SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISM: Certified Information Security Manager
Start Test
Study First
Subjects
:
certifications
,
cism
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Identification and _______________ of business risk enables project managers to address areas with most significance.
Prioritization
Acceptable use policies
Cross-site scripting attacks
Multinational organization
2. The weakest link in security implementation - and awareness would reduce this risk. Through security awareness and training programs - individual employees can be informed and sensitized on various security policies and other security topics - thus e
Cyber terrorist
People
Trojan horse
Is willing to accept
3. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.
Annually or whenever there is a significant change
Return on security investment (ROSI)
What happened and how the breach was resolved
All personnel
4. Someone who uses the internet or network to destroy or damage computers for political reasons
Total cost of ownership (TCO)
Increase business value and confidence
Cyber terrorist
Vulnerability assessment
5. Occurs after the risk assessment process - it does not measure it.
Encryption of the hard disks
Worm
Residual risk would be reduced by a greater amount
Use of security metrics
6. The job of the information security officer on a management team is to ___________________.
Support the business objectives of the organization
The data custodian
Safeguards over keys
Assess the risks to the business operation
7. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.
The authentication process is broken
Properly aligned with business goals and objectives
Certificate authority (CA)
Detection defenses
8. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.
Background checks of prospective employees
Classification of assets needs
Breakeven point of risk reduction and cost
Defining high-level business security requirements
9. Senior management commitment and support for information security can BEST be obtained through presentations that ____________________.
Tie security risks to key business objectives
The awareness and agreement of the data subjects
Risk appetite
The data custodian
10. Awareness - training and physical security defenses.
Normalization
Data owners
Phishing
Examples of containment defenses
11. Someone who accesses a computer or network illegally
Developing an information security baseline
What happened and how the breach was resolved
Undervoltage (brownout)
Hacker
12. Should be determined from the risk assessment results.
MAL wear
Data warehouse
Inherent risk
Audit objectives
13. Ensure that transmitted information can be attributed to the named sender.
Digital signatures
Identify the vulnerable systems and apply compensating controls
Centralization of information security management
Aligned with organizational goals
14. Program that hides within or looks like a legit program
Continuous monitoring control initiatives
Trojan horse
Virus
Assess the risks to the business operation
15. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.
Rule-based access control
Digital certificate
Certificate authority (CA)
Continuous analysis - monitoring and feedback
16. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.
Gain unauthorized access to applications
Identify the vulnerable systems and apply compensating controls
Trojan horse
Prioritization
17. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works
Virus
Safeguards over keys
Encryption
Data warehouse
18. The best measure and will involve reviewing the entire source code to detect all instances of back doors.
Single sign-on (SSO) product
Asset classification
Security code reviews for the entire software application
Normalization
19. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee
Compliance with the organization's information security requirements
Risk appetite
Tailgating
Methodology used in the assessment
20. Focuses on identifying vulnerabilities.
Fault-tolerant computer
Security code reviews for the entire software application
Penetration testing
Virus
21. Used to understand the flow of one process into another.
Defining high-level business security requirements
Hacker
Biometric access control systems
Waterfall chart
22. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.
Well-defined roles and responsibilities
Identify the relevant systems and processes
Key controls
Continuous monitoring control initiatives
23. To identify known vulnerabilities based on common misconfigurations and missing updates.
Deeper level of analysis
Developing an information security baseline
A network vulnerability assessment
Single sign-on (SSO) product
24. Allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. It allows security administrators to be more responsive.
Encryption
Its ability to reduce or eliminate business risks
Decentralization
Attributes and characteristics of the 'desired state'
25. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.
Protective switch covers
All personnel
Power surge/over voltage (spike)
What happened and how the breach was resolved
26. A notice that guarantees a user or a web site is legitimate
BIA (Business Impact Assessment
Calculating the value of the information or asset
Its ability to reduce or eliminate business risks
Digital certificate
27. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.
Safeguards over keys
Increase business value and confidence
Penetration testing
Reduce risk to an acceptable level
28. Cannot be minimized
Patch management
Asset classification
Inherent risk
Cost of control
29. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.
Fault-tolerant computer
Owner of the information asset
Service level agreements (SLAs)
Alignment with business strategy
30. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.
Cost of control
Residual risk
Script kiddie
Logon banners
31. Would protect against spoofing an internal address but would not provide strong authentication.
The information security officer
Personal firewall
Audit objectives
IP address packet filtering
32. Normally addressed through antivirus and antispyware policies.
Lack of change management
Vulnerability assessment
Malicious software and spyware
Total cost of ownership (TCO)
33. The MOST important element of an information security strategy.
Overall organizational structure
Requirements of the data owners
Defined objectives
Cross-site scripting attacks
34. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance
The information security officer
Worm
Comparison of cost of achievement
Single sign-on (SSO) product
35. The best strategy for risk management is to ___________________- as this will take into account the organization's appetite for risk and the fact that it would not be practical to eliminate all risk.
The information security officer
Reduce risk to an acceptable level
Logon banners
Support the business objectives of the organization
36. Results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economies of scale. However - turnaround can be slower due to the lack of alignment with business units.
A network vulnerability assessment
Annually or whenever there is a significant change
Safeguards over keys
Centralization of information security management
37. A Successful risk management should lead to a ________________.
Cross-site scripting attacks
Centralization of information security management
Breakeven point of risk reduction and cost
Virus detection
38. Should be a standard requirement for the service provider.
Background check
Control effectiveness
Centralized structure
Risk assessment - evaluation and impact analysis
39. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.
Cyber terrorist
Baseline standard and then develop additional standards
Classification of assets needs
Properly aligned with business goals and objectives
40. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.
Attributes and characteristics of the 'desired state'
Its ability to reduce or eliminate business risks
Overall organizational structure
Key controls
41. Provide metrics to which outsourcing firms can be held accountable.
Cost of control
Developing an information security baseline
Background check
Service level agreements (SLAs)
42. S small warehouse - designed for the end-user needs in a strategic business unit
Cyber extortionist
Transmit e-mail messages
Data mart
Continuous monitoring control initiatives
43. Utility program that detects and protects a personal computer from unauthorized intrusions
Personal firewall
Security risk
All personnel
Lack of change management
44. The MOST useful way to describe the objectives in the information security strategy is through ______________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
45. Uses security metrics to measure the performance of the information security program.
Information security manager
Security awareness training for all employees
Cryptographic secure sockets layer (SSL) implementations and short key lengths
Trusted source
46. All within the responsibility of the information security manager.
What happened and how the breach was resolved
Safeguards over keys
Platform security - intrusion detection and antivirus controls
Intrusion detection system (IDS)
47. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.
Get senior management onboard
Do with the information it collects
Overall organizational structure
Control effectiveness
48. The best measure for preventing the unauthorized disclosure of confidential information.
Annually or whenever there is a significant change
Personal firewall
Digital certificate
Acceptable use policies
49. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.
Creation of a business continuity plan
Control effectiveness
Alignment with business strategy
Hacker
50. The PRIMARY goal in developing an information security strategy is to: _________________________.
Do with the information it collects
Support the business objectives of the organization
Methodology used in the assessment
Two-factor authentication
