SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Attributes and characteristics of the 'desired state'
Knowledge management
Worm
Defining and ratifying the classification structure of information assets
2. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Digital signatures
Tailgating
Information security manager
Virus detection
3. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Annual loss expectancy (ALE)calculations
Do with the information it collects
Classification of assets needs
Detection defenses
4. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Requirements of the data owners
Virus detection
Rule-based access control
Worm
5. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Regulatory compliance
Residual risk would be reduced by a greater amount
Examples of containment defenses
The data custodian
6. ecurity design flaws require a ____________________.
Deeper level of analysis
Creation of a business continuity plan
Identify the relevant systems and processes
Information security manager
7. A key indicator of performance measurement.
Background checks of prospective employees
Risk assessment - evaluation and impact analysis
Strategic alignment of security with business objectives
The board of directors and senior management
8. Occurs when the incoming level
Comparison of cost of achievement
Power surge/over voltage (spike)
Lack of change management
Data isolation
9. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Gain unauthorized access to applications
Encryption
Internal risk assessment
Detection defenses
10. Utility program that detects and protects a personal computer from unauthorized intrusions
Stress testing
The data custodian
Get senior management onboard
Personal firewall
11. A Successful risk management should lead to a ________________.
Hacker
Breakeven point of risk reduction and cost
Assess the risks to the business operation
Alignment with business strategy
12. Most effective for evaluating the degree to which information security objectives are being met.
Service level agreements (SLAs)
Two-factor authentication
Performing a risk assessment
The balanced scorecard
13. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Audit objectives
Role-based access control
Encryption
Continuous analysis - monitoring and feedback
14. A repository of historical data organized by subject to support decision makers in the org
Data warehouse
Background check
Total cost of ownership (TCO)
Notifications and opt-out provisions
15. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Gain unauthorized access to applications
Negotiating a local version of the organization standards
Owner of the information asset
Process of introducing changes to systems
16. Ensures that there are no scalability problems.
Stress testing
Cyber extortionist
Breakeven point of risk reduction and cost
Get senior management onboard
17. The PRIMARY goal in developing an information security strategy is to: _________________________.
Asset classification
Support the business objectives of the organization
Intrusion detection system (IDS)
Role-based policy
18. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
SWOT analysis
Data owners
Creation of a business continuity plan
Decentralization
19. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Breakeven point of risk reduction and cost
Well-defined roles and responsibilities
Cryptographic secure sockets layer (SSL) implementations and short key lengths
The data owner
20. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
21. Should be a standard requirement for the service provider.
Background check
Vulnerability assessment
Its ability to reduce or eliminate business risks
Risk management and the requirements of the organization
22. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Patch management process
Identify the relevant systems and processes
Risk management and the requirements of the organization
Undervoltage (brownout)
23. Has full responsibility over data.
Retention of business records
Stress testing
Get senior management onboard
The data owner
24. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Patch management process
Gap analysis
Use of security metrics
Two-factor authentication
25. Only valid if assets have first been identified and appropriately valued.
Power surge/over voltage (spike)
BIA (Business Impact Assessment
Annual loss expectancy (ALE)calculations
Spoofing attacks
26. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Background checks of prospective employees
Security risk
Normalization
Audit objectives
27. The MOST important element of an information security strategy.
Monitoring processes
Data warehouse
Security awareness training for all employees
Defined objectives
28. Focuses on identifying vulnerabilities.
Annually or whenever there is a significant change
Defining high-level business security requirements
Penetration testing
Audit objectives
29. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Data classification
The information security officer
Nondisclosure agreement (NDA)
Protective switch covers
30. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Security code reviews for the entire software application
Retention of business records
Security risk
Service level agreements (SLAs)
31. Has to be integrated into the requirements of every software application's design.
Risk assessment - evaluation and impact analysis
Negotiating a local version of the organization standards
Audit objectives
Encryption key management
32. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Developing an information security baseline
Creation of a business continuity plan
Cross-site scripting attacks
Equal error rate (EER)
33. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Encryption key management
Centralization of information security management
Control effectiveness
Centralized structure
34. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Countermeasure cost-benefit analysis
Undervoltage (brownout)
Confidentiality
Deeper level of analysis
35. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Lack of change management
Waterfall chart
Residual risk
Hacker
36. To identify known vulnerabilities based on common misconfigurations and missing updates.
Exceptions to policy
A network vulnerability assessment
Nondisclosure agreement (NDA)
Tailgating
37. A method for analyzing and reducing a relational database to its most streamlined form
Normalization
Knowledge management
People
Requirements of the data owners
38. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Strategic alignment of security with business objectives
Properly aligned with business goals and objectives
Cracker
The information security officer
39. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Role-based policy
Risk management and the requirements of the organization
Continuous analysis - monitoring and feedback
Threat assessment
40. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Equal error rate (EER)
Platform security - intrusion detection and antivirus controls
Identify the vulnerable systems and apply compensating controls
Transferred risk
41. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
0-day vulnerabilities
Tie security risks to key business objectives
Transmit e-mail messages
Information security manager
42. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
Cost of control
Get senior management onboard
Cyber terrorist
Trojan horse
43. Someone who uses the internet or network to destroy or damage computers for political reasons
Cyber terrorist
Owner of the information asset
The balanced scorecard
Its ability to reduce or eliminate business risks
44. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Detection defenses
Notifications and opt-out provisions
Continuous monitoring control initiatives
Role-based access control
45. BEST option to improve accountability for a system administrator is to _____________________.
Background check
Creation of a business continuity plan
Equal error rate (EER)
include security responsibilities in a job description
46. Inject malformed input.
Cross-site scripting attacks
Equal error rate (EER)
Alignment with business strategy
Continuous analysis - monitoring and feedback
47. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Overall organizational structure
Security risk
Total cost of ownership (TCO)
Confidentiality
48. Cannot be minimized
Virus
Data owners
Security baselines
Inherent risk
49. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Internal risk assessment
Owner of the information asset
The authentication process is broken
Reduce risk to an acceptable level
50. Uses security metrics to measure the performance of the information security program.
Gap analysis
Performing a risk assessment
Information security manager
Regulatory compliance
