SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Should be performed to identify the risk and determine needed controls.
What happened and how the breach was resolved
Comparison of cost of achievement
Internal risk assessment
Risk management and the requirements of the organization
2. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
The authentication process is broken
Risk assessment - evaluation and impact analysis
Exceptions to policy
Knowledge management
3. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Skills inventory
The awareness and agreement of the data subjects
Equal error rate (EER)
Lack of change management
4. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Centralized structure
Security code reviews for the entire software application
Security risk
5. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
All personnel
Resource dependency assessment
Patch management
Role-based policy
6. Same intent as a cracker but does not have the technical skills and knowledge
Identify the vulnerable systems and apply compensating controls
Creation of a business continuity plan
A network vulnerability assessment
Script kiddie
7. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Conduct a risk assessment
Security code reviews for the entire software application
Use of security metrics
Comparison of cost of achievement
8. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Security baselines
Trusted source
Single sign-on (SSO) product
Tailgating
9. provides the most effective protection of data on mobile devices.
Is willing to accept
Stress testing
Encryption
Requirements of the data owners
10. All within the responsibility of the information security manager.
Requirements of the data owners
The board of directors and senior management
Platform security - intrusion detection and antivirus controls
Safeguards over keys
11. Useful but only with regard to specific technical skills.
Identify the relevant systems and processes
Proficiency testing
Comparison of cost of achievement
Creation of a business continuity plan
12. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.
Comparison of cost of achievement
Identify the relevant systems and processes
Security awareness training for all employees
Data isolation
13. Someone who accesses a computer or network illegally
Hacker
Worm
Skills inventory
Key controls
14. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Security baselines
Countermeasure cost-benefit analysis
Stress testing
Comparison of cost of achievement
15. Culture has a significant impact on how information security will be implemented in a ______________________.
Digital certificate
Multinational organization
Virus
Creation of a business continuity plan
16. It is easier to manage and control a _________________.
Background checks of prospective employees
Consensus on risks and controls
Centralized structure
Data warehouse
17. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Well-defined roles and responsibilities
Decentralization
Service level agreements (SLAs)
Cyber extortionist
18. Accesses a computer or network illegally
Patch management process
Equal error rate (EER)
Risk management and the requirements of the organization
Cracker
19. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Security baselines
Its ability to reduce or eliminate business risks
Continuous analysis - monitoring and feedback
Consensus on risks and controls
20. The MOST important element of an information security strategy.
Data owners
Knowledge management
Defined objectives
Defining and ratifying the classification structure of information assets
21. Applications cannot access data associated with other apps
The data owner
Monitoring processes
Retention of business records
Data isolation
22. Someone who uses the internet or network to destroy or damage computers for political reasons
Performing a risk assessment
Two-factor authentication
Increase business value and confidence
Cyber terrorist
23. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Decentralization
Defining high-level business security requirements
Increase business value and confidence
IP address packet filtering
24. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Do with the information it collects
What happened and how the breach was resolved
Owner of the information asset
Negotiating a local version of the organization standards
25. Occurs when the electrical supply drops
Continuous analysis - monitoring and feedback
Threat assessment
Undervoltage (brownout)
Virus
26. An information security manager has to impress upon the human resources department the need for _____________________.
Defining high-level business security requirements
Security awareness training for all employees
The awareness and agreement of the data subjects
Process of introducing changes to systems
27. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Security awareness training for all employees
Security baselines
Is willing to accept
People
28. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Increase business value and confidence
Decentralization
Negotiating a local version of the organization standards
Data mart
29. Company or person you believe will not send a virus-infect file knowingly
Developing an information security baseline
Trusted source
Two-factor authentication
Negotiating a local version of the organization standards
30. Primarily reduce risk and are most effective for the protection of information assets.
Inherent risk
Key controls
Data owners
Calculating the value of the information or asset
31. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
OBusiness case development
Lack of change management
Risk appetite
Compliance with the organization's information security requirements
32. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Threat assessment
Performing a risk assessment
Service level agreements (SLAs)
Increase business value and confidence
33. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Public key infrastructure (PKI)
Attributes and characteristics of the 'desired state'
Return on security investment (ROSI)
Information contained on the equipment
34. Used to understand the flow of one process into another.
Retention of business records
Waterfall chart
Patch management process
Residual risk would be reduced by a greater amount
35. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
36. When defining the information classification policy - the ___________________ need to be identified.
Transmit e-mail messages
Strategic alignment of security with business objectives
Risk assessment - evaluation and impact analysis
Requirements of the data owners
37. When the ________________ is more than the cost of the risk - the risk should be accepted.
Cyber extortionist
Cost of control
Undervoltage (brownout)
Prioritization
38. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Tie security risks to key business objectives
Assess the risks to the business operation
Patch management process
Inherent risk
39. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Examples of containment defenses
Is willing to accept
Requirements of the data owners
Skills inventory
40. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Exceptions to policy
Do with the information it collects
Defined objectives
Virus
41. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Confidentiality
Information contained on the equipment
Data isolation
Is willing to accept
42. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Notifications and opt-out provisions
Identify the relevant systems and processes
People
Information contained on the equipment
43. Reducing risk to a level too small to measure is _______________.
Impractical and is often cost-prohibitive
Compliance with the organization's information security requirements
Public key infrastructure (PKI)
Do with the information it collects
44. The best measure for preventing the unauthorized disclosure of confidential information.
Detection defenses
Properly aligned with business goals and objectives
Calculating the value of the information or asset
Acceptable use policies
45. Has full responsibility over data.
The data owner
Confidentiality
Virus detection
Continuous analysis - monitoring and feedback
46. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Security awareness training for all employees
The data owner
Detection defenses
Identify the relevant systems and processes
47. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.
Exceptions to policy
Baseline standard and then develop additional standards
Identify the relevant systems and processes
Negotiating a local version of the organization standards
48. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.
Breakeven point of risk reduction and cost
Single sign-on (SSO) product
Tie security risks to key business objectives
Intrusion detection system (IDS)
49. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Continuous monitoring control initiatives
Transmit e-mail messages
The balanced scorecard
Regular review of access control lists
50. Determined by the business risk - i.e. - the potential impact on the business of the loss - corruption or disclosure of information. It must be applied to information in all forms - both electronic and physical (paper) - and should be applied by the
Regulatory compliance
Data classification
The balanced scorecard
Do with the information it collects
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests