SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Would protect against spoofing an internal address but would not provide strong authentication.
IP address packet filtering
Decentralization
Control risk
Tailgating
2. When the ________________ is more than the cost of the risk - the risk should be accepted.
Cost of control
Centralized structure
Single sign-on (SSO) product
Security code reviews for the entire software application
3. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Monitoring processes
Tailgating
Digital signatures
Alignment with business strategy
4. All within the responsibility of the information security manager.
Platform security - intrusion detection and antivirus controls
Owner of the information asset
Two-factor authentication
Cyber terrorist
5. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Skills inventory
Do with the information it collects
Process of introducing changes to systems
Acceptable use policies
6. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Power surge/over voltage (spike)
Transmit e-mail messages
Properly aligned with business goals and objectives
Annually or whenever there is a significant change
7. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Continuous monitoring control initiatives
Alignment with business strategy
Deeper level of analysis
Risk appetite
8. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Spoofing attacks
Annual loss expectancy (ALE)calculations
Transferred risk
Phishing
9. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.
Its ability to reduce or eliminate business risks
Intrusion detection system (IDS)
Spoofing attacks
Countermeasure cost-benefit analysis
10. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Spoofing attacks
Countermeasure cost-benefit analysis
Risk management and the requirements of the organization
Gap analysis
11. Computer that has duplicate components so it can continue to operate when one of its main components fail
Properly aligned with business goals and objectives
Negotiating a local version of the organization standards
Normalization
Fault-tolerant computer
12. Ensure that transmitted information can be attributed to the named sender.
Digital signatures
Identify the vulnerable systems and apply compensating controls
Virus
Owner of the information asset
13. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Two-factor authentication
Data warehouse
Detection defenses
Notifications and opt-out provisions
14. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Vulnerability assessment
Methodology used in the assessment
Decentralization
Information contained on the equipment
15. Whenever personal data are transferred across national boundaries; ________________________ are required.
Tailgating
The awareness and agreement of the data subjects
Security baselines
Impractical and is often cost-prohibitive
16. Primarily reduce risk and are most effective for the protection of information assets.
Assess the risks to the business operation
Virus detection
Gain unauthorized access to applications
Key controls
17. A function of the session keys distributed by the PKI.
Audit objectives
Gain unauthorized access to applications
Confidentiality
Nondisclosure agreement (NDA)
18. Information security governance models are highly dependent on the _____________________.
Overall organizational structure
Service level agreements (SLAs)
Retention of business records
Control effectiveness
19. Occurs after the risk assessment process - it does not measure it.
Defining high-level business security requirements
Cross-site scripting attacks
Centralization of information security management
Use of security metrics
20. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Equal error rate (EER)
Normalization
Overall organizational structure
Access control matrix
21. A notice that guarantees a user or a web site is legitimate
Asset classification
Multinational organization
Digital certificate
Residual risk
22. Used to understand the flow of one process into another.
Waterfall chart
Attributes and characteristics of the 'desired state'
Threat assessment
Cryptographic secure sockets layer (SSL) implementations and short key lengths
23. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Residual risk would be reduced by a greater amount
Worm
Background check
All personnel
24. Risk should be reduced to a level that an organization _____________.
Undervoltage (brownout)
Waterfall chart
Defined objectives
Is willing to accept
25. Occurs when the incoming level
Power surge/over voltage (spike)
Decentralization
Breakeven point of risk reduction and cost
Alignment with business strategy
26. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
The board of directors and senior management
Public key infrastructure (PKI)
Transmit e-mail messages
Phishing
27. The best measure for preventing the unauthorized disclosure of confidential information.
Countermeasure cost-benefit analysis
Regular review of access control lists
Acceptable use policies
Requirements of the data owners
28. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Multinational organization
Role-based policy
Proficiency testing
29. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Nondisclosure agreement (NDA)
Its ability to reduce or eliminate business risks
Defined objectives
Creation of a business continuity plan
30. Cannot be minimized
Inherent risk
Gain unauthorized access to applications
Overall organizational structure
Multinational organization
31. Company or person you believe will not send a virus-infect file knowingly
Role-based access control
Methodology used in the assessment
Trusted source
Residual risk would be reduced by a greater amount
32. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Impractical and is often cost-prohibitive
Rule-based access control
Background checks of prospective employees
Defining and ratifying the classification structure of information assets
33. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
People
Support the business objectives of the organization
Single sign-on (SSO) product
Nondisclosure agreement (NDA)
34. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Centralization of information security management
Two-factor authentication
Examples of containment defenses
Asset classification
35. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Security risk
Encryption of the hard disks
MAL wear
Cracker
36. Reducing risk to a level too small to measure is _______________.
Impractical and is often cost-prohibitive
include security responsibilities in a job description
The data owner
Stress testing
37. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Intrusion detection system (IDS)
Multinational organization
Methodology used in the assessment
Data warehouse
38. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
The balanced scorecard
MAL wear
Control effectiveness
Service level agreements (SLAs)
39. Should PRIMARILY be based on regulatory and legal requirements.
Residual risk
Penetration testing
Retention of business records
Aligned with organizational goals
40. Without _____________________ - there cannot be accountability.
Well-defined roles and responsibilities
Encryption key management
Threat assessment
Notifications and opt-out provisions
41. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Threat assessment
Residual risk
Skills inventory
Gap analysis
42. Uses security metrics to measure the performance of the information security program.
Information security manager
Resource dependency assessment
OBusiness case development
Patch management process
43. It is easier to manage and control a _________________.
Cyber extortionist
Security awareness training for all employees
Worm
Centralized structure
44. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Identify the relevant systems and processes
Process of introducing changes to systems
Acceptable use policies
Penetration testing
45. Programs that act without a user's knowledge and deliberately alter a computer's operations
Asset classification
Data classification
Threat assessment
MAL wear
46. Normally addressed through antivirus and antispyware policies.
Malicious software and spyware
Phishing
Annually or whenever there is a significant change
Risk assessment - evaluation and impact analysis
47. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
48. The most important characteristic of good security policies is that they be ____________________.
Do with the information it collects
Tie security risks to key business objectives
Normalization
Aligned with organizational goals
49. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Background checks of prospective employees
Creation of a business continuity plan
Reduce risk to an acceptable level
Alignment with business strategy
50. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Encryption key management
Consensus on risks and controls
Single sign-on (SSO) product
Patch management process
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests
