SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Risk appetite
Compliance with the organization's information security requirements
Certificate authority (CA)
Creation of a business continuity plan
2. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Return on security investment (ROSI)
Data classification
Safeguards over keys
Assess the risks to the business operation
3. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
The data custodian
Service level agreements (SLAs)
People
The authentication process is broken
4. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Equal error rate (EER)
Compliance with the organization's information security requirements
Information contained on the equipment
All personnel
5. ecurity design flaws require a ____________________.
Return on security investment (ROSI)
Digital signatures
Deeper level of analysis
Identify the relevant systems and processes
6. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Alignment with business strategy
Encryption key management
Increase business value and confidence
Transmit e-mail messages
7. Identification and _______________ of business risk enables project managers to address areas with most significance.
Centralized structure
Prioritization
Fault-tolerant computer
Identify the vulnerable systems and apply compensating controls
8. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
9. A tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
Increase business value and confidence
Spoofing attacks
Key risk indicator (KRI) setup
Patch management process
10. It is easier to manage and control a _________________.
Centralized structure
Script kiddie
Consensus on risks and controls
Threat assessment
11. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.
Cyber extortionist
Access control matrix
Residual risk would be reduced by a greater amount
Is willing to accept
12. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Strategic alignment of security with business objectives
Methodology used in the assessment
What happened and how the breach was resolved
Power surge/over voltage (spike)
13. The MAIN reason why _______________ is important to a successful information security program is because classification determines the appropriate level of protection to the asset.
Asset classification
Overall organizational structure
Breakeven point of risk reduction and cost
People
14. Should be performed to identify the risk and determine needed controls.
Reduce risk to an acceptable level
Internal risk assessment
Creation of a business continuity plan
Tailgating
15. The job of the information security officer on a management team is to ___________________.
Properly aligned with business goals and objectives
The authentication process is broken
Assess the risks to the business operation
Logon banners
16. A key indicator of performance measurement.
Patch management
Strategic alignment of security with business objectives
Data classification
Tie security risks to key business objectives
17. Has full responsibility over data.
Regulatory compliance
The data owner
Hacker
Encryption key management
18. Occurs after the risk assessment process - it does not measure it.
Use of security metrics
Asset classification
Total cost of ownership (TCO)
Virus
19. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Owner of the information asset
Risk appetite
Hacker
Power surge/over voltage (spike)
20. The MOST important element of an information security strategy.
Data mart
Centralized structure
Digital certificate
Defined objectives
21. To identify known vulnerabilities based on common misconfigurations and missing updates.
Control effectiveness
Fault-tolerant computer
Breakeven point of risk reduction and cost
A network vulnerability assessment
22. The PRIMARY goal in developing an information security strategy is to: _________________________.
Defining high-level business security requirements
Prioritization
Support the business objectives of the organization
Use of security metrics
23. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Biometric access control systems
Centralization of information security management
Detection defenses
The board of directors and senior management
24. Applications cannot access data associated with other apps
Data isolation
Internal risk assessment
Background check
Encryption
25. Has to be integrated into the requirements of every software application's design.
Encryption key management
Trusted source
Trojan horse
Is willing to accept
26. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.
Centralization of information security management
Role-based policy
Information contained on the equipment
Attributes and characteristics of the 'desired state'
27. A method for analyzing and reducing a relational database to its most streamlined form
Protective switch covers
Public key infrastructure (PKI)
Total cost of ownership (TCO)
Normalization
28. The primary role of the information security manager in the process of information classification within the organization.
Threat assessment
Trojan horse
Defining and ratifying the classification structure of information assets
Annually or whenever there is a significant change
29. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Creation of a business continuity plan
Intrusion detection system (IDS)
Support the business objectives of the organization
Power surge/over voltage (spike)
30. Should PRIMARILY be based on regulatory and legal requirements.
Background checks of prospective employees
Asset classification
Audit objectives
Retention of business records
31. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Continuous monitoring control initiatives
Increase business value and confidence
Two-factor authentication
Risk assessment - evaluation and impact analysis
32. Ensure that transmitted information can be attributed to the named sender.
Digital signatures
Worm
Methodology used in the assessment
Fault-tolerant computer
33. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Security awareness training for all employees
Single sign-on (SSO) product
Trojan horse
Cross-site scripting attacks
34. Provides strong online authentication.
Process of introducing changes to systems
Internal risk assessment
Multinational organization
Public key infrastructure (PKI)
35. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Regular review of access control lists
Classification of assets needs
Defining high-level business security requirements
Normalization
36. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
Trojan horse
Properly aligned with business goals and objectives
Residual risk would be reduced by a greater amount
Overall organizational structure
37. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Retention of business records
Transmit e-mail messages
BIA (Business Impact Assessment
Internal risk assessment
38. The MOST effective way to ensure network users are aware of their responsibilities to comply with an organization's security requirements is - ______________ would appear every time the user logs on - and the user would be required to read and agree
Owner of the information asset
The database administrator
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Logon banners
39. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Creation of a business continuity plan
Data classification
Worm
Role-based access control
40. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Alignment with business strategy
Virus
Properly aligned with business goals and objectives
include security responsibilities in a job description
41. If the firewall allows source routing - any outsider can carry out _________________ by stealing the internal (private) IP addresses of the organization.
Service level agreements (SLAs)
Its ability to reduce or eliminate business risks
Background check
Spoofing attacks
42. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Reduce risk to an acceptable level
Penetration testing
Personal firewall
Virus
43. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Applying the proper classification to the data
Spoofing attacks
Well-defined roles and responsibilities
Developing an information security baseline
44. Same intent as a cracker but does not have the technical skills and knowledge
Defined objectives
Control effectiveness
Protective switch covers
Script kiddie
45. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Fault-tolerant computer
Exceptions to policy
Reduce risk to an acceptable level
Control risk
46. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.
Performing a risk assessment
Threat assessment
Security risk
The board of directors and senior management
47. Oversees the overall classification management of the information.
The information security officer
Data warehouse
Negotiating a local version of the organization standards
Cross-site scripting attacks
48. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Risk assessment - evaluation and impact analysis
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Data owners
Reduce risk to an acceptable level
49. A repository of historical data organized by subject to support decision makers in the org
Data warehouse
Centralized structure
Risk assessment - evaluation and impact analysis
Countermeasure cost-benefit analysis
50. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183