SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Program that hides within or looks like a legit program
The authentication process is broken
Trojan horse
Countermeasure cost-benefit analysis
Information security manager
2. Without _____________________ - there cannot be accountability.
Alignment with business strategy
A network vulnerability assessment
Well-defined roles and responsibilities
Acceptable use policies
3. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Owner of the information asset
Notifications and opt-out provisions
Lack of change management
Role-based access control
4. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information
Notifications and opt-out provisions
Phishing
Patch management process
Compliance with the organization's information security requirements
5. Responsible for securing the information.
The data custodian
Creation of a business continuity plan
Total cost of ownership (TCO)
MAL wear
6. The information security manager needs to prioritize the controls based on ________________________.
Risk management and the requirements of the organization
Alignment with business strategy
Residual risk
Audit objectives
7. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
8. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Breakeven point of risk reduction and cost
Malicious software and spyware
Security risk
The data owner
9. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Prioritization
Process of introducing changes to systems
Centralized structure
Protective switch covers
10. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Reduce risk to an acceptable level
Tailgating
The data owner
Developing an information security baseline
11. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Assess the risks to the business operation
Defining high-level business security requirements
Role-based policy
Cross-site scripting attacks
12. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Residual risk would be reduced by a greater amount
Logon banners
Information contained on the equipment
BIA (Business Impact Assessment
13. When defining the information classification policy - the ___________________ need to be identified.
A network vulnerability assessment
Data isolation
Encryption of the hard disks
Requirements of the data owners
14. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Centralized structure
Performing a risk assessment
Regular review of access control lists
Penetration testing
15. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Transmit e-mail messages
Negotiating a local version of the organization standards
Do with the information it collects
Inherent risk
16. S small warehouse - designed for the end-user needs in a strategic business unit
Data mart
The information security officer
Tie security risks to key business objectives
Data classification
17. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
The information security officer
Creation of a business continuity plan
Control effectiveness
A network vulnerability assessment
18. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
The authentication process is broken
Strategic alignment of security with business objectives
Tie security risks to key business objectives
Transmit e-mail messages
19. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
BIA (Business Impact Assessment
Is willing to accept
Increase business value and confidence
Security code reviews for the entire software application
20. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Nondisclosure agreement (NDA)
Safeguards over keys
Tailgating
Data classification
21. Applications cannot access data associated with other apps
Continuous analysis - monitoring and feedback
Encryption of the hard disks
Data isolation
Centralization of information security management
22. An information security manager has to impress upon the human resources department the need for _____________________.
Single sign-on (SSO) product
Two-factor authentication
Security awareness training for all employees
Breakeven point of risk reduction and cost
23. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Normalization
Creation of a business continuity plan
Virus detection
BIA (Business Impact Assessment
24. Awareness - training and physical security defenses.
Patch management process
Examples of containment defenses
Annual loss expectancy (ALE)calculations
Data isolation
25. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Vulnerability assessment
Is willing to accept
Control risk
Access control matrix
26. Useful but only with regard to specific technical skills.
Single sign-on (SSO) product
Residual risk would be reduced by a greater amount
The data custodian
Proficiency testing
27. A method for analyzing and reducing a relational database to its most streamlined form
Malicious software and spyware
Do with the information it collects
Normalization
Total cost of ownership (TCO)
28. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Malicious software and spyware
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Deeper level of analysis
Hacker
29. Focuses on identifying vulnerabilities.
Data mart
Penetration testing
Worm
Requirements of the data owners
30. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Script kiddie
Alignment with business strategy
Platform security - intrusion detection and antivirus controls
Comparison of cost of achievement
31. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Strategic alignment of security with business objectives
Hacker
Transmit e-mail messages
Centralization of information security management
32. The MOST important element of an information security strategy.
Normalization
Residual risk
People
Defined objectives
33. Cannot be minimized
Inherent risk
Knowledge management
Notifications and opt-out provisions
Requirements of the data owners
34. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Calculating the value of the information or asset
Background check
Asset classification
Role-based policy
35. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
MAL wear
Identify the vulnerable systems and apply compensating controls
Control effectiveness
Notifications and opt-out provisions
36. A Successful risk management should lead to a ________________.
Breakeven point of risk reduction and cost
Protective switch covers
Owner of the information asset
Access control matrix
37. Same intent as a cracker but does not have the technical skills and knowledge
Key risk indicator (KRI) setup
Data isolation
Role-based access control
Script kiddie
38. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Compliance with the organization's information security requirements
Cost of control
Comparison of cost of achievement
Owner of the information asset
39. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Performing a risk assessment
SWOT analysis
Encryption
Reduce risk to an acceptable level
40. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Methodology used in the assessment
Do with the information it collects
Patch management
Background checks of prospective employees
41. Should be performed to identify the risk and determine needed controls.
Examples of containment defenses
Encryption key management
Internal risk assessment
Owner of the information asset
42. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Consensus on risks and controls
Classification of assets needs
What happened and how the breach was resolved
Calculating the value of the information or asset
43. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Inherent risk
Prioritization
Safeguards over keys
Total cost of ownership (TCO)
44. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Continuous analysis - monitoring and feedback
Acceptable use policies
What happened and how the breach was resolved
45. By definition are not previously known and therefore are undetectable.
0-day vulnerabilities
Digital signatures
Attributes and characteristics of the 'desired state'
Control effectiveness
46. Normally addressed through antivirus and antispyware policies.
Inherent risk
Malicious software and spyware
Deeper level of analysis
Rule-based access control
47. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Multinational organization
Gap analysis
Decentralization
Rule-based access control
48. Ensure that transmitted information can be attributed to the named sender.
Spoofing attacks
Gain unauthorized access to applications
Continuous analysis - monitoring and feedback
Digital signatures
49. Accesses a computer or network illegally
Trusted source
Baseline standard and then develop additional standards
Total cost of ownership (TCO)
Cracker
50. Reducing risk to a level too small to measure is _______________.
IP address packet filtering
Defining and ratifying the classification structure of information assets
Data isolation
Impractical and is often cost-prohibitive