not have the technical skills and knowledge






43. Has to be integrated into the requirements of every software application's design.






44. Risk should be reduced to a level that an organization _____________.






45. The PRIMARY goal in developing an information security strategy is to: _________________________.






46. A method for analyzing and reducing a relational database to its most streamlined form






47. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.






48. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.






49. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.






50. BEST option to improve accountability for a system administrator is to _____________________.