SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The job of the information security officer on a management team is to ___________________.
Encryption of the hard disks
Assess the risks to the business operation
Negotiating a local version of the organization standards
People
2. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.
Certificate authority (CA)
Trojan horse
Continuous monitoring control initiatives
Waterfall chart
3. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
The awareness and agreement of the data subjects
Detection defenses
Identify the relevant systems and processes
Annually or whenever there is a significant change
4. Same intent as a cracker but does not have the technical skills and knowledge
Do with the information it collects
Script kiddie
Rule-based access control
Use of security metrics
5. Should PRIMARILY be based on regulatory and legal requirements.
Audit objectives
Threat assessment
Retention of business records
All personnel
6. Has full responsibility over data.
The data owner
Decentralization
Countermeasure cost-benefit analysis
Risk appetite
7. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Properly aligned with business goals and objectives
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Transmit e-mail messages
Logon banners
8. Used to understand the flow of one process into another.
Notifications and opt-out provisions
Waterfall chart
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Data owners
9. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.
Threat assessment
Undervoltage (brownout)
Proficiency testing
Equal error rate (EER)
10. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network
Confidentiality
Calculating the value of the information or asset
Residual risk would be reduced by a greater amount
Worm
11. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
BIA (Business Impact Assessment
Overall organizational structure
Defining high-level business security requirements
Rule-based access control
12. Ensures that there are no scalability problems.
Knowledge management
Data classification
Stress testing
Total cost of ownership (TCO)
13. Inject malformed input.
Audit objectives
Platform security - intrusion detection and antivirus controls
Phishing
Cross-site scripting attacks
14. It is more efficient to establish a ___________________for locations that must meet specific requirements.
Strategic alignment of security with business objectives
Support the business objectives of the organization
Its ability to reduce or eliminate business risks
Baseline standard and then develop additional standards
15. Focuses on identifying vulnerabilities.
Safeguards over keys
Comparison of cost of achievement
Owner of the information asset
Penetration testing
16. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Security code reviews for the entire software application
Assess the risks to the business operation
All personnel
Security baselines
17. Responsible for securing the information.
Personal firewall
Internal risk assessment
People
The data custodian
18. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Protective switch covers
The board of directors and senior management
The database administrator
Risk management and the requirements of the organization
19. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Calculating the value of the information or asset
Control effectiveness
Properly aligned with business goals and objectives
Inherent risk
20. A method for analyzing and reducing a relational database to its most streamlined form
Properly aligned with business goals and objectives
MAL wear
Normalization
OBusiness case development
21. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Knowledge management
Monitoring processes
Patch management process
Requirements of the data owners
22. A Successful risk management should lead to a ________________.
Exceptions to policy
Breakeven point of risk reduction and cost
Service level agreements (SLAs)
Control risk
23. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.
OBusiness case development
Do with the information it collects
Malicious software and spyware
Encryption of the hard disks
24. Information security governance models are highly dependent on the _____________________.
Risk assessment - evaluation and impact analysis
Risk appetite
Rule-based access control
Overall organizational structure
25. When developing an information security program _________________ would help identify the available resources - any gaps and the training requirements for developing resources.
Skills inventory
Control effectiveness
Use of security metrics
Platform security - intrusion detection and antivirus controls
26. A risk assessment should be conducted _________________.
Prioritization
Applying the proper classification to the data
Breakeven point of risk reduction and cost
Annually or whenever there is a significant change
27. A repository of historical data organized by subject to support decision makers in the org
Data warehouse
Access control matrix
Safeguards over keys
Residual risk would be reduced by a greater amount
28. Oversees the overall classification management of the information.
The information security officer
The database administrator
Phishing
Retention of business records
29. ecurity design flaws require a ____________________.
The database administrator
Deeper level of analysis
Breakeven point of risk reduction and cost
IP address packet filtering
30. The best measure for preventing the unauthorized disclosure of confidential information.
Consensus on risks and controls
Phishing
Identify the relevant systems and processes
Acceptable use policies
31. provides the most effective protection of data on mobile devices.
Increase business value and confidence
Identify the vulnerable systems and apply compensating controls
Key controls
Encryption
32. Occurs when the incoming level
Notifications and opt-out provisions
Trojan horse
Power surge/over voltage (spike)
Cyber terrorist
33. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.
Tie security risks to key business objectives
BIA (Business Impact Assessment
Transferred risk
Trojan horse
34. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations
The authentication process is broken
Inherent risk
Lack of change management
Role-based access control
35. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
Conduct a risk assessment
Digital signatures
The authentication process is broken
Identify the vulnerable systems and apply compensating controls
36. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Get senior management onboard
Decentralization
Impractical and is often cost-prohibitive
The awareness and agreement of the data subjects
37. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Undervoltage (brownout)
Control effectiveness
Methodology used in the assessment
Single sign-on (SSO) product
38. Culture has a significant impact on how information security will be implemented in a ______________________.
Tie security risks to key business objectives
What happened and how the breach was resolved
Multinational organization
Properly aligned with business goals and objectives
39. When defining the information classification policy - the ___________________ need to be identified.
Identify the vulnerable systems and apply compensating controls
Notifications and opt-out provisions
Requirements of the data owners
Stress testing
40. The most important characteristic of good security policies is that they be ____________________.
Retention of business records
Aligned with organizational goals
Get senior management onboard
Acceptable use policies
41. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Public key infrastructure (PKI)
People
Patch management
Data classification
42. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Virus
Regular review of access control lists
Transmit e-mail messages
Continuous analysis - monitoring and feedback
43. Risk should be reduced to a level that an organization _____________.
Data classification
Exceptions to policy
Control risk
Is willing to accept
44. The MOST important element of an information security strategy.
Increase business value and confidence
Threat assessment
Public key infrastructure (PKI)
Defined objectives
45. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.
Single sign-on (SSO) product
Alignment with business strategy
Methodology used in the assessment
Virus detection
46. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Control risk
Well-defined roles and responsibilities
Key risk indicator (KRI) setup
Virus
47. Programs that act without a user's knowledge and deliberately alter a computer's operations
MAL wear
What happened and how the breach was resolved
Conduct a risk assessment
Role-based policy
48. Carries out the technical administration.
Biometric access control systems
The data owner
Stress testing
The database administrator
49. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Platform security - intrusion detection and antivirus controls
Two-factor authentication
Malicious software and spyware
Well-defined roles and responsibilities
50. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.
Control risk
SWOT analysis
The authentication process is broken
Logon banners