SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Continuous analysis - monitoring and feedback
Encryption
Calculating the value of the information or asset
Assess the risks to the business operation
2. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
The board of directors and senior management
Skills inventory
Phishing
Cyber terrorist
3. A key indicator of performance measurement.
Skills inventory
Alignment with business strategy
Public key infrastructure (PKI)
Strategic alignment of security with business objectives
4. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Conduct a risk assessment
Encryption
Tie security risks to key business objectives
Skills inventory
5. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Transmit e-mail messages
Risk assessment - evaluation and impact analysis
Intrusion detection system (IDS)
Patch management
6. Same intent as a cracker but does not have the technical skills and knowledge
Digital certificate
Tailgating
Script kiddie
Monitoring processes
7. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
8. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Baseline standard and then develop additional standards
Audit objectives
Gain unauthorized access to applications
Fault-tolerant computer
9. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Defined objectives
Proficiency testing
Reduce risk to an acceptable level
Use of security metrics
10. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
A network vulnerability assessment
The balanced scorecard
The authentication process is broken
Skills inventory
11. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Cross-site scripting attacks
Waterfall chart
Owner of the information asset
Total cost of ownership (TCO)
12. Inject malformed input.
Requirements of the data owners
The board of directors and senior management
Cross-site scripting attacks
Confidentiality
13. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Centralization of information security management
Identify the relevant systems and processes
Patch management process
Security code reviews for the entire software application
14. By definition are not previously known and therefore are undetectable.
Support the business objectives of the organization
0-day vulnerabilities
Use of security metrics
Transmit e-mail messages
15. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Total cost of ownership (TCO)
Key risk indicator (KRI) setup
Information contained on the equipment
Data warehouse
16. Most effective for evaluating the degree to which information security objectives are being met.
Continuous analysis - monitoring and feedback
Baseline standard and then develop additional standards
BIA (Business Impact Assessment
The balanced scorecard
17. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Identify the vulnerable systems and apply compensating controls
Audit objectives
Spoofing attacks
Tie security risks to key business objectives
18. Utility program that detects and protects a personal computer from unauthorized intrusions
Public key infrastructure (PKI)
Residual risk
Personal firewall
Resource dependency assessment
19. A function of the session keys distributed by the PKI.
Public key infrastructure (PKI)
Power surge/over voltage (spike)
Confidentiality
Malicious software and spyware
20. Uses security metrics to measure the performance of the information security program.
Knowledge management
Information security manager
Prioritization
Key controls
21. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Negotiating a local version of the organization standards
Well-defined roles and responsibilities
Spoofing attacks
Comparison of cost of achievement
22. A Successful risk management should lead to a ________________.
Identify the relevant systems and processes
Breakeven point of risk reduction and cost
Undervoltage (brownout)
Risk assessment - evaluation and impact analysis
23. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Internal risk assessment
Patch management
People
Digital certificate
24. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Continuous analysis - monitoring and feedback
Worm
MAL wear
Examples of containment defenses
25. Useful but only with regard to specific technical skills.
Proficiency testing
Confidentiality
Waterfall chart
Role-based policy
26. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Increase business value and confidence
Is willing to accept
What happened and how the breach was resolved
Inherent risk
27. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Creation of a business continuity plan
Defined objectives
Resource dependency assessment
Overall organizational structure
28. Risk should be reduced to a level that an organization _____________.
Encryption
Encryption of the hard disks
Access control matrix
Is willing to accept
29. Computer that has duplicate components so it can continue to operate when one of its main components fail
Risk appetite
Fault-tolerant computer
Hacker
Intrusion detection system (IDS)
30. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Biometric access control systems
Is willing to accept
Certificate authority (CA)
Resource dependency assessment
31. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Protective switch covers
What happened and how the breach was resolved
Virus
Security awareness training for all employees
32. Ensure that transmitted information can be attributed to the named sender.
Digital signatures
Data mart
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Rule-based access control
33. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Key risk indicator (KRI) setup
Key controls
Gap analysis
Classification of assets needs
34. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Control risk
Total cost of ownership (TCO)
Intrusion detection system (IDS)
Residual risk would be reduced by a greater amount
35. Should PRIMARILY be based on regulatory and legal requirements.
Baseline standard and then develop additional standards
Residual risk
Risk appetite
Retention of business records
36. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Knowledge management
The authentication process is broken
Properly aligned with business goals and objectives
Cracker
37. Accesses a computer or network illegally
Developing an information security baseline
Transmit e-mail messages
Identify the relevant systems and processes
Cracker
38. A risk assessment should be conducted _________________.
Annually or whenever there is a significant change
Script kiddie
Lack of change management
Examples of containment defenses
39. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Get senior management onboard
Phishing
Transmit e-mail messages
Applying the proper classification to the data
40. Program that hides within or looks like a legit program
Trojan horse
Reduce risk to an acceptable level
Its ability to reduce or eliminate business risks
Encryption key management
41. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
BIA (Business Impact Assessment
Identify the vulnerable systems and apply compensating controls
Cross-site scripting attacks
Service level agreements (SLAs)
42. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Virus detection
Methodology used in the assessment
Power surge/over voltage (spike)
Nondisclosure agreement (NDA)
43. It is easier to manage and control a _________________.
Power surge/over voltage (spike)
SWOT analysis
Centralized structure
Safeguards over keys
44. Provides strong online authentication.
Owner of the information asset
Developing an information security baseline
People
Public key infrastructure (PKI)
45. When the ________________ is more than the cost of the risk - the risk should be accepted.
Vulnerability assessment
Cost of control
Encryption key management
Fault-tolerant computer
46. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Digital signatures
Key risk indicator (KRI) setup
Performing a risk assessment
Data mart
47. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Increase business value and confidence
BIA (Business Impact Assessment
The board of directors and senior management
Conduct a risk assessment
48. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Inherent risk
Personal firewall
Strategic alignment of security with business objectives
Do with the information it collects
49. The data owner is responsible for _______________________.
Rule-based access control
Owner of the information asset
Applying the proper classification to the data
Penetration testing
50. Has full responsibility over data.
Nondisclosure agreement (NDA)
Power surge/over voltage (spike)
The data owner
Encryption key management
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests