SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ecurity design flaws require a ____________________.
Logon banners
Background check
Deeper level of analysis
Residual risk
2. Inject malformed input.
Risk appetite
The data custodian
Patch management process
Cross-site scripting attacks
3. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Residual risk
Properly aligned with business goals and objectives
IP address packet filtering
Monitoring processes
4. The most important characteristic of good security policies is that they be ____________________.
Security baselines
The database administrator
Aligned with organizational goals
Tie security risks to key business objectives
5. A risk assessment should be conducted _________________.
Use of security metrics
Data mart
Power surge/over voltage (spike)
Annually or whenever there is a significant change
6. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Tailgating
Patch management process
include security responsibilities in a job description
Risk appetite
7. Using public key infrastructure (PKI) is currently accepted as the most secure method to _____________.
Worm
Transmit e-mail messages
Deeper level of analysis
Baseline standard and then develop additional standards
8. Awareness - training and physical security defenses.
Nondisclosure agreement (NDA)
The awareness and agreement of the data subjects
Information security manager
Examples of containment defenses
9. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'
Trusted source
People
Spoofing attacks
Security baselines
10. Useful but only with regard to specific technical skills.
Total cost of ownership (TCO)
Proficiency testing
Methodology used in the assessment
Strategic alignment of security with business objectives
11. Would protect against spoofing an internal address but would not provide strong authentication.
IP address packet filtering
Trusted source
Decentralization
The board of directors and senior management
12. A process that helps organizations manipulate important knowledge that is part of the orgs. memory
Knowledge management
Cross-site scripting attacks
Information security manager
Support the business objectives of the organization
13. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.
Resource dependency assessment
Nondisclosure agreement (NDA)
Script kiddie
SWOT analysis
14. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.
Increase business value and confidence
Consensus on risks and controls
Digital signatures
Rule-based access control
15. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Continuous monitoring control initiatives
Audit objectives
0-day vulnerabilities
Conduct a risk assessment
16. When mobile equipment is lost or stolen - the ______________________ matters most in determining the impact of the loss.
What happened and how the breach was resolved
Cyber extortionist
Information contained on the equipment
Multinational organization
17. All within the responsibility of the information security manager.
Monitoring processes
Platform security - intrusion detection and antivirus controls
Data classification
SWOT analysis
18. Has full responsibility over data.
The data owner
Trusted source
Owner of the information asset
OBusiness case development
19. On a company's e-commerce web site - a good legal statement regarding data privacy should include a statement regarding what the company will ___________________.
Do with the information it collects
The data owner
Patch management
Strategic alignment of security with business objectives
20. The BEST way to justify the implementation of a _____________________ is to use a business case. Return on investment (ROI) would only provide the costs needed to preclude specific risks - and would not provide other indirect benefits such as process
Security code reviews for the entire software application
Retention of business records
Calculating the value of the information or asset
Single sign-on (SSO) product
21. The data owner is responsible for _______________________.
Classification of assets needs
Certificate authority (CA)
Internal risk assessment
Applying the proper classification to the data
22. Addresses strengths - weaknesses - opportunities and threats. Although useful - a SWOT analysis is not as effective a tool.
Requirements of the data owners
SWOT analysis
Proficiency testing
Decentralization
23. The primary role of the information security manager in the process of information classification within the organization.
Information contained on the equipment
Calculating the value of the information or asset
Defining and ratifying the classification structure of information assets
Data classification
24. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.
Platform security - intrusion detection and antivirus controls
Encryption
Continuous analysis - monitoring and feedback
Vulnerability assessment
25. Has to be integrated into the requirements of every software application's design.
Centralized structure
Encryption key management
Continuous analysis - monitoring and feedback
Gap analysis
26. Utility program that detects and protects a personal computer from unauthorized intrusions
Asset classification
Developing an information security baseline
Personal firewall
Deeper level of analysis
27. Used to understand the flow of one process into another.
Properly aligned with business goals and objectives
Waterfall chart
Logon banners
Asset classification
28. Occurs when the electrical supply drops
Undervoltage (brownout)
Background checks of prospective employees
IP address packet filtering
Role-based access control
29. Occurs when the incoming level
The information security officer
Identify the relevant systems and processes
Power surge/over voltage (spike)
Vulnerability assessment
30. Only valid if assets have first been identified and appropriately valued.
Annual loss expectancy (ALE)calculations
Overall organizational structure
Examples of containment defenses
Data isolation
31. Risk should be reduced to a level that an organization _____________.
Transmit e-mail messages
Impractical and is often cost-prohibitive
Undervoltage (brownout)
Is willing to accept
32. The most relevant piece of information to include in a cost-benefit analysis of a two-factor authentication system - it would establish a cost baseline and it must be considered for the full life cycle of the control. .
include security responsibilities in a job description
Encryption of the hard disks
Total cost of ownership (TCO)
A network vulnerability assessment
33. Occurs after the risk assessment process - it does not measure it.
Use of security metrics
Waterfall chart
Phishing
Public key infrastructure (PKI)
34. provides the most effective protection of data on mobile devices.
Alignment with business strategy
Encryption
Service level agreements (SLAs)
Background check
35. S small warehouse - designed for the end-user needs in a strategic business unit
Worm
Data classification
The data owner
Data mart
36. An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. It means _____________.
The authentication process is broken
Notifications and opt-out provisions
SWOT analysis
The balanced scorecard
37. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.
Background checks of prospective employees
Proficiency testing
Use of security metrics
0-day vulnerabilities
38. New security ulnerabilities should be managed through a ________________.
Patch management process
Aligned with organizational goals
Monitoring processes
Creation of a business continuity plan
39. To identify known vulnerabilities based on common misconfigurations and missing updates.
Biometric access control systems
include security responsibilities in a job description
Developing an information security baseline
A network vulnerability assessment
40. Provides strong online authentication.
Public key infrastructure (PKI)
Personal firewall
Undervoltage (brownout)
Digital certificate
41. The BEST justification to convince management to invest in an information security program is that doing so would _________________.
Get senior management onboard
Negotiating a local version of the organization standards
Increase business value and confidence
Information contained on the equipment
42. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.
Return on security investment (ROSI)
Reduce risk to an acceptable level
Background check
Data classification
43. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
Detection defenses
Personal firewall
Retention of business records
Virus detection
44. In order to highlight to management the importance of network security - the security manager should FIRST _______________.
Normalization
Equal error rate (EER)
Conduct a risk assessment
Gain unauthorized access to applications
45. The best measure for preventing the unauthorized disclosure of confidential information.
Vulnerability assessment
Acceptable use policies
Tailgating
SWOT analysis
46. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.
Cracker
Calculating the value of the information or asset
Breakeven point of risk reduction and cost
Performing a risk assessment
47. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.
Phishing
Its ability to reduce or eliminate business risks
Properly aligned with business goals and objectives
Inherent risk
48. BEST option to improve accountability for a system administrator is to _____________________.
Increase business value and confidence
Continuous analysis - monitoring and feedback
include security responsibilities in a job description
Biometric access control systems
49. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
50. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.
Patch management process
Two-factor authentication
Security awareness training for all employees
Data classification