Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. By definition are not previously known and therefore are undetectable.






2. Needs to define the access rules - which is troublesome and error prone in large organizations.






3. A key indicator of performance measurement.






4. Provide metrics to which outsourcing firms can be held accountable.






5. Occurs when the electrical supply drops






6. Program that hides within or looks like a legit program






7. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.






8. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.






9. The job of the information security officer on a management team is to ___________________.






10. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.






11. Provides process needs but not impact.






12. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.






13. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the






14. Ensure that transmitted information can be attributed to the named sender.






15. Has full responsibility over data.






16. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.






17. A method for analyzing and reducing a relational database to its most streamlined form






18. A risk assessment should be conducted _________________.






19. Whenever personal data are transferred across national boundaries; ________________________ are required.






20. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network






21. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.






22. Occurs after the risk assessment process - it does not measure it.






23. The primary role of the information security manager in the process of information classification within the organization.






24. Should be determined from the risk assessment results.






25. Occurs when the incoming level






26. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


27. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.






28. Without _____________________ - there cannot be accountability.






29. Carries out the technical administration.






30. Culture has a significant impact on how information security will be implemented in a ______________________.






31. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.






32. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.






33. Used to understand the flow of one process into another.






34. A notice that guarantees a user or a web site is legitimate






35. Someone who uses the internet or network to destroy or damage computers for political reasons






36. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.






37. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.






38. The data owner is responsible for _______________________.






39. The MOST useful way to describe the objectives in the information security strategy is through ______________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


40. The MOST important element of an information security strategy.






41. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.






42. Provides strong online authentication.






43. A repository of historical data organized by subject to support decision makers in the org






44. Should PRIMARILY be based on regulatory and legal requirements.






45. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability






46. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are






47. Responsible for securing the information.






48. Reducing risk to a level too small to measure is _______________.






49. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.






50. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.