SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Reduce risk to an acceptable level
Gain unauthorized access to applications
Conduct a risk assessment
Confidentiality
2. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Security code reviews for the entire software application
Do with the information it collects
include security responsibilities in a job description
Continuous monitoring control initiatives
3. Should be a standard requirement for the service provider.
OBusiness case development
Residual risk
Background check
Exceptions to policy
4. When defining the information classification policy - the ___________________ need to be identified.
Tailgating
Its ability to reduce or eliminate business risks
Comparison of cost of achievement
Requirements of the data owners
5. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Security code reviews for the entire software application
Tie security risks to key business objectives
Personal firewall
Control effectiveness
6. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Security code reviews for the entire software application
The database administrator
Biometric access control systems
Support the business objectives of the organization
7. Needs to define the access rules - which is troublesome and error prone in large organizations.
Continuous analysis - monitoring and feedback
SWOT analysis
Rule-based access control
Lack of change management
8. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Creation of a business continuity plan
Tailgating
Data mart
Phishing
9. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Acceptable use policies
Annual loss expectancy (ALE)calculations
Access control matrix
Trusted source
10. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
SWOT analysis
Cost of control
Identify the vulnerable systems and apply compensating controls
Trusted source
11. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Total cost of ownership (TCO)
The awareness and agreement of the data subjects
Decentralization
12. Accesses a computer or network illegally
Identify the relevant systems and processes
Cracker
Get senior management onboard
Examples of containment defenses
13. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Defining and ratifying the classification structure of information assets
Centralized structure
Consensus on risks and controls
Centralization of information security management
14. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Gap analysis
Acceptable use policies
Virus
Annual loss expectancy (ALE)calculations
15. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Overall organizational structure
Deeper level of analysis
Virus
Classification of assets needs
16. The data owner is responsible for _______________________.
Exceptions to policy
Data isolation
Information security manager
Applying the proper classification to the data
17. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
People
Examples of containment defenses
Risk appetite
All personnel
18. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Decentralization
Alignment with business strategy
Cracker
Assess the risks to the business operation
19. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Baseline standard and then develop additional standards
OBusiness case development
Control risk
Detection defenses
20. Ensure that transmitted information can be attributed to the named sender.
Public key infrastructure (PKI)
Support the business objectives of the organization
Cross-site scripting attacks
Digital signatures
21. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
Undervoltage (brownout)
Get senior management onboard
Centralization of information security management
OBusiness case development
22. Primarily reduce risk and are most effective for the protection of information assets.
Key controls
Annual loss expectancy (ALE)calculations
Total cost of ownership (TCO)
Classification of assets needs
23. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Aligned with organizational goals
Platform security - intrusion detection and antivirus controls
Protective switch covers
Internal risk assessment
24. The MOST important element of an information security strategy.
Risk assessment - evaluation and impact analysis
Impractical and is often cost-prohibitive
Safeguards over keys
Defined objectives
25. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Script kiddie
Strategic alignment of security with business objectives
Vulnerability assessment
Patch management
26. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Patch management process
Penetration testing
BIA (Business Impact Assessment
What happened and how the breach was resolved
27. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
Continuous analysis - monitoring and feedback
Centralization of information security management
All personnel
Protective switch covers
28. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Continuous monitoring control initiatives
Continuous analysis - monitoring and feedback
Data classification
include security responsibilities in a job description
29. Useful but only with regard to specific technical skills.
The awareness and agreement of the data subjects
Performing a risk assessment
Data warehouse
Proficiency testing
30. Used to understand the flow of one process into another.
Nondisclosure agreement (NDA)
Waterfall chart
Regular review of access control lists
Performing a risk assessment
31. Carries out the technical administration.
Control effectiveness
The database administrator
Undervoltage (brownout)
Threat assessment
32. A Successful risk management should lead to a ________________.
Breakeven point of risk reduction and cost
Resource dependency assessment
Spoofing attacks
Developing an information security baseline
33. S small warehouse - designed for the end-user needs in a strategic business unit
Security awareness training for all employees
Background check
Creation of a business continuity plan
Data mart
34. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Transferred risk
Skills inventory
Deeper level of analysis
Role-based access control
35. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
Regular review of access control lists
OBusiness case development
A network vulnerability assessment
What happened and how the breach was resolved
36. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Threat assessment
Defining high-level business security requirements
Waterfall chart
Platform security - intrusion detection and antivirus controls
37. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Public key infrastructure (PKI)
Security risk
Consensus on risks and controls
Background check
38. Awareness - training and physical security defenses.
The data owner
Return on security investment (ROSI)
Examples of containment defenses
Compliance with the organization's information security requirements
39. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
All personnel
Developing an information security baseline
Logon banners
Transferred risk
40. Has full responsibility over data.
Personal firewall
The data owner
The database administrator
Virus detection
41. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
SWOT analysis
Developing an information security baseline
Vulnerability assessment
Background checks of prospective employees
42. Provides process needs but not impact.
People
Exceptions to policy
Risk appetite
Resource dependency assessment
43. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
The awareness and agreement of the data subjects
Equal error rate (EER)
Performing a risk assessment
Defining and ratifying the classification structure of information assets
44. Should be performed to identify the risk and determine needed controls.
Internal risk assessment
Platform security - intrusion detection and antivirus controls
Patch management process
Well-defined roles and responsibilities
45. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
46. Utility program that detects and protects a personal computer from unauthorized intrusions
People
Personal firewall
Deeper level of analysis
Risk appetite
47. The best measure for preventing the unauthorized disclosure of confidential information.
IP address packet filtering
Risk assessment - evaluation and impact analysis
Increase business value and confidence
Acceptable use policies
48. The most important characteristic of good security policies is that they be ____________________.
Data isolation
SWOT analysis
Lack of change management
Aligned with organizational goals
49. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Intrusion detection system (IDS)
Continuous monitoring control initiatives
Classification of assets needs
Background checks of prospective employees
50. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
0-day vulnerabilities
Detection defenses
Creation of a business continuity plan
Penetration testing