Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e






2. Oversees the overall classification management of the information.






3. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.






4. Most effective for evaluating the degree to which information security objectives are being met.






5. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.






6. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.






7. Focuses on identifying vulnerabilities.






8. When the ________________ is more than the cost of the risk - the risk should be accepted.






9. The starting point for driving management's attention to information security. All other choices will follow the risk assessment.






10. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee






11. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.






12. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.






13. Culture has a significant impact on how information security will be implemented in a ______________________.






14. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.






15. The MOST important element of an information security strategy.






16. The most important characteristic of good security policies is that they be ____________________.






17. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.






18. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.






19. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.






20. Provides process needs but not impact.






21. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.






22. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.






23. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.






24. By definition are not previously known and therefore are undetectable.






25. Without _____________________ - there cannot be accountability.






26. Attackers who exploit weak application authentication controls can ___________________ and this has little to do with cross-site scripting vulnerabilities.






27. It is more efficient to establish a ___________________for locations that must meet specific requirements.






28. To identify known vulnerabilities based on common misconfigurations and missing updates.






29. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.






30. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm






31. Has to be integrated into the requirements of every software application's design.






32. Should be performed to identify the risk and determine needed controls.






33. Company or person you believe will not send a virus-infect file knowingly






34. A repository of historical data organized by subject to support decision makers in the org






35. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.






36. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.






37. Provides strong online authentication.






38. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.






39. The MOST useful way to describe the objectives in the information security strategy is through ______________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


40. The MOST important component of a privacy policy is: A Privacy policies must contain _______________; they are a high-level management statement of direction. They do not necessarily address warranties - liabilities or geographic coverage - which are






41. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.






42. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.






43. A risk assessment should be conducted _________________.






44. Needs to define the access rules - which is troublesome and error prone in large organizations.






45. Responsible for securing the information.






46. Same intent as a cracker but does not have the technical skills and knowledge






47. Normally addressed through antivirus and antispyware policies.






48. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.






49. Someone who uses the internet or network to destroy or damage computers for political reasons






50. A process that helps organizations manipulate important knowledge that is part of the orgs. memory