Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A Successful risk management should lead to a ________________.






2. Only valid if assets have first been identified and appropriately valued.






3. Primarily reduce risk and are most effective for the protection of information assets.






4. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.






5. The best measure for preventing the unauthorized disclosure of confidential information.






6. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.






7. The MOST useful way to describe the objectives in the information security strategy is through ______________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


8. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.






9. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.






10. The job of the information security officer on a management team is to ___________________.






11. The BEST justification to convince management to invest in an information security program is that doing so would _________________.






12. The data owner is responsible for _______________________.






13. Used to understand the flow of one process into another.






14. Would reduce the possibility of an individual accidentally pressing the power button on a device - thereby turning off the device.






15. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.






16. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.






17. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but






18. Responsible for assigning user entitlements and approving access to the systems for which they are responsible.






19. An effective tool but primarily focuses on malicious code from external sources - and only for those applications that are online.






20. Has full responsibility over data.






21. Occurs when the incoming level






22. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.






23. Oversees the overall classification management of the information.






24. Should PRIMARILY be based on regulatory and legal requirements.






25. Provides an additional security mechanism over and above that provided by passwords alone. This is frequently used by mobile users needing to establish connectivity to a corporate network.






26. Culture has a significant impact on how information security will be implemented in a ______________________.






27. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.






28. Change management controls the _____________________. This is often the point at which a weakness will be introduced.






29. Occurs when the electrical supply drops






30. Provides process needs but not impact.






31. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.






32. Accesses a computer or network illegally






33. The risk that has been assumed by a third party and may not necessarily be equal to the minimal form of residual risk.






34. From a security standpoint - _______________________ is one of the most important topics that should be included in the contract with third-party service provider.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


35. To determine sensitivity of assets in terms of risk to the business operation so that proportional countermeasures can be effectively implemented.






36. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works






37. Effective and efficient in large user communities because it controls system access by the roles defined for groups of users. Users are assigned to the various roles and the system controls the access based on those roles.






38. Carries out the technical administration.






39. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.






40. Programs that act without a user's knowledge and deliberately alter a computer's operations






41. Uses security metrics to measure the performance of the information security program.






42. A method for analyzing and reducing a relational database to its most streamlined form






43. The information security manager needs to prioritize the controls based on ________________________.






44. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.






45. When considering the value of assets ______________________ would give the information security manager the MOST objective basis for measurement of value delivery in information security governance






46. Cannot be minimized






47. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.






48. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.






49. Most effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices.






50. The _____________________is a severe omission and will greatly increase information security risk. Presents the GREATEST information security risk for an organization with multiple - but small - domestic processing locations







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests