SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Identify the relevant systems and processes
The authentication process is broken
Public key infrastructure (PKI)
Consensus on risks and controls
2. Information security governance models are highly dependent on the _____________________.
Continuous analysis - monitoring and feedback
Overall organizational structure
Risk assessment - evaluation and impact analysis
Lack of change management
3. The MOST important element of an information security strategy.
Defined objectives
Alignment with business strategy
Aligned with organizational goals
Tailgating
4. The primary role of the information security manager in the process of information classification within the organization.
People
Defining and ratifying the classification structure of information assets
Trojan horse
Nondisclosure agreement (NDA)
5. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Public key infrastructure (PKI)
Trusted source
Protective switch covers
Skills inventory
6. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Equal error rate (EER)
Worm
Regulatory compliance
Safeguards over keys
7. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Data isolation
Encryption of the hard disks
Transmit e-mail messages
Control risk
8. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Digital certificate
Transferred risk
The awareness and agreement of the data subjects
Security baselines
9. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Calculating the value of the information or asset
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Encryption of the hard disks
Properly aligned with business goals and objectives
10. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Data owners
Defined objectives
Nondisclosure agreement (NDA)
Performing a risk assessment
11. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
A network vulnerability assessment
Gap analysis
Countermeasure cost-benefit analysis
Continuous monitoring control initiatives
12. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
The balanced scorecard
Identify the vulnerable systems and apply compensating controls
Exceptions to policy
Resource dependency assessment
13. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Identify the relevant systems and processes
Personal firewall
Negotiating a local version of the organization standards
People
14. Occurs when the electrical supply drops
Digital signatures
Attributes and characteristics of the 'desired state'
Increase business value and confidence
Undervoltage (brownout)
15. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Reduce risk to an acceptable level
Equal error rate (EER)
Prioritization
Use of security metrics
16. Provide metrics to which outsourcing firms can be held accountable.
Support the business objectives of the organization
Regular review of access control lists
Service level agreements (SLAs)
IP address packet filtering
17. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Penetration testing
Access control matrix
Continuous monitoring control initiatives
Monitoring processes
18. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Security code reviews for the entire software application
Internal risk assessment
Defining high-level business security requirements
Increase business value and confidence
19. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Knowledge management
Overall organizational structure
The authentication process is broken
Background checks of prospective employees
20. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Identify the vulnerable systems and apply compensating controls
Trojan horse
Lack of change management
Single sign-on (SSO) product
21. A method for analyzing and reducing a relational database to its most streamlined form
Information contained on the equipment
Biometric access control systems
Normalization
Transmit e-mail messages
22. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Stress testing
Asset classification
Centralization of information security management
Spoofing attacks
23. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Virus
Two-factor authentication
Return on security investment (ROSI)
Undervoltage (brownout)
24. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Tailgating
Requirements of the data owners
Transmit e-mail messages
Identify the relevant systems and processes
25. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Cross-site scripting attacks
Creation of a business continuity plan
Assess the risks to the business operation
Baseline standard and then develop additional standards
26. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
What happened and how the breach was resolved
Two-factor authentication
Countermeasure cost-benefit analysis
Encryption of the hard disks
27. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Security code reviews for the entire software application
A network vulnerability assessment
Transferred risk
Data isolation
28. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Get senior management onboard
Platform security - intrusion detection and antivirus controls
Reduce risk to an acceptable level
Logon banners
29. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Tailgating
Identify the relevant systems and processes
Background check
Role-based access control
30. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Residual risk would be reduced by a greater amount
Centralization of information security management
Properly aligned with business goals and objectives
Retention of business records
31. The PRIMARY goal in developing an information security strategy is to: _________________________.
Undervoltage (brownout)
Support the business objectives of the organization
Skills inventory
Owner of the information asset
32. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Consensus on risks and controls
BIA (Business Impact Assessment
The authentication process is broken
Worm
33. Ensure that transmitted information can be attributed to the named sender.
Digital signatures
Proficiency testing
Conduct a risk assessment
Personal firewall
34. Inject malformed input.
Public key infrastructure (PKI)
Overall organizational structure
Cross-site scripting attacks
Baseline standard and then develop additional standards
35. An information security manager has to impress upon the human resources department the need for _____________________.
Transferred risk
Trojan horse
Cyber extortionist
Security awareness training for all employees
36. Occurs after the risk assessment process - it does not measure it.
Personal firewall
What happened and how the breach was resolved
Strategic alignment of security with business objectives
Use of security metrics
37. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Single sign-on (SSO) product
Certificate authority (CA)
Trusted source
Personal firewall
38. Identification and _______________ of business risk enables project managers to address areas with most significance.
Cost of control
Background check
include security responsibilities in a job description
Prioritization
39. The job of the information security officer on a management team is to ___________________.
Assess the risks to the business operation
Defined objectives
Performing a risk assessment
Examples of containment defenses
40. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Spoofing attacks
Power surge/over voltage (spike)
The balanced scorecard
Its ability to reduce or eliminate business risks
41. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
The awareness and agreement of the data subjects
OBusiness case development
Its ability to reduce or eliminate business risks
Security risk
42. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
People
Threat assessment
Encryption
The board of directors and senior management
43. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Virus detection
Aligned with organizational goals
Vulnerability assessment
Cryptographic secure sockets layer (SSL) implementations and short key lengths
44. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Assess the risks to the business operation
SWOT analysis
People
Logon banners
45. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Platform security - intrusion detection and antivirus controls
Comparison of cost of achievement
The information security officer
Intrusion detection system (IDS)
46. Has full responsibility over data.
The data owner
Service level agreements (SLAs)
Compliance with the organization's information security requirements
Safeguards over keys
47. Most effective for evaluating the degree to which information security objectives are being met.
Owner of the information asset
The balanced scorecard
Cyber terrorist
Security risk
48. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Risk appetite
Overall organizational structure
Security baselines
Cryptographic secure sockets layer (SSL) implementations and short key lengths
49. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Do with the information it collects
Skills inventory
Gain unauthorized access to applications
Breakeven point of risk reduction and cost
50. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Transferred risk
Increase business value and confidence
Skills inventory
Performing a risk assessment