Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but






2. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.






3. Focuses on identifying vulnerabilities.






4. Should be performed to identify the risk and determine needed controls.






5. Normally addressed through antivirus and antispyware policies.






6. A method for analyzing and reducing a relational database to its most streamlined form






7. BEST option to improve accountability for a system administrator is to _____________________.






8. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.






9. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.






10. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.






11. Primarily reduce risk and are most effective for the protection of information assets.






12. Should PRIMARILY be based on regulatory and legal requirements.






13. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.






14. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process






15. Computer that has duplicate components so it can continue to operate when one of its main components fail






16. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.






17. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.






18. ecurity design flaws require a ____________________.






19. Would protect against spoofing an internal address but would not provide strong authentication.






20. A key indicator of performance measurement.






21. It is more efficient to establish a ___________________for locations that must meet specific requirements.






22. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.






23. The BEST justification to convince management to invest in an information security program is that doing so would _________________.






24. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.






25. It is easier to manage and control a _________________.






26. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.






27. Cannot be minimized






28. Someone who uses the internet or network to destroy or damage computers for political reasons






29. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.






30. Applications cannot access data associated with other apps






31. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.






32. Useful but only with regard to specific technical skills.






33. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.






34. Has to be integrated into the requirements of every software application's design.






35. The information security manager needs to prioritize the controls based on ________________________.






36. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.






37. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.






38. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.






39. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -






40. Provides process needs but not impact.






41. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.






42. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance






43. Someone who accesses a computer or network illegally






44. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.






45. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.






46. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


47. Should be determined from the risk assessment results.






48. The MOST important element of an information security strategy.






49. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm






50. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are