SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The primary role of the information security manager in the process of information classification within the organization.
Defining and ratifying the classification structure of information assets
Deeper level of analysis
Two-factor authentication
Notifications and opt-out provisions
2. Uses security metrics to measure the performance of the information security program.
Hacker
Applying the proper classification to the data
Information security manager
Knowledge management
3. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Key controls
Normalization
Residual risk would be reduced by a greater amount
Defining high-level business security requirements
4. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Classification of assets needs
People
Information security manager
Security code reviews for the entire software application
5. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Examples of containment defenses
Methodology used in the assessment
People
Data classification
6. Carries out the technical administration.
Malicious software and spyware
Waterfall chart
Gap analysis
The database administrator
7. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.
Biometric access control systems
Power surge/over voltage (spike)
Aligned with organizational goals
Its ability to reduce or eliminate business risks
8. Risk should be reduced to a level that an organization _____________.
Is willing to accept
Role-based policy
Tailgating
Requirements of the data owners
9. The most important characteristic of good security policies is that they be ____________________.
Aligned with organizational goals
Classification of assets needs
Safeguards over keys
The information security officer
10. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Identify the vulnerable systems and apply compensating controls
Phishing
SWOT analysis
Service level agreements (SLAs)
11. The information security manager needs to prioritize the controls based on ________________________.
Risk management and the requirements of the organization
Biometric access control systems
Knowledge management
Access control matrix
12. Provide metrics to which outsourcing firms can be held accountable.
Multinational organization
Decentralization
Cyber terrorist
Service level agreements (SLAs)
13. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Calculating the value of the information or asset
Gain unauthorized access to applications
Vulnerability assessment
Defining and ratifying the classification structure of information assets
14. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
The balanced scorecard
Certificate authority (CA)
Owner of the information asset
Platform security - intrusion detection and antivirus controls
15. When the ________________ is more than the cost of the risk - the risk should be accepted.
Breakeven point of risk reduction and cost
The data owner
Cost of control
Data mart
16. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Data classification
Skills inventory
What happened and how the breach was resolved
Identify the relevant systems and processes
17. Ensure that transmitted information can be attributed to the named sender.
Developing an information security baseline
People
Digital signatures
Performing a risk assessment
18. Awareness - training and physical security defenses.
Identify the vulnerable systems and apply compensating controls
Nondisclosure agreement (NDA)
Do with the information it collects
Examples of containment defenses
19. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Logon banners
Virus detection
Conduct a risk assessment
0-day vulnerabilities
20. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
Risk appetite
All personnel
Residual risk
Creation of a business continuity plan
21. Primarily reduce risk and are most effective for the protection of information assets.
Undervoltage (brownout)
Security risk
Script kiddie
Key controls
22. A key indicator of performance measurement.
Its ability to reduce or eliminate business risks
Strategic alignment of security with business objectives
Residual risk
Trusted source
23. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Two-factor authentication
Tie security risks to key business objectives
Prioritization
Public key infrastructure (PKI)
24. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
Well-defined roles and responsibilities
Gain unauthorized access to applications
Control risk
All personnel
25. Company or person you believe will not send a virus-infect file knowingly
Trusted source
Control risk
Data owners
Data warehouse
26. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Do with the information it collects
Cyber extortionist
Regulatory compliance
Security code reviews for the entire software application
27. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Countermeasure cost-benefit analysis
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Service level agreements (SLAs)
The board of directors and senior management
28. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Certificate authority (CA)
Digital certificate
Notifications and opt-out provisions
Nondisclosure agreement (NDA)
29. Normally addressed through antivirus and antispyware policies.
Malicious software and spyware
Data isolation
Prioritization
Logon banners
30. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
The data owner
Process of introducing changes to systems
Access control matrix
Security code reviews for the entire software application
31. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Lack of change management
Centralization of information security management
Background checks of prospective employees
Data owners
32. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
Stress testing
Encryption of the hard disks
Centralization of information security management
Assess the risks to the business operation
33. Occurs when the electrical supply drops
Risk management and the requirements of the organization
Undervoltage (brownout)
Regular review of access control lists
Examples of containment defenses
34. Culture has a significant impact on how information security will be implemented in a ______________________.
Exceptions to policy
Multinational organization
Transmit e-mail messages
Classification of assets needs
35. Occurs after the risk assessment process - it does not measure it.
BIA (Business Impact Assessment
Use of security metrics
0-day vulnerabilities
Equal error rate (EER)
36. When defining the information classification policy - the ___________________ need to be identified.
Impractical and is often cost-prohibitive
Identify the relevant systems and processes
The awareness and agreement of the data subjects
Requirements of the data owners
37. Has full responsibility over data.
Notifications and opt-out provisions
The data owner
Get senior management onboard
Data isolation
38. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Equal error rate (EER)
Protective switch covers
Owner of the information asset
OBusiness case development
39. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
People
The data owner
Access control matrix
Security baselines
40. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.
Prioritization
Access control matrix
Gain unauthorized access to applications
People
41. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
0-day vulnerabilities
Skills inventory
Information contained on the equipment
Classification of assets needs
42. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Transmit e-mail messages
Properly aligned with business goals and objectives
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Data mart
43. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Biometric access control systems
Skills inventory
The awareness and agreement of the data subjects
Virus detection
44. Should PRIMARILY be based on regulatory and legal requirements.
People
SWOT analysis
Retention of business records
OBusiness case development
45. Useful but only with regard to specific technical skills.
Multinational organization
Cost of control
Virus detection
Proficiency testing
46. Someone who accesses a computer or network illegally
Hacker
Intrusion detection system (IDS)
Regulatory compliance
Encryption
47. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Security code reviews for the entire software application
Continuous analysis - monitoring and feedback
Risk assessment - evaluation and impact analysis
Gain unauthorized access to applications
48. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Data isolation
Reduce risk to an acceptable level
Its ability to reduce or eliminate business risks
Continuous monitoring control initiatives
49. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Safeguards over keys
Control effectiveness
Asset classification
Data owners
50. While useful for identifying the difference between the current state and the desired future state - e.g. organization has to comply with recently published industry regulatory requirements compliance that potentially has high implementation costs -
Identify the vulnerable systems and apply compensating controls
Virus
Digital certificate
Gap analysis
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests