Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Normally addressed through antivirus and antispyware policies.






2. A process that helps organizations manipulate important knowledge that is part of the orgs. memory






3. Used to understand the flow of one process into another.






4. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.






5. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.






6. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.






7. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.






8. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.






9. The data owner is responsible for _______________________.






10. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.






11. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.






12. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.






13. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.






14. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are






15. A method for analyzing and reducing a relational database to its most streamlined form






16. Cannot be minimized






17. Someone who uses the internet or network to destroy or damage computers for political reasons






18. BEST option to improve accountability for a system administrator is to _____________________.






19. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability






20. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.






21. The MOST useful way to describe the objectives in the information security strategy is through ______________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


22. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.






23. By definition are not previously known and therefore are undetectable.






24. Should PRIMARILY be based on regulatory and legal requirements.






25. The most important characteristic of good security policies is that they be ____________________.






26. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.






27. Should be performed to identify the risk and determine needed controls.






28. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.






29. The primary role of the information security manager in the process of information classification within the organization.






30. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.






31. Identification and _______________ of business risk enables project managers to address areas with most significance.






32. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.






33. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.






34. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information






35. Occurs after the risk assessment process - it does not measure it.






36. It is more efficient to establish a ___________________for locations that must meet specific requirements.






37. Programs that act without a user's knowledge and deliberately alter a computer's operations






38. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.






39. Information security governance models are highly dependent on the _____________________.






40. Risk should be reduced to a level that an organization _____________.






41. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .






42. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.






43. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.






44. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i






45. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.






46. Company or person you believe will not send a virus-infect file knowingly






47. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.






48. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works






49. Useful but only with regard to specific technical skills.






50. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.