CISM UPDATED EXAMS TEST PAPER
QUESTIONS AND ANSWERS SURE A+
✔✔At which stage of a project should risk management be performed? - ✔✔At each
stage starting at project initiation
✔✔When working with an outside party that may include access to sensitive
information, each party should require a: - ✔✔Non-disclosure agreement (NDA)
✔✔Symmetric key algorithms are best used for: - ✔✔Encryption of large amounts of
data
✔✔An benefit provided by a symmetric algorithm is: - ✔✔confidentiality
✔✔Asymmetric algorithms are often used in: - ✔✔Digital signatures
✔✔The primary benefit of a hash function is: - ✔✔Proving integrity of a message
✔✔Which key would open a message encrypted with John's public key? - ✔✔John
corresponding private key
✔✔Symmetric encryption is a: - ✔✔two-way encryption process
, ✔✔A primary reason for the development of public key cryptography was to: -
✔✔Address the ley distribution problems of asymmetric encryption
✔✔What is the length of a digest created by a hash function? - ✔✔A hash function
creates a fixed length hash regardless of input message length
✔✔A hash is often used for: - ✔✔Password based authentication
✔✔The entity requesting access in an access control system is often known as: -
✔✔The subject
✔✔Access control is a means to: - ✔✔Permit authorized persons appropriate levels of
access
✔✔A surveillance camera is an access control based on: - ✔✔Physical controls
✔✔Anti-virus systems should be deployed on: - ✔✔Gateways and individual desktops
✔✔The use of a policy compliant system may enable an organization to: - ✔✔Enforce
policies at a desktop level
✔✔An information classification policy is what form of control? - ✔✔Administrative
controls
✔✔Which of the following is a one-way function? - ✔✔Hashing
✔✔True/False: A Disaster Recovery Plan is a part of an Information Security
Framework - ✔✔True
✔✔An important element of an information security program is: - ✔✔The development
of metrics to measure program performance
✔✔Identity management applies to: - ✔✔Giving both internal and external users unique
identification
✔✔The practice of only granting a user the lowest level required is: - ✔✔Least privilege
✔✔A deterrent control can be used to: - ✔✔Discourage inappropriate behavior
✔✔An example of a preventative control is: - ✔✔A fence
QUESTIONS AND ANSWERS SURE A+
✔✔At which stage of a project should risk management be performed? - ✔✔At each
stage starting at project initiation
✔✔When working with an outside party that may include access to sensitive
information, each party should require a: - ✔✔Non-disclosure agreement (NDA)
✔✔Symmetric key algorithms are best used for: - ✔✔Encryption of large amounts of
data
✔✔An benefit provided by a symmetric algorithm is: - ✔✔confidentiality
✔✔Asymmetric algorithms are often used in: - ✔✔Digital signatures
✔✔The primary benefit of a hash function is: - ✔✔Proving integrity of a message
✔✔Which key would open a message encrypted with John's public key? - ✔✔John
corresponding private key
✔✔Symmetric encryption is a: - ✔✔two-way encryption process
, ✔✔A primary reason for the development of public key cryptography was to: -
✔✔Address the ley distribution problems of asymmetric encryption
✔✔What is the length of a digest created by a hash function? - ✔✔A hash function
creates a fixed length hash regardless of input message length
✔✔A hash is often used for: - ✔✔Password based authentication
✔✔The entity requesting access in an access control system is often known as: -
✔✔The subject
✔✔Access control is a means to: - ✔✔Permit authorized persons appropriate levels of
access
✔✔A surveillance camera is an access control based on: - ✔✔Physical controls
✔✔Anti-virus systems should be deployed on: - ✔✔Gateways and individual desktops
✔✔The use of a policy compliant system may enable an organization to: - ✔✔Enforce
policies at a desktop level
✔✔An information classification policy is what form of control? - ✔✔Administrative
controls
✔✔Which of the following is a one-way function? - ✔✔Hashing
✔✔True/False: A Disaster Recovery Plan is a part of an Information Security
Framework - ✔✔True
✔✔An important element of an information security program is: - ✔✔The development
of metrics to measure program performance
✔✔Identity management applies to: - ✔✔Giving both internal and external users unique
identification
✔✔The practice of only granting a user the lowest level required is: - ✔✔Least privilege
✔✔A deterrent control can be used to: - ✔✔Discourage inappropriate behavior
✔✔An example of a preventative control is: - ✔✔A fence
