SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
People
Return on security investment (ROSI)
Power surge/over voltage (spike)
Encryption
2. Oversees the overall classification management of the information.
0-day vulnerabilities
A network vulnerability assessment
The information security officer
Control effectiveness
3. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Properly aligned with business goals and objectives
Continuous analysis - monitoring and feedback
Annually or whenever there is a significant change
Conduct a risk assessment
4. Most effective for evaluating the degree to which information security objectives are being met.
The balanced scorecard
Developing an information security baseline
Aligned with organizational goals
Its ability to reduce or eliminate business risks
5. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Information security manager
Monitoring processes
Gain unauthorized access to applications
Regular review of access control lists
6. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Data classification
Impractical and is often cost-prohibitive
Cracker
Calculating the value of the information or asset
7. Focuses on identifying vulnerabilities.
Role-based access control
Control risk
Penetration testing
Overall organizational structure
8. When the ________________ is more than the cost of the risk - the risk should be accepted.
Internal risk assessment
Annual loss expectancy (ALE)calculations
Cost of control
Role-based policy
9. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Calculating the value of the information or asset
Proficiency testing
Do with the information it collects
Risk assessment - evaluation and impact analysis
10. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Equal error rate (EER)
Continuous analysis - monitoring and feedback
Tailgating
Process of introducing changes to systems
11. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.
Classification of assets needs
Security baselines
Conduct a risk assessment
Data warehouse
12. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Proficiency testing
Background checks of prospective employees
The information security officer
Transferred risk
13. Culture has a significant impact on how information security will be implemented in a ______________________.
Risk management and the requirements of the organization
Multinational organization
Security awareness training for all employees
Stress testing
14. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Certificate authority (CA)
Applying the proper classification to the data
Centralization of information security management
Audit objectives
15. The MOST important element of an information security strategy.
Tie security risks to key business objectives
The awareness and agreement of the data subjects
Defined objectives
Script kiddie
16. The most important characteristic of good security policies is that they be ____________________.
Cyber extortionist
Consensus on risks and controls
Aligned with organizational goals
Malicious software and spyware
17. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Role-based policy
Security awareness training for all employees
Logon banners
Alignment with business strategy
18. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Transferred risk
Role-based policy
Process of introducing changes to systems
Reduce risk to an acceptable level
19. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Certificate authority (CA)
Requirements of the data owners
Fault-tolerant computer
Role-based access control
20. Provides process needs but not impact.
Do with the information it collects
Resource dependency assessment
The awareness and agreement of the data subjects
Penetration testing
21. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Decentralization
Risk appetite
Prioritization
Script kiddie
22. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
The awareness and agreement of the data subjects
Methodology used in the assessment
Safeguards over keys
Public key infrastructure (PKI)
23. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Consensus on risks and controls
Data mart
Alignment with business strategy
Security code reviews for the entire software application
24. By definition are not previously known and therefore are undetectable.
Detection defenses
Retention of business records
0-day vulnerabilities
Defined objectives
25. Without _____________________ - there cannot be accountability.
The information security officer
Well-defined roles and responsibilities
Multinational organization
Data classification
26. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Identify the vulnerable systems and apply compensating controls
Get senior management onboard
Public key infrastructure (PKI)
Gain unauthorized access to applications
27. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Baseline standard and then develop additional standards
Confidentiality
Encryption
Virus
28. To identify known vulnerabilities based on common misconfigurations and missing updates.
Support the business objectives of the organization
Is willing to accept
The data owner
A network vulnerability assessment
29. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
The board of directors and senior management
Cryptographic secure sockets layer (SSL) implementations and short key lengths
BIA (Business Impact Assessment
Access control matrix
30. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
Proficiency testing
OBusiness case development
Certificate authority (CA)
Get senior management onboard
31. Has to be integrated into the requirements of every software application's design.
Encryption key management
Vulnerability assessment
Acceptable use policies
Examples of containment defenses
32. Should be performed to identify the risk and determine needed controls.
Overall organizational structure
Internal risk assessment
Lack of change management
Information security manager
33. Company or person you believe will not send a virus-infect file knowingly
Trusted source
Conduct a risk assessment
Lack of change management
Do with the information it collects
34. A repository of historical data organized by subject to support decision makers in the org
Calculating the value of the information or asset
Power surge/over voltage (spike)
Gain unauthorized access to applications
Data warehouse
35. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Transmit e-mail messages
Data warehouse
Safeguards over keys
Performing a risk assessment
36. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Transmit e-mail messages
Identify the vulnerable systems and apply compensating controls
Power surge/over voltage (spike)
Cyber extortionist
37. Provides strong online authentication.
Public key infrastructure (PKI)
Get senior management onboard
Exceptions to policy
Worm
38. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Trusted source
Personal firewall
BIA (Business Impact Assessment
Virus detection
39. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
40. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Data owners
Rule-based access control
Examples of containment defenses
Notifications and opt-out provisions
41. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Residual risk
Attributes and characteristics of the 'desired state'
Control effectiveness
Vulnerability assessment
42. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
The authentication process is broken
Developing an information security baseline
Normalization
Cyber terrorist
43. A risk assessment should be conducted _________________.
Centralized structure
Strategic alignment of security with business objectives
Undervoltage (brownout)
Annually or whenever there is a significant change
44. Needs to define the access rules - which is troublesome and error prone in large organizations.
Lack of change management
Digital certificate
Rule-based access control
Deeper level of analysis
45. Responsible for securing the information.
Patch management
Digital signatures
The data custodian
Encryption key management
46. Same intent as a cracker but does not have the technical skills and knowledge
Do with the information it collects
Script kiddie
Is willing to accept
Trusted source
47. Normally addressed through antivirus and antispyware policies.
Intrusion detection system (IDS)
Cost of control
Key controls
Malicious software and spyware
48. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
Assess the risks to the business operation
Encryption of the hard disks
Transferred risk
Notifications and opt-out provisions
49. Someone who uses the internet or network to destroy or damage computers for political reasons
Certificate authority (CA)
Continuous analysis - monitoring and feedback
Cyber terrorist
Vulnerability assessment
50. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Data isolation
Knowledge management
Phishing
Single sign-on (SSO) product
