Test your basic knowledge |

CISM: Certified Information Security Manager

Subjects : certifications, cism, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Occurs when the incoming level
Key risk indicator (KRI) setup
Strategic alignment of security with business objectives
Power surge/over voltage (spike)
Script kiddie

2. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Encryption key management
Intrusion detection system (IDS)
Two-factor authentication
Hacker

3. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Hacker
Role-based policy
Risk management and the requirements of the organization
Service level agreements (SLAs)

4. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Vulnerability assessment
Defined objectives
Methodology used in the assessment
Performing a risk assessment

5. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Baseline standard and then develop additional standards
Security baselines
People
Residual risk

6. A repository of historical data organized by subject to support decision makers in the org
Equal error rate (EER)
Transmit e-mail messages
Data warehouse
Certificate authority (CA)

7. Whenever personal data are transferred across national boundaries; ________________________ are required.
Background check
The awareness and agreement of the data subjects
Monitoring processes
Resource dependency assessment

8. provides the most effective protection of data on mobile devices.
Encryption
Regular review of access control lists
Equal error rate (EER)
The data custodian

9. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Data classification
Acceptable use policies
Key controls
Developing an information security baseline

10. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
include security responsibilities in a job description
Certificate authority (CA)
Tailgating
Waterfall chart

11. Used to understand the flow of one process into another.
Waterfall chart
Properly aligned with business goals and objectives
Security baselines
Residual risk

12. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
Patch management
OBusiness case development
Control risk
Cost of control

13. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Classification of assets needs
Owner of the information asset
Detection defenses
Security code reviews for the entire software application

14. Provides strong online authentication.
Penetration testing
Public key infrastructure (PKI)
Normalization
The balanced scorecard

15. Someone who accesses a computer or network illegally
Information security manager
BIA (Business Impact Assessment
Hacker
The balanced scorecard

16. Should PRIMARILY be based on regulatory and legal requirements.
Retention of business records
Background checks of prospective employees
Normalization
Notifications and opt-out provisions

17. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Role-based access control
Risk assessment - evaluation and impact analysis
Reduce risk to an acceptable level
MAL wear

18. It is easier to manage and control a _________________.
Penetration testing
Centralized structure
Data warehouse
Two-factor authentication

19. Computer that has duplicate components so it can continue to operate when one of its main components fail
Rule-based access control
Digital certificate
Fault-tolerant computer
Protective switch covers

20. S small warehouse - designed for the end-user needs in a strategic business unit
Multinational organization
Data mart
Trusted source
Exceptions to policy

21. Same intent as a cracker but does not have the technical skills and knowledge
Script kiddie
Data mart
Defined objectives
Cyber terrorist

22. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Regulatory compliance
Return on security investment (ROSI)
Its ability to reduce or eliminate business risks
Baseline standard and then develop additional standards

23. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Service level agreements (SLAs)
Methodology used in the assessment
Key controls
include security responsibilities in a job description

24. Ensure that transmitted information can be attributed to the named sender.
Digital signatures
Compliance with the organization's information security requirements
Lack of change management
Single sign-on (SSO) product

25. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Process of introducing changes to systems
Examples of containment defenses
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Control risk

26. Accesses a computer or network illegally
Trusted source
The data owner
Cracker
Get senior management onboard

27. Risk should be reduced to a level that an organization _____________.
Is willing to accept
Resource dependency assessment
Impractical and is often cost-prohibitive
Single sign-on (SSO) product

28. Has to be integrated into the requirements of every software application's design.
Resource dependency assessment
Encryption key management
Retention of business records
Support the business objectives of the organization

29. A function of the session keys distributed by the PKI.
Confidentiality
Countermeasure cost-benefit analysis
Is willing to accept
Risk assessment - evaluation and impact analysis

30. Someone who uses the internet or network to destroy or damage computers for political reasons
Methodology used in the assessment
Worm
Cyber terrorist
Impractical and is often cost-prohibitive

31. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Trusted source
Methodology used in the assessment
Calculating the value of the information or asset
Proficiency testing

32. Awareness - training and physical security defenses.
Monitoring processes
Transferred risk
Fault-tolerant computer
Examples of containment defenses

33. Focuses on identifying vulnerabilities.
Knowledge management
Virus detection
Encryption
Penetration testing

34. A notice that guarantees a user or a web site is legitimate
Trojan horse
Digital certificate
Defining and ratifying the classification structure of information assets
Properly aligned with business goals and objectives

35. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
Strategic alignment of security with business objectives
Data warehouse
Encryption of the hard disks
Control effectiveness

36. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Security awareness training for all employees
Reduce risk to an acceptable level
Key controls
Vulnerability assessment

37. The primary role of the information security manager in the process of information classification within the organization.
Confidentiality
The balanced scorecard
Multinational organization
Defining and ratifying the classification structure of information assets

38. Culture has a significant impact on how information security will be implemented in a ______________________.
Multinational organization
Negotiating a local version of the organization standards
Phishing
Properly aligned with business goals and objectives

39. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Increase business value and confidence
Exceptions to policy
Spoofing attacks
Requirements of the data owners

40. By definition are not previously known and therefore are undetectable.
IP address packet filtering
Penetration testing
Baseline standard and then develop additional standards
0-day vulnerabilities

41. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Patch management process
Assess the risks to the business operation
Impractical and is often cost-prohibitive
Centralization of information security management

42. Most effective for evaluating the degree to which information security objectives are being met.
Data isolation
The balanced scorecard
Role-based policy
Negotiating a local version of the organization standards

43. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Cyber terrorist
Attributes and characteristics of the 'desired state'
Internal risk assessment
SWOT analysis

44. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
The database administrator
Background checks of prospective employees
Service level agreements (SLAs)
Its ability to reduce or eliminate business risks

45. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Negotiating a local version of the organization standards
Owner of the information asset
Compliance with the organization's information security requirements
Consensus on risks and controls

46. Reducing risk to a level too small to measure is _______________.
Defining high-level business security requirements
Overall organizational structure
Waterfall chart
Impractical and is often cost-prohibitive

47. Primarily reduce risk and are most effective for the protection of information assets.
Transmit e-mail messages
Access control matrix
Process of introducing changes to systems
Key controls

48. Would protect against spoofing an internal address but would not provide strong authentication.
Risk assessment - evaluation and impact analysis
IP address packet filtering
Annual loss expectancy (ALE)calculations
Continuous monitoring control initiatives

49. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Continuous analysis - monitoring and feedback
Monitoring processes
Well-defined roles and responsibilities
Defining high-level business security requirements

50. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISM: Certified Information Security Manager

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests