SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
Developing an information security baseline
The authentication process is broken
Comparison of cost of achievement
Data owners
2. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
The information security officer
Control risk
Encryption key management
BIA (Business Impact Assessment
3. Accesses a computer or network illegally
Use of security metrics
Skills inventory
Cracker
Rule-based access control
4. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
Centralization of information security management
include security responsibilities in a job description
Consensus on risks and controls
Risk assessment - evaluation and impact analysis
5. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
Acceptable use policies
Data mart
Applying the proper classification to the data
Encryption of the hard disks
6. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Detection defenses
Continuous analysis - monitoring and feedback
Owner of the information asset
The data custodian
7. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.
Data isolation
Owner of the information asset
Logon banners
Information security manager
8. BEST option to improve accountability for a system administrator is to _____________________.
include security responsibilities in a job description
Examples of containment defenses
Compliance with the organization's information security requirements
Defining high-level business security requirements
9. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Transferred risk
SWOT analysis
Data mart
Knowledge management
10. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.
Penetration testing
Intrusion detection system (IDS)
Owner of the information asset
Transferred risk
11. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.
Residual risk
Encryption of the hard disks
Tie security risks to key business objectives
Regular review of access control lists
12. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.
Risk appetite
Penetration testing
Risk assessment - evaluation and impact analysis
Control effectiveness
13. Should PRIMARILY be based on regulatory and legal requirements.
Script kiddie
Spoofing attacks
Regulatory compliance
Retention of business records
14. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.
IP address packet filtering
Baseline standard and then develop additional standards
Data isolation
Residual risk would be reduced by a greater amount
15. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
Risk assessment - evaluation and impact analysis
Internal risk assessment
Centralization of information security management
Information contained on the equipment
16. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.
Security risk
The balanced scorecard
Equal error rate (EER)
Total cost of ownership (TCO)
17. Provides process needs but not impact.
Resource dependency assessment
Transferred risk
Residual risk
Residual risk would be reduced by a greater amount
18. Applications cannot access data associated with other apps
Regular review of access control lists
include security responsibilities in a job description
Proficiency testing
Data isolation
19. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
20. The PRIMARY goal in developing an information security strategy is to: _________________________.
0-day vulnerabilities
Support the business objectives of the organization
Reduce risk to an acceptable level
The information security officer
21. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.
Countermeasure cost-benefit analysis
Internal risk assessment
Deeper level of analysis
Patch management
22. Without _____________________ - there cannot be accountability.
Well-defined roles and responsibilities
Defined objectives
Identify the vulnerable systems and apply compensating controls
Lack of change management
23. Information security governance models are highly dependent on the _____________________.
Overall organizational structure
Normalization
Prioritization
Knowledge management
24. Residual risk is unmanaged - i.e. - inherent risk which remains uncontrolled. This is key to the organization's _____________ and is the amount of residual risk that a business is living with that affects its viability.
Identify the relevant systems and processes
Risk appetite
Role-based access control
Acceptable use policies
25. The primary role of the information security manager in the process of information classification within the organization.
Virus detection
Defining and ratifying the classification structure of information assets
OBusiness case development
Key risk indicator (KRI) setup
26. Same intent as a cracker but does not have the technical skills and knowledge
Public key infrastructure (PKI)
Script kiddie
Power surge/over voltage (spike)
Reduce risk to an acceptable level
27. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Control effectiveness
The authentication process is broken
Total cost of ownership (TCO)
Properly aligned with business goals and objectives
28. Provides strong online authentication.
Stress testing
Public key infrastructure (PKI)
Multinational organization
Proficiency testing
29. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are
BIA (Business Impact Assessment
Notifications and opt-out provisions
Cyber terrorist
Rule-based access control
30. Programs that act without a user's knowledge and deliberately alter a computer's operations
The database administrator
Vulnerability assessment
MAL wear
Examples of containment defenses
31. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Calculating the value of the information or asset
Undervoltage (brownout)
Performing a risk assessment
Equal error rate (EER)
32. Used to understand the flow of one process into another.
Compliance with the organization's information security requirements
Performing a risk assessment
Waterfall chart
Proficiency testing
33. Someone who uses the internet or network to destroy or damage computers for political reasons
Cyber terrorist
Security awareness training for all employees
Safeguards over keys
Intrusion detection system (IDS)
34. A notice that guarantees a user or a web site is legitimate
Identify the vulnerable systems and apply compensating controls
Security risk
Monitoring processes
Digital certificate
35. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Threat assessment
Script kiddie
All personnel
Centralization of information security management
36. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Retention of business records
Penetration testing
Key controls
Creation of a business continuity plan
37. Needs to define the access rules - which is troublesome and error prone in large organizations.
Control risk
Rule-based access control
Normalization
MAL wear
38. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Consensus on risks and controls
Single sign-on (SSO) product
Worm
Data mart
39. By definition are not previously known and therefore are undetectable.
Key controls
Skills inventory
Gain unauthorized access to applications
0-day vulnerabilities
40. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
Worm
Biometric access control systems
Reduce risk to an acceptable level
Alignment with business strategy
41. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Knowledge management
Worm
Decentralization
Logon banners
42. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.
Intrusion detection system (IDS)
The data owner
Cyber extortionist
Notifications and opt-out provisions
43. Whenever personal data are transferred across national boundaries; ________________________ are required.
The awareness and agreement of the data subjects
Total cost of ownership (TCO)
Reduce risk to an acceptable level
Protective switch covers
44. Are not infallible. When tuning the solution - one has to adjust the sensitivity level to give preference either to false reject rate (type I error rate) where the system will be more prone to err denying access to a valid user or erring and allowing
Centralization of information security management
Return on security investment (ROSI)
Biometric access control systems
BIA (Business Impact Assessment
45. A Successful risk management should lead to a ________________.
The awareness and agreement of the data subjects
Well-defined roles and responsibilities
Breakeven point of risk reduction and cost
Security risk
46. A repository of historical data organized by subject to support decision makers in the org
Rule-based access control
Data warehouse
Breakeven point of risk reduction and cost
Residual risk would be reduced by a greater amount
47. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.
Digital signatures
Performing a risk assessment
Transferred risk
Penetration testing
48. The most important characteristic of good security policies is that they be ____________________.
Aligned with organizational goals
Data owners
Its ability to reduce or eliminate business risks
The information security officer
49. Reducing risk to a level too small to measure is _______________.
Support the business objectives of the organization
Decentralization
Fault-tolerant computer
Impractical and is often cost-prohibitive
50. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Get senior management onboard
Use of security metrics
Transmit e-mail messages
Classification of assets needs