Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Company or person you believe will not send a virus-infect file knowingly






2. Should be a standard requirement for the service provider.






3. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree






4. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information






5. The most important characteristic of good security policies is that they be ____________________.






6. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


7. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are






8. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.






9. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.






10. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.






11. New security ulnerabilities should be managed through a ________________.






12. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.






13. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.






14. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.






15. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.






16. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.






17. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.






18. A risk assessment should be conducted _________________.






19. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing






20. Ensure that transmitted information can be attributed to the named sender.






21. Identification and _______________ of business risk enables project managers to address areas with most significance.






22. provides the most effective protection of data on mobile devices.






23. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.






24. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.






25. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.






26. Would protect against spoofing an internal address but would not provide strong authentication.






27. Without _____________________ - there cannot be accountability.






28. Oversees the overall classification management of the information.






29. Focuses on identifying vulnerabilities.






30. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.






31. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.






32. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.






33. Carries out the technical administration.






34. Provides strong online authentication.






35. Uses security metrics to measure the performance of the information security program.






36. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.






37. Cannot be minimized






38. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.






39. Same intent as a cracker but does not have the technical skills and knowledge






40. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.






41. A process that helps organizations manipulate important knowledge that is part of the orgs. memory






42. Occurs when the electrical supply drops






43. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations






44. Provide metrics to which outsourcing firms can be held accountable.






45. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'






46. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.






47. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.






48. A notice that guarantees a user or a web site is legitimate






49. Risk should be reduced to a level that an organization _____________.






50. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm