SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Programs that act without a user's knowledge and deliberately alter a computer's operations
Defining and ratifying the classification structure of information assets
Protective switch covers
MAL wear
Gain unauthorized access to applications
2. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Regular review of access control lists
Return on security investment (ROSI)
The board of directors and senior management
3. The job of the information security officer on a management team is to ___________________.
Developing an information security baseline
Virus
Residual risk would be reduced by a greater amount
Assess the risks to the business operation
4. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Cracker
Data mart
Overall organizational structure
Gap analysis
5. Carries out the technical administration.
Methodology used in the assessment
Deeper level of analysis
The data custodian
The database administrator
6. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Tie security risks to key business objectives
Performing a risk assessment
Data warehouse
Prioritization
7. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
The authentication process is broken
Do with the information it collects
Regular review of access control lists
Public key infrastructure (PKI)
8. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Process of introducing changes to systems
Calculating the value of the information or asset
Requirements of the data owners
Its ability to reduce or eliminate business risks
9. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Process of introducing changes to systems
The information security officer
Notifications and opt-out provisions
Role-based access control
10. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Role-based access control
Control effectiveness
Certificate authority (CA)
Information contained on the equipment
11. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Trusted source
Identify the relevant systems and processes
Security code reviews for the entire software application
Risk appetite
12. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Developing an information security baseline
Equal error rate (EER)
Single sign-on (SSO) product
Decentralization
13. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Comparison of cost of achievement
Worm
Skills inventory
Role-based access control
14. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
Creation of a business continuity plan
Background checks of prospective employees
Get senior management onboard
The authentication process is broken
15. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
16. Cannot be minimized
Spoofing attacks
Cost of control
Proficiency testing
Inherent risk
17. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Developing an information security baseline
Notifications and opt-out provisions
Worm
Risk assessment - evaluation and impact analysis
18. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Threat assessment
Normalization
Stress testing
Data mart
19. Information security governance models are highly dependent on the _____________________.
Platform security - intrusion detection and antivirus controls
Cyber terrorist
Overall organizational structure
Annually or whenever there is a significant change
20. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
What happened and how the breach was resolved
People
Risk management and the requirements of the organization
Risk assessment - evaluation and impact analysis
21. Identification and _______________ of business risk enables project managers to address areas with most significance.
Prioritization
Virus
Residual risk would be reduced by a greater amount
Monitoring processes
22. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Normalization
The awareness and agreement of the data subjects
Use of security metrics
Transmit e-mail messages
23. The information security manager needs to prioritize the controls based on ________________________.
Risk management and the requirements of the organization
Increase business value and confidence
Trojan horse
Undervoltage (brownout)
24. Should PRIMARILY be based on regulatory and legal requirements.
Fault-tolerant computer
What happened and how the breach was resolved
Retention of business records
Compliance with the organization's information security requirements
25. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Security risk
All personnel
Encryption of the hard disks
Cyber extortionist
26. Would protect against spoofing an internal address but would not provide strong authentication.
Is willing to accept
IP address packet filtering
Phishing
Consensus on risks and controls
27. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Fault-tolerant computer
Centralization of information security management
Virus
Countermeasure cost-benefit analysis
28. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Two-factor authentication
Data isolation
Single sign-on (SSO) product
Data owners
29. The data owner is responsible for _______________________.
Security awareness training for all employees
Tie security risks to key business objectives
Applying the proper classification to the data
Is willing to accept
30. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Compliance with the organization's information security requirements
Cyber terrorist
Script kiddie
Continuous analysis - monitoring and feedback
31. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Risk assessment - evaluation and impact analysis
Single sign-on (SSO) product
Proficiency testing
Reduce risk to an acceptable level
32. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Security code reviews for the entire software application
Fault-tolerant computer
Patch management
Power surge/over voltage (spike)
33. A function of the session keys distributed by the PKI.
Control risk
Comparison of cost of achievement
Confidentiality
Encryption
34. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Cyber terrorist
Background checks of prospective employees
Comparison of cost of achievement
Skills inventory
35. Program that hides within or looks like a legit program
Trojan horse
Script kiddie
The data owner
Certificate authority (CA)
36. Reducing risk to a level too small to measure is _______________.
Impractical and is often cost-prohibitive
Personal firewall
Trojan horse
Annually or whenever there is a significant change
37. By definition are not previously known and therefore are undetectable.
MAL wear
Confidentiality
Spoofing attacks
0-day vulnerabilities
38. Computer that has duplicate components so it can continue to operate when one of its main components fail
The board of directors and senior management
Cyber terrorist
All personnel
Fault-tolerant computer
39. Used to understand the flow of one process into another.
Waterfall chart
Negotiating a local version of the organization standards
Key controls
Gap analysis
40. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Support the business objectives of the organization
Cyber extortionist
Continuous analysis - monitoring and feedback
Defining high-level business security requirements
41. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Examples of containment defenses
Negotiating a local version of the organization standards
Security code reviews for the entire software application
Risk appetite
42. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
The board of directors and senior management
Consensus on risks and controls
Malicious software and spyware
Exceptions to policy
43. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Creation of a business continuity plan
The authentication process is broken
Strategic alignment of security with business objectives
Security risk
44. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Certificate authority (CA)
Get senior management onboard
Tie security risks to key business objectives
Intrusion detection system (IDS)
45. To identify known vulnerabilities based on common misconfigurations and missing updates.
A network vulnerability assessment
Developing an information security baseline
Return on security investment (ROSI)
Patch management
46. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Access control matrix
Cyber extortionist
Monitoring processes
Increase business value and confidence
47. Utility program that detects and protects a personal computer from unauthorized intrusions
Security code reviews for the entire software application
Personal firewall
Platform security - intrusion detection and antivirus controls
Hacker
48. Provide metrics to which outsourcing firms can be held accountable.
Acceptable use policies
Patch management
SWOT analysis
Service level agreements (SLAs)
49. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Background checks of prospective employees
Creation of a business continuity plan
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Internal risk assessment
50. New security ulnerabilities should be managed through a ________________.
Internal risk assessment
Control risk
Patch management process
Identify the relevant systems and processes