SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Fault-tolerant computer
Do with the information it collects
Data owners
Security risk
2. Without _____________________ - there cannot be accountability.
Rule-based access control
Personal firewall
Well-defined roles and responsibilities
Safeguards over keys
3. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Notifications and opt-out provisions
Performing a risk assessment
Key controls
Strategic alignment of security with business objectives
4. Awareness - training and physical security defenses.
Reduce risk to an acceptable level
Examples of containment defenses
Virus detection
Control effectiveness
5. Ensures that there are no scalability problems.
Penetration testing
Calculating the value of the information or asset
Stress testing
Continuous analysis - monitoring and feedback
6. Carries out the technical administration.
Resource dependency assessment
Support the business objectives of the organization
Strategic alignment of security with business objectives
The database administrator
7. Provide metrics to which outsourcing firms can be held accountable.
Digital certificate
Equal error rate (EER)
Background check
Service level agreements (SLAs)
8. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Calculating the value of the information or asset
Nondisclosure agreement (NDA)
The information security officer
Hacker
9. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
All personnel
Transmit e-mail messages
Patch management process
Impractical and is often cost-prohibitive
10. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Support the business objectives of the organization
BIA (Business Impact Assessment
Malicious software and spyware
Inherent risk
11. Would protect against spoofing an internal address but would not provide strong authentication.
Defining and ratifying the classification structure of information assets
IP address packet filtering
Properly aligned with business goals and objectives
Cyber terrorist
12. A Successful risk management should lead to a ________________.
Information contained on the equipment
Breakeven point of risk reduction and cost
Background checks of prospective employees
Logon banners
13. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Creation of a business continuity plan
Identify the vulnerable systems and apply compensating controls
Risk appetite
The authentication process is broken
14. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Do with the information it collects
Resource dependency assessment
Owner of the information asset
Countermeasure cost-benefit analysis
15. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Stress testing
Owner of the information asset
Impractical and is often cost-prohibitive
Undervoltage (brownout)
16. Occurs when the incoming level
Power surge/over voltage (spike)
Biometric access control systems
Spoofing attacks
Reduce risk to an acceptable level
17. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Defining high-level business security requirements
Threat assessment
The authentication process is broken
The data owner
18. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Get senior management onboard
Its ability to reduce or eliminate business risks
Identify the relevant systems and processes
Deeper level of analysis
19. Primarily reduce risk and are most effective for the protection of information assets.
Support the business objectives of the organization
Key controls
Properly aligned with business goals and objectives
Biometric access control systems
20. The job of the information security officer on a management team is to ___________________.
Assess the risks to the business operation
Key risk indicator (KRI) setup
Residual risk
Risk assessment - evaluation and impact analysis
21. Provides process needs but not impact.
Knowledge management
Breakeven point of risk reduction and cost
Resource dependency assessment
Patch management
22. BEST option to improve accountability for a system administrator is to _____________________.
Tie security risks to key business objectives
Annually or whenever there is a significant change
The database administrator
include security responsibilities in a job description
23. The information security manager needs to prioritize the controls based on ________________________.
Data mart
Defining and ratifying the classification structure of information assets
Risk management and the requirements of the organization
Data warehouse
24. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
Encryption of the hard disks
Do with the information it collects
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Lack of change management
25. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Intrusion detection system (IDS)
Security code reviews for the entire software application
Comparison of cost of achievement
Gain unauthorized access to applications
26. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
Digital certificate
OBusiness case development
Encryption
Audit objectives
27. When defining the information classification policy - the ___________________ need to be identified.
Increase business value and confidence
Normalization
Requirements of the data owners
A network vulnerability assessment
28. Uses security metrics to measure the performance of the information security program.
Risk appetite
Skills inventory
Examples of containment defenses
Information security manager
29. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Attributes and characteristics of the 'desired state'
Control effectiveness
Equal error rate (EER)
Return on security investment (ROSI)
30. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Lack of change management
Access control matrix
Comparison of cost of achievement
Single sign-on (SSO) product
31. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Skills inventory
Centralization of information security management
What happened and how the breach was resolved
Regular review of access control lists
32. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Control risk
Risk appetite
Cracker
Tailgating
33. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
All personnel
Fault-tolerant computer
Background checks of prospective employees
Process of introducing changes to systems
34. Programs that act without a user's knowledge and deliberately alter a computer's operations
Fault-tolerant computer
Monitoring processes
Cracker
MAL wear
35. Useful but only with regard to specific technical skills.
Proficiency testing
Compliance with the organization's information security requirements
Well-defined roles and responsibilities
Residual risk would be reduced by a greater amount
36. S small warehouse - designed for the end-user needs in a strategic business unit
Conduct a risk assessment
Get senior management onboard
Data isolation
Data mart
37. A key indicator of performance measurement.
Cyber extortionist
What happened and how the breach was resolved
Strategic alignment of security with business objectives
The authentication process is broken
38. The MOST important element of an information security strategy.
Personal firewall
Digital signatures
Defined objectives
Security code reviews for the entire software application
39. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.
Stress testing
Prioritization
Regulatory compliance
Key controls
40. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Key controls
The balanced scorecard
Gain unauthorized access to applications
Rule-based access control
41. Only valid if assets have first been identified and appropriately valued.
The data owner
Do with the information it collects
Annual loss expectancy (ALE)calculations
Retention of business records
42. provides the most effective protection of data on mobile devices.
Encryption
Knowledge management
Single sign-on (SSO) product
Security baselines
43. New security ulnerabilities should be managed through a ________________.
Patch management process
Information security manager
Continuous monitoring control initiatives
Encryption
44. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Trusted source
Use of security metrics
Classification of assets needs
The board of directors and senior management
45. Provides strong online authentication.
Notifications and opt-out provisions
Security awareness training for all employees
Public key infrastructure (PKI)
Cyber terrorist
46. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Its ability to reduce or eliminate business risks
Residual risk would be reduced by a greater amount
Virus detection
Phishing
47. Utility program that detects and protects a personal computer from unauthorized intrusions
Defined objectives
Personal firewall
Well-defined roles and responsibilities
Platform security - intrusion detection and antivirus controls
48. Used to understand the flow of one process into another.
Waterfall chart
Cracker
Detection defenses
Monitoring processes
49. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
50. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Service level agreements (SLAs)
Properly aligned with business goals and objectives
Data classification
Role-based policy