SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Intrusion detection system (IDS)
Deeper level of analysis
Threat assessment
Control effectiveness
2. The primary role of the information security manager in the process of information classification within the organization.
Protective switch covers
Access control matrix
Defining and ratifying the classification structure of information assets
Creation of a business continuity plan
3. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Requirements of the data owners
Rule-based access control
Access control matrix
Alignment with business strategy
4. A method for analyzing and reducing a relational database to its most streamlined form
Defining high-level business security requirements
Nondisclosure agreement (NDA)
Support the business objectives of the organization
Normalization
5. Someone who uses the internet or network to destroy or damage computers for political reasons
0-day vulnerabilities
Encryption
Cyber terrorist
Risk management and the requirements of the organization
6. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Security awareness training for all employees
All personnel
Role-based policy
Personal firewall
7. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
The data owner
Role-based policy
Negotiating a local version of the organization standards
Conduct a risk assessment
8. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
BIA (Business Impact Assessment
Calculating the value of the information or asset
Control effectiveness
Background check
9. Cannot be minimized
Residual risk would be reduced by a greater amount
Inherent risk
Safeguards over keys
Use of security metrics
10. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Trojan horse
Do with the information it collects
Defining and ratifying the classification structure of information assets
IP address packet filtering
11. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Defined objectives
Access control matrix
Security baselines
Prioritization
12. Normally addressed through antivirus and antispyware policies.
Malicious software and spyware
Stress testing
Assess the risks to the business operation
Data classification
13. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Regular review of access control lists
Developing an information security baseline
Script kiddie
Information contained on the equipment
14. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Breakeven point of risk reduction and cost
Detection defenses
Requirements of the data owners
Applying the proper classification to the data
15. Provides strong online authentication.
Virus
Platform security - intrusion detection and antivirus controls
Public key infrastructure (PKI)
Reduce risk to an acceptable level
16. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Risk management and the requirements of the organization
Control effectiveness
0-day vulnerabilities
The authentication process is broken
17. Utility program that detects and protects a personal computer from unauthorized intrusions
Assess the risks to the business operation
The awareness and agreement of the data subjects
Identify the relevant systems and processes
Personal firewall
18. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Annually or whenever there is a significant change
Cyber extortionist
All personnel
Risk assessment - evaluation and impact analysis
19. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Residual risk
Digital signatures
Get senior management onboard
Continuous analysis - monitoring and feedback
20. When the ________________ is more than the cost of the risk - the risk should be accepted.
Cost of control
A network vulnerability assessment
Biometric access control systems
Spoofing attacks
21. Focuses on identifying vulnerabilities.
Identify the vulnerable systems and apply compensating controls
Undervoltage (brownout)
Penetration testing
Access control matrix
22. Should be determined from the risk assessment results.
Security risk
Compliance with the organization's information security requirements
Data mart
Audit objectives
23. provides the most effective protection of data on mobile devices.
Encryption
Baseline standard and then develop additional standards
OBusiness case development
Annual loss expectancy (ALE)calculations
24. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Encryption
Acceptable use policies
Intrusion detection system (IDS)
Identify the relevant systems and processes
25. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Performing a risk assessment
The balanced scorecard
Attributes and characteristics of the 'desired state'
Identify the vulnerable systems and apply compensating controls
26. Same intent as a cracker but does not have the technical skills and knowledge
Intrusion detection system (IDS)
Centralization of information security management
Retention of business records
Script kiddie
27. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Single sign-on (SSO) product
Developing an information security baseline
Overall organizational structure
Alignment with business strategy
28. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
29. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Annual loss expectancy (ALE)calculations
Security baselines
Skills inventory
Intrusion detection system (IDS)
30. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
The awareness and agreement of the data subjects
Defining high-level business security requirements
Exceptions to policy
Certificate authority (CA)
31. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Detection defenses
0-day vulnerabilities
Service level agreements (SLAs)
Biometric access control systems
32. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Negotiating a local version of the organization standards
Rule-based access control
Cyber extortionist
Residual risk would be reduced by a greater amount
33. Accesses a computer or network illegally
Waterfall chart
Applying the proper classification to the data
Continuous monitoring control initiatives
Cracker
34. Culture has a significant impact on how information security will be implemented in a ______________________.
0-day vulnerabilities
Background checks of prospective employees
The data custodian
Multinational organization
35. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Well-defined roles and responsibilities
Consensus on risks and controls
Hacker
Lack of change management
36. Information security governance models are highly dependent on the _____________________.
Impractical and is often cost-prohibitive
Continuous monitoring control initiatives
Overall organizational structure
Defining high-level business security requirements
37. The MOST important element of an information security strategy.
Information contained on the equipment
Logon banners
Protective switch covers
Defined objectives
38. The job of the information security officer on a management team is to ___________________.
Identify the vulnerable systems and apply compensating controls
Encryption key management
Risk appetite
Assess the risks to the business operation
39. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Performing a risk assessment
Security risk
Gain unauthorized access to applications
Trojan horse
40. BEST option to improve accountability for a system administrator is to _____________________.
Cost of control
include security responsibilities in a job description
Service level agreements (SLAs)
Cryptographic secure sockets layer (SSL) implementations and short key lengths
41. Uses security metrics to measure the performance of the information security program.
MAL wear
Information security manager
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Encryption key management
42. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
IP address packet filtering
Internal risk assessment
SWOT analysis
Cryptographic secure sockets layer (SSL) implementations and short key lengths
43. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Security risk
Well-defined roles and responsibilities
Security baselines
Transferred risk
44. Can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements.
Monitoring processes
Regulatory compliance
SWOT analysis
Control effectiveness
45. Has full responsibility over data.
The data owner
Detection defenses
Comparison of cost of achievement
Its ability to reduce or eliminate business risks
46. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but
include security responsibilities in a job description
OBusiness case development
Consensus on risks and controls
Key risk indicator (KRI) setup
47. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Regulatory compliance
Alignment with business strategy
Virus
Compliance with the organization's information security requirements
48. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Gap analysis
Retention of business records
Methodology used in the assessment
Protective switch covers
49. The most important characteristic of good security policies is that they be ____________________.
Properly aligned with business goals and objectives
Cyber extortionist
Aligned with organizational goals
Virus
50. Provide metrics to which outsourcing firms can be held accountable.
Gain unauthorized access to applications
Service level agreements (SLAs)
Its ability to reduce or eliminate business risks
Risk assessment - evaluation and impact analysis
