SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Someone who accesses a computer or network illegally
Decentralization
Comparison of cost of achievement
Hacker
Knowledge management
2. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Transmit e-mail messages
Notifications and opt-out provisions
BIA (Business Impact Assessment
Personal firewall
3. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
Identify the relevant systems and processes
The authentication process is broken
The awareness and agreement of the data subjects
Security code reviews for the entire software application
4. Inject malformed input.
MAL wear
Two-factor authentication
Cross-site scripting attacks
Its ability to reduce or eliminate business risks
5. New security ulnerabilities should be managed through a ________________.
Stress testing
Intrusion detection system (IDS)
Impractical and is often cost-prohibitive
Patch management process
6. Reducing risk to a level too small to measure is _______________.
Methodology used in the assessment
Impractical and is often cost-prohibitive
Fault-tolerant computer
Information security manager
7. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Comparison of cost of achievement
Its ability to reduce or eliminate business risks
Spoofing attacks
The authentication process is broken
8. Should PRIMARILY be based on regulatory and legal requirements.
Performing a risk assessment
Gap analysis
Retention of business records
Script kiddie
9. Applications cannot access data associated with other apps
IP address packet filtering
Role-based policy
Data isolation
Acceptable use policies
10. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Examples of containment defenses
Nondisclosure agreement (NDA)
Penetration testing
Gain unauthorized access to applications
11. A key indicator of performance measurement.
Nondisclosure agreement (NDA)
Equal error rate (EER)
Strategic alignment of security with business objectives
Consensus on risks and controls
12. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
People
Notifications and opt-out provisions
Process of introducing changes to systems
Identify the relevant systems and processes
13. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Identify the vulnerable systems and apply compensating controls
Single sign-on (SSO) product
Access control matrix
Residual risk
14. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Information security manager
People
Security awareness training for all employees
Increase business value and confidence
15. Risk should be reduced to a level that an organization _____________.
Its ability to reduce or eliminate business risks
Hacker
Penetration testing
Is willing to accept
16. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Multinational organization
Tailgating
Patch management process
Security risk
17. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Methodology used in the assessment
Tie security risks to key business objectives
Spoofing attacks
Do with the information it collects
18. Occurs when the electrical supply drops
Retention of business records
Breakeven point of risk reduction and cost
Virus
Undervoltage (brownout)
19. Ensure that transmitted information can be attributed to the named sender.
Equal error rate (EER)
Calculating the value of the information or asset
Vulnerability assessment
Digital signatures
20. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Risk assessment - evaluation and impact analysis
Malicious software and spyware
Countermeasure cost-benefit analysis
Acceptable use policies
21. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Platform security - intrusion detection and antivirus controls
Support the business objectives of the organization
Role-based access control
Spoofing attacks
22. The most important characteristic of good security policies is that they be ____________________.
Worm
Nondisclosure agreement (NDA)
The authentication process is broken
Aligned with organizational goals
23. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Negotiating a local version of the organization standards
Continuous monitoring control initiatives
Its ability to reduce or eliminate business risks
Key risk indicator (KRI) setup
24. A function of the session keys distributed by the PKI.
Confidentiality
Threat assessment
Overall organizational structure
Regulatory compliance
25. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Creation of a business continuity plan
Residual risk
Calculating the value of the information or asset
Data classification
26. The data owner is responsible for _______________________.
Personal firewall
Security baselines
Applying the proper classification to the data
Use of security metrics
27. Ensures that there are no scalability problems.
Two-factor authentication
Return on security investment (ROSI)
Stress testing
Countermeasure cost-benefit analysis
28. Used to understand the flow of one process into another.
Security awareness training for all employees
Increase business value and confidence
Waterfall chart
The data custodian
29. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Compliance with the organization's information security requirements
Its ability to reduce or eliminate business risks
Key controls
Access control matrix
30. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Two-factor authentication
Virus detection
Get senior management onboard
Malicious software and spyware
31. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Personal firewall
Residual risk would be reduced by a greater amount
Developing an information security baseline
Proficiency testing
32. The job of the information security officer on a management team is to ___________________.
Waterfall chart
Calculating the value of the information or asset
Assess the risks to the business operation
Intrusion detection system (IDS)
33. All within the responsibility of the information security manager.
MAL wear
Overall organizational structure
Platform security - intrusion detection and antivirus controls
Phishing
34. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Total cost of ownership (TCO)
Security baselines
Hacker
Owner of the information asset
35. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
IP address packet filtering
Calculating the value of the information or asset
Identify the vulnerable systems and apply compensating controls
Impractical and is often cost-prohibitive
36. provides the most effective protection of data on mobile devices.
Encryption
Multinational organization
Developing an information security baseline
Conduct a risk assessment
37. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
The information security officer
Asset classification
Cracker
Normalization
38. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
0-day vulnerabilities
Tailgating
Single sign-on (SSO) product
Countermeasure cost-benefit analysis
39. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Biometric access control systems
Well-defined roles and responsibilities
Creation of a business continuity plan
Overall organizational structure
40. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
People
Key risk indicator (KRI) setup
Comparison of cost of achievement
Cyber extortionist
41. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Tailgating
Control effectiveness
Encryption key management
Cost of control
42. Oversees the overall classification management of the information.
IP address packet filtering
Continuous analysis - monitoring and feedback
The information security officer
Trusted source
43. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Logon banners
Lack of change management
Process of introducing changes to systems
Residual risk would be reduced by a greater amount
44. By definition are not previously known and therefore are undetectable.
Defined objectives
0-day vulnerabilities
Residual risk would be reduced by a greater amount
Countermeasure cost-benefit analysis
45. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Asset classification
The board of directors and senior management
Audit objectives
Aligned with organizational goals
46. Has to be integrated into the requirements of every software application's design.
Centralization of information security management
Encryption key management
Key risk indicator (KRI) setup
Waterfall chart
47. Should be a standard requirement for the service provider.
Properly aligned with business goals and objectives
Data owners
Worm
Background check
48. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Encryption of the hard disks
Return on security investment (ROSI)
Public key infrastructure (PKI)
Gain unauthorized access to applications
49. Normally addressed through antivirus and antispyware policies.
Lack of change management
Cyber terrorist
Developing an information security baseline
Malicious software and spyware
50. Culture has a significant impact on how information security will be implemented in a ______________________.
Service level agreements (SLAs)
Increase business value and confidence
Multinational organization
People