SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The PRIMARY goal in developing an information security strategy is to: _________________________.
Compliance with the organization's information security requirements
Defining high-level business security requirements
Two-factor authentication
Support the business objectives of the organization
2. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Stress testing
Internal risk assessment
Regular review of access control lists
Continuous analysis - monitoring and feedback
3. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Vulnerability assessment
Digital certificate
Gap analysis
Is willing to accept
4. An information security manager has to impress upon the human resources department the need for _____________________.
Risk management and the requirements of the organization
Data classification
Security awareness training for all employees
Risk assessment - evaluation and impact analysis
5. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Virus
The information security officer
Risk assessment - evaluation and impact analysis
Background check
6. A Successful risk management should lead to a ________________.
Assess the risks to the business operation
Identify the relevant systems and processes
Use of security metrics
Breakeven point of risk reduction and cost
7. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Countermeasure cost-benefit analysis
Transmit e-mail messages
Data classification
Do with the information it collects
8. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Worm
Spoofing attacks
Breakeven point of risk reduction and cost
Continuous analysis - monitoring and feedback
9. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
Biometric access control systems
Increase business value and confidence
Get senior management onboard
Continuous monitoring control initiatives
10. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Alignment with business strategy
Applying the proper classification to the data
Single sign-on (SSO) product
Information security manager
11. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Do with the information it collects
Defining and ratifying the classification structure of information assets
Regulatory compliance
Script kiddie
12. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Consensus on risks and controls
Defining high-level business security requirements
Transmit e-mail messages
Knowledge management
13. The data owner is responsible for _______________________.
include security responsibilities in a job description
Background check
All personnel
Applying the proper classification to the data
14. Provide metrics to which outsourcing firms can be held accountable.
Service level agreements (SLAs)
Transferred risk
Certificate authority (CA)
Information security manager
15. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Phishing
Worm
What happened and how the breach was resolved
Do with the information it collects
16. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
SWOT analysis
Patch management process
All personnel
Alignment with business strategy
17. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
OBusiness case development
Role-based access control
Risk appetite
Two-factor authentication
18. Risk should be reduced to a level that an organization _____________.
Continuous monitoring control initiatives
Malicious software and spyware
Classification of assets needs
Is willing to accept
19. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Security awareness training for all employees
Information contained on the equipment
Exceptions to policy
Owner of the information asset
20. A key indicator of performance measurement.
Intrusion detection system (IDS)
Strategic alignment of security with business objectives
Public key infrastructure (PKI)
Trojan horse
21. S small warehouse - designed for the end-user needs in a strategic business unit
Encryption key management
Tie security risks to key business objectives
Cross-site scripting attacks
Data mart
22. The most important characteristic of good security policies is that they be ____________________.
Return on security investment (ROSI)
Cracker
Aligned with organizational goals
Compliance with the organization's information security requirements
23. A function of the session keys distributed by the PKI.
Data owners
Encryption key management
Support the business objectives of the organization
Confidentiality
24. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.
Baseline standard and then develop additional standards
Role-based access control
The awareness and agreement of the data subjects
Decentralization
25. Applications cannot access data associated with other apps
IP address packet filtering
Information security manager
Data isolation
Creation of a business continuity plan
26. Identification and _______________ of business risk enables project managers to address areas with most significance.
Comparison of cost of achievement
Prioritization
Residual risk would be reduced by a greater amount
Annually or whenever there is a significant change
27. Occurs after the risk assessment process - it does not measure it.
Use of security metrics
Risk management and the requirements of the organization
Data warehouse
Tailgating
28. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Script kiddie
Control effectiveness
Well-defined roles and responsibilities
Centralized structure
29. Primarily reduce risk and are most effective for the protection of information assets.
Applying the proper classification to the data
Key controls
Examples of containment defenses
Overall organizational structure
30. Computer that has duplicate components so it can continue to operate when one of its main components fail
Key risk indicator (KRI) setup
Monitoring processes
Fault-tolerant computer
Trojan horse
31. ecurity design flaws require a ____________________.
Key controls
Deeper level of analysis
Biometric access control systems
The data custodian
32. Occurs when the electrical supply drops
Alignment with business strategy
Undervoltage (brownout)
OBusiness case development
Cyber terrorist
33. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Security risk
Use of security metrics
Knowledge management
Inherent risk
34. It is more efficient to establish a ___________________for locations that must meet specific requirements.
What happened and how the breach was resolved
Baseline standard and then develop additional standards
Trojan horse
Transferred risk
35. Should be a standard requirement for the service provider.
Cracker
Script kiddie
Encryption of the hard disks
Background check
36. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
0-day vulnerabilities
IP address packet filtering
Attributes and characteristics of the 'desired state'
People
37. BEST option to improve accountability for a system administrator is to _____________________.
Residual risk
Get senior management onboard
Background check
include security responsibilities in a job description
38. Involves the correction of software weaknesses and would necessarily follow change management procedures.
Patch management
Return on security investment (ROSI)
Internal risk assessment
Inherent risk
39. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Transferred risk
Attributes and characteristics of the 'desired state'
Regular review of access control lists
Defining and ratifying the classification structure of information assets
40. Would protect against spoofing an internal address but would not provide strong authentication.
Creation of a business continuity plan
Regular review of access control lists
IP address packet filtering
Continuous analysis - monitoring and feedback
41. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
SWOT analysis
Countermeasure cost-benefit analysis
Security code reviews for the entire software application
Inherent risk
42. Focuses on identifying vulnerabilities.
SWOT analysis
Well-defined roles and responsibilities
Penetration testing
Alignment with business strategy
43. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Assess the risks to the business operation
Equal error rate (EER)
Biometric access control systems
Threat assessment
44. Should be determined from the risk assessment results.
Get senior management onboard
Rule-based access control
Audit objectives
The database administrator
45. Without _____________________ - there cannot be accountability.
Role-based access control
Comparison of cost of achievement
Well-defined roles and responsibilities
Trojan horse
46. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Worm
Continuous monitoring control initiatives
Decentralization
Equal error rate (EER)
47. When defining the information classification policy - the ___________________ need to be identified.
Requirements of the data owners
OBusiness case development
Assess the risks to the business operation
Risk management and the requirements of the organization
48. When reporting an incident to senior management - the initial information to be communicated should include an explanation of _____________________ A summary of security logs would be too technical to report to senior management. An analysis of the i
Examples of containment defenses
Data classification
Regular review of access control lists
What happened and how the breach was resolved
49. Has full responsibility over data.
Background checks of prospective employees
Classification of assets needs
Fault-tolerant computer
The data owner
50. Someone who uses the internet or network to destroy or damage computers for political reasons
Compliance with the organization's information security requirements
Cyber terrorist
Calculating the value of the information or asset
Role-based access control
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests