SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Vulnerability assessment
Stress testing
Script kiddie
Exceptions to policy
2. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Hacker
Two-factor authentication
Skills inventory
Methodology used in the assessment
3. Program that hides within or looks like a legit program
Trojan horse
Residual risk
Audit objectives
Alignment with business strategy
4. Ensures that there are no scalability problems.
Stress testing
Breakeven point of risk reduction and cost
Security code reviews for the entire software application
Continuous monitoring control initiatives
5. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Exceptions to policy
Tailgating
Well-defined roles and responsibilities
Alignment with business strategy
6. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Annually or whenever there is a significant change
Its ability to reduce or eliminate business risks
Multinational organization
Creation of a business continuity plan
7. S small warehouse - designed for the end-user needs in a strategic business unit
Nondisclosure agreement (NDA)
Information contained on the equipment
Data mart
Virus detection
8. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
All personnel
Certificate authority (CA)
Lack of change management
Impractical and is often cost-prohibitive
9. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Cross-site scripting attacks
Information contained on the equipment
Increase business value and confidence
Identify the relevant systems and processes
10. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Return on security investment (ROSI)
Control risk
Trusted source
Stress testing
11. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Calculating the value of the information or asset
Security code reviews for the entire software application
Lack of change management
Tie security risks to key business objectives
12. Identification and _______________ of business risk enables project managers to address areas with most significance.
Prioritization
Centralization of information security management
Internal risk assessment
Impractical and is often cost-prohibitive
13. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Knowledge management
Creation of a business continuity plan
Transferred risk
People
14. Primarily reduce risk and are most effective for the protection of information assets.
Key controls
Personal firewall
Public key infrastructure (PKI)
The board of directors and senior management
15. Someone who accesses a computer or network illegally
Fault-tolerant computer
Tie security risks to key business objectives
Hacker
The board of directors and senior management
16. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
The board of directors and senior management
Risk assessment - evaluation and impact analysis
Patch management
SWOT analysis
17. Should be performed to identify the risk and determine needed controls.
Normalization
Internal risk assessment
Gap analysis
Return on security investment (ROSI)
18. Provides process needs but not impact.
The board of directors and senior management
Requirements of the data owners
Resource dependency assessment
Regular review of access control lists
19. Occurs when the electrical supply drops
Script kiddie
Key controls
Undervoltage (brownout)
Background check
20. An information security manager has to impress upon the human resources department the need for _____________________.
Centralization of information security management
Spoofing attacks
Security awareness training for all employees
Cyber terrorist
21. Uses security metrics to measure the performance of the information security program.
Information security manager
Overall organizational structure
Service level agreements (SLAs)
All personnel
22. Should be a standard requirement for the service provider.
Assess the risks to the business operation
Background check
Properly aligned with business goals and objectives
Annual loss expectancy (ALE)calculations
23. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
The authentication process is broken
Decentralization
Encryption of the hard disks
Security awareness training for all employees
24. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Is willing to accept
Digital signatures
Developing an information security baseline
Lack of change management
25. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Stress testing
Transmit e-mail messages
Security baselines
Process of introducing changes to systems
26. Oversees the overall classification management of the information.
The information security officer
Defining high-level business security requirements
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Methodology used in the assessment
27. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Continuous monitoring control initiatives
Logon banners
Requirements of the data owners
Role-based access control
28. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Transferred risk
Residual risk
Risk assessment - evaluation and impact analysis
Detection defenses
29. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Encryption of the hard disks
Equal error rate (EER)
Do with the information it collects
Performing a risk assessment
30. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
BIA (Business Impact Assessment
Well-defined roles and responsibilities
Risk assessment - evaluation and impact analysis
Knowledge management
31. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Process of introducing changes to systems
Deeper level of analysis
Cyber extortionist
Lack of change management
32. The most important characteristic of good security policies is that they be ____________________.
Aligned with organizational goals
Security code reviews for the entire software application
Vulnerability assessment
Proficiency testing
33. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Continuous analysis - monitoring and feedback
Digital signatures
Defining high-level business security requirements
Digital certificate
34. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
include security responsibilities in a job description
Fault-tolerant computer
Threat assessment
Developing an information security baseline
35. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Tailgating
Attributes and characteristics of the 'desired state'
The data custodian
Data classification
36. Used to understand the flow of one process into another.
Asset classification
MAL wear
Cost of control
Waterfall chart
37. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Strategic alignment of security with business objectives
Role-based policy
Intrusion detection system (IDS)
Spoofing attacks
38. Same intent as a cracker but does not have the technical skills and knowledge
Security awareness training for all employees
Baseline standard and then develop additional standards
Service level agreements (SLAs)
Script kiddie
39. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Cost of control
Lack of change management
Classification of assets needs
Certificate authority (CA)
40. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Stress testing
Two-factor authentication
Penetration testing
Virus
41. Focuses on identifying vulnerabilities.
Defining and ratifying the classification structure of information assets
Penetration testing
Key controls
The information security officer
42. The PRIMARY goal in developing an information security strategy is to: _________________________.
Information security manager
Certificate authority (CA)
Support the business objectives of the organization
Control effectiveness
43. A function of the session keys distributed by the PKI.
Attributes and characteristics of the 'desired state'
Confidentiality
0-day vulnerabilities
Lack of change management
44. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Certificate authority (CA)
Impractical and is often cost-prohibitive
Get senior management onboard
BIA (Business Impact Assessment
45. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Undervoltage (brownout)
Centralization of information security management
Exceptions to policy
Background checks of prospective employees
46. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Virus detection
Use of security metrics
Platform security - intrusion detection and antivirus controls
The information security officer
47. Inject malformed input.
Nondisclosure agreement (NDA)
Cross-site scripting attacks
Stress testing
Tie security risks to key business objectives
48. Awareness - training and physical security defenses.
Examples of containment defenses
Acceptable use policies
Data warehouse
Developing an information security baseline
49. Accesses a computer or network illegally
The information security officer
Cracker
Get senior management onboard
Multinational organization
50. To identify known vulnerabilities based on common misconfigurations and missing updates.
Gap analysis
Public key infrastructure (PKI)
Security awareness training for all employees
A network vulnerability assessment
