SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Equal error rate (EER)
MAL wear
Safeguards over keys
Properly aligned with business goals and objectives
2. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Penetration testing
Vulnerability assessment
Nondisclosure agreement (NDA)
Developing an information security baseline
3. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
4. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Calculating the value of the information or asset
All personnel
Knowledge management
Certificate authority (CA)
5. Inject malformed input.
Residual risk
Virus
Cross-site scripting attacks
What happened and how the breach was resolved
6. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
The awareness and agreement of the data subjects
Notifications and opt-out provisions
Skills inventory
Lack of change management
7. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Residual risk
Security code reviews for the entire software application
Platform security - intrusion detection and antivirus controls
Residual risk would be reduced by a greater amount
8. Carries out the technical administration.
The information security officer
The balanced scorecard
The database administrator
Background check
9. Useful but only with regard to specific technical skills.
Cyber terrorist
Proficiency testing
Key controls
Countermeasure cost-benefit analysis
10. Ensures that there are no scalability problems.
Stress testing
The data custodian
Vulnerability assessment
Inherent risk
11. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Consensus on risks and controls
Tie security risks to key business objectives
Gain unauthorized access to applications
Defined objectives
12. The data owner is responsible for _______________________.
Developing an information security baseline
Centralization of information security management
Applying the proper classification to the data
Proficiency testing
13. Whenever personal data are transferred across national boundaries; ________________________ are required.
The awareness and agreement of the data subjects
Return on security investment (ROSI)
Conduct a risk assessment
Notifications and opt-out provisions
14. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Properly aligned with business goals and objectives
Creation of a business continuity plan
Owner of the information asset
Knowledge management
15. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
IP address packet filtering
Gap analysis
People
Decentralization
16. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Patch management
Support the business objectives of the organization
Overall organizational structure
Regular review of access control lists
17. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm
Get senior management onboard
Return on security investment (ROSI)
A network vulnerability assessment
Waterfall chart
18. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability
Public key infrastructure (PKI)
Comparison of cost of achievement
Security risk
Impractical and is often cost-prohibitive
19. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
The awareness and agreement of the data subjects
Return on security investment (ROSI)
Cyber extortionist
Access control matrix
20. Company or person you believe will not send a virus-infect file knowingly
Trusted source
Stress testing
Regular review of access control lists
IP address packet filtering
21. A Successful risk management should lead to a ________________.
Breakeven point of risk reduction and cost
Personal firewall
Its ability to reduce or eliminate business risks
Defining high-level business security requirements
22. Programs that act without a user's knowledge and deliberately alter a computer's operations
Centralized structure
MAL wear
Annual loss expectancy (ALE)calculations
Methodology used in the assessment
23. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
Data mart
Security awareness training for all employees
Lack of change management
Personal firewall
24. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Penetration testing
Security baselines
Methodology used in the assessment
Virus
25. Uses security metrics to measure the performance of the information security program.
Data isolation
Information security manager
Inherent risk
Is willing to accept
26. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.
Monitoring processes
Nondisclosure agreement (NDA)
OBusiness case development
Audit objectives
27. Occurs when the electrical supply drops
Identify the vulnerable systems and apply compensating controls
Requirements of the data owners
Undervoltage (brownout)
Breakeven point of risk reduction and cost
28. Program that hides within or looks like a legit program
Security code reviews for the entire software application
Applying the proper classification to the data
Trojan horse
Consensus on risks and controls
29. The job of the information security officer on a management team is to ___________________.
Exceptions to policy
Key risk indicator (KRI) setup
Assess the risks to the business operation
OBusiness case development
30. Should be determined from the risk assessment results.
Cyber extortionist
Audit objectives
Trojan horse
The balanced scorecard
31. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.
Negotiating a local version of the organization standards
The information security officer
Cryptographic secure sockets layer (SSL) implementations and short key lengths
The board of directors and senior management
32. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
Notifications and opt-out provisions
Encryption of the hard disks
Well-defined roles and responsibilities
Methodology used in the assessment
33. A repository of historical data organized by subject to support decision makers in the org
Data warehouse
IP address packet filtering
Owner of the information asset
Confidentiality
34. A notice that guarantees a user or a web site is legitimate
Its ability to reduce or eliminate business risks
Digital certificate
Tie security risks to key business objectives
Inherent risk
35. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
Overall organizational structure
Protective switch covers
Internal risk assessment
Comparison of cost of achievement
36. Provide metrics to which outsourcing firms can be held accountable.
Digital certificate
Risk management and the requirements of the organization
Service level agreements (SLAs)
Fault-tolerant computer
37. Change management controls the _____________________. This is often the point at which a weakness will be introduced.
Vulnerability assessment
Process of introducing changes to systems
Consensus on risks and controls
Decentralization
38. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.
Reduce risk to an acceptable level
Script kiddie
Inherent risk
Data owners
39. Primarily reduce risk and are most effective for the protection of information assets.
Intrusion detection system (IDS)
Risk assessment - evaluation and impact analysis
Rule-based access control
Key controls
40. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
Cross-site scripting attacks
Total cost of ownership (TCO)
Encryption key management
All personnel
41. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.
Encryption
Breakeven point of risk reduction and cost
Countermeasure cost-benefit analysis
Methodology used in the assessment
42. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
The board of directors and senior management
Continuous monitoring control initiatives
Exceptions to policy
Equal error rate (EER)
43. Used to understand the flow of one process into another.
Fault-tolerant computer
Waterfall chart
Patch management process
The authentication process is broken
44. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Is willing to accept
Transferred risk
Multinational organization
The information security officer
45. Accesses a computer or network illegally
Cracker
Power surge/over voltage (spike)
Penetration testing
Monitoring processes
46. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.
Proficiency testing
Assess the risks to the business operation
Developing an information security baseline
A network vulnerability assessment
47. Risk should be reduced to a level that an organization _____________.
Countermeasure cost-benefit analysis
Control risk
Is willing to accept
Well-defined roles and responsibilities
48. Utility program that detects and protects a personal computer from unauthorized intrusions
Exceptions to policy
Personal firewall
The balanced scorecard
Trusted source
49. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Transmit e-mail messages
Knowledge management
Cost of control
Baseline standard and then develop additional standards
50. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Consensus on risks and controls
SWOT analysis
Power surge/over voltage (spike)
Resource dependency assessment
